# install from http install url --url http://mirror.msulocal/mirror/scientific/6.3/x86_64/os # remove everything from install disk # note that by limiting this (--initlabel) to just the install drive, # unlabeled disks will no be labeled. anaconda will make a popup # asking to approve labels (gpt, atleast for large parts) clearpart --initlabel --all --drives=/dev/disk/by-path/pci-0000:02:08.0-sas-0x1221000000000000-lun-0 # partitions partition /boot --fstype=ext4 --size=200 --ondisk=/dev/disk/by-path/pci-0000:02:08.0-sas-0x1221000000000000-lun-0 partition pv.01 --grow --size=1 --ondisk=/dev/disk/by-path/pci-0000:02:08.0-sas-0x1221000000000000-lun-0 # volume group volgroup vg_sys pv.01 --pesize=4096 # logical volumes logvol / --fstype=ext4 --name=lv_root --vgname=vg_sys --size=15360 logvol /tmp --fstype=ext4 --name=lv_tmp --vgname=vg_sys --size=10240 logvol /var --fstype=ext4 --name=lv_var --vgname=vg_sys --size=10240 logvol /var/cache/openafs --fstype=ext4 --name=lv_afscache --vgname=vg_sys --size=4096 logvol swap --name=lv_swap --vgname=vg_sys --size=4096 network --device eth0 --onboot yes --bootproto static --noipv6 --ip 10.10.128.93 --netmask 255.255.240.0 --gateway 10.10.128.1 --nameserver 10.10.128.8,10.10.128.9 --hostname msut3-xrootd-p1.aglt2.org network --device p2p1 --onboot yes --bootproto static --noipv6 --ip 192.41.236.93 --netmask 255.255.254.0 --gateway 192.41.236.1 --hostname msut3-xrootd-p1.aglt2.org lang en_US.UTF-8 keyboard us # SHA512 rootpw --iscrypted $6$GoGreen!!$8tySC5W8uSuDsOi3AMNDqz6al9gOFuYJd13Uw3jUgYHKhYYy/KWTsrVkLQukfy.3kaCp5Rvdosj9gDiYsgccl/ #firewall --service=ssh firewall --trust=eth0 authconfig --enableshadow --passalgo=sha512 timezone --utc America/Detroit bootloader --location=mbr --append="crashkernel=auto" selinux --disabled skipx text # local repo for use during packages section #repo --name="AGLT2 Repo 6/x86_64" --baseurl=http://mirror.msulocal/mirror/aglt2/6/x86_64 # services to disable or enable. make sure to have no spaces in lists services --disable NetworkManager,auditd,cups,smartd,avahi-daemon --enable ntpd # nonpriv user setup just for install time, root account is also available... # also need to boot with option "sshd=1" #sshpw --username=installer INST5577 --plaintext # reboot when done reboot %packages @base @client-mgmt-tools @console-internet @core @directory-client @hardware-monitoring @large-systems @misc-sl @performance @perl-runtime xorg-x11-xauth openafs-client openafs-compat openafs-krb5 openafs-authlibs -NetworkManager %pre #!/bin/sh mkdir /tmp/anaconda-pre ls -l /dev/disk/by-path > /tmp/anaconda-pre/disks-by-path-pre.out %end %pre # tests to verify that correct disk is used for install # if tests fail, want to stop installer # ! this is pretty flakey. Maybe should skip if the install disk is uniquely # ! specified by path # Max allowed disk size in GB MAXSIZE=999 # a place to put a log LOGDIR="/tmp/anaconda-pre" LOGFILE="$LOGDIR/pre-check-install-disk-maxsize.out" mkdir $LOGDIR # get the size. ask parted for size in GB, grep for 1 or more digits in result # parted print fails if disk has no label, so OK for reinstalls, but a # problem for fresh systems or new vdisks #SIZE=`parted /dev/disk/by-path/pci-0000:02:08.0-sas-0x1221000000000000-lun-0 unit gb print | awk '/^Disk.*GB/ {print $3}' | sed 's/GB//' | grep '^[0-9][0-9]*$'` # fdisk works? SIZE=`fdisk -l /dev/disk/by-path/pci-0000:02:08.0-sas-0x1221000000000000-lun-0 | head -2 | awk '/Disk/ {print int($3)}' | grep '^[0-9][0-9]*$'` SIZEEXIT=$? if [ "$SIZEEXIT" -ne "0" ]; then echo "failed to get disk size" >> $LOGFILE # send output to console chvt 3 exec < /dev/tty3 > /dev/tty3 echo "failed to get disk size, pausing installer, please correct and retry." # want to stop install, this "cat" should just wait forever... cat fi if [ "$SIZE" -gt "$MAXSIZE" ]; then echo "disk size $SIZE greater than $MAXSIZE stop installer" >> $LOGFILE # send output to console chvt 3 exec < /dev/tty3 > /dev/tty3 echo "disk size $SIZE GB greater than $MAXSIZE, pausing installer, please correct and retry." # want to stop install, this "cat" should just wait forever... cat # this should kill the installer (tested interactively), leaves at # "enter Ctrl-C or Ctrl-Alt-Delete prompt" # killall anaconda fi echo "disk size $SIZE is OK" >> $LOGFILE %end %post --nochroot cp -r /tmp/anaconda-pre /mnt/sysimage/root %end %post ( # post-sshd-config-ten-ten.tmpl # minimal sshd config allowing ssh_keys access on 10.10. network # expect sshd to be reconfigured by CFEngine # SSHD Config, defaults have been stripped out cp /etc/ssh/sshd_config /etc/ssh/sshd_config.install.orig cat > /etc/ssh/sshd_config << 'ENDSSHCONFIG' SyslogFacility AUTHPRIV PasswordAuthentication no ChallengeResponseAuthentication no GSSAPIAuthentication yes GSSAPICleanupCredentials yes UsePAM yes X11Forwarding yes PermitRootLogin without-password Subsystem sftp /usr/libexec/openssh/sftp-server ListenAddress 10.10.128.93 ENDSSHCONFIG ) 2>&1 | tee /root/post-sshd-config-ten-ten.log %end %post echo "post-ssh-key-rockwell running `date`" # need to have authorized_keys file # note that this leaves file broken for selinux mkdir /root/.ssh chmod 700 /root/.ssh touch /root/.ssh/authorized_keys chmod 600 /root/.ssh/authorized_keys cat >> /root/.ssh/authorized_keys << ENDSSHKEY ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApn2AFiC3Oi30VaeZ7o8h\ I6fV7oWpUp9Hq8sWABHRftohXufJ+KdjlH1Xv+iwfXlk8iiM8SRtuJol\ RtaOyMEuwMZKz8+AzS0VXceBUd/EAcUCAKHsLO4VRwJpUfMNan6jj1OD\ V4hx5zL9ZecR/C2VpOoYSusFQ1emBdvOO4lE2TAM1gicrjMgHWfo5fu6\ PsFb/ShXu4N52mzTO0LYa0pDUePsZfucEo2M0rDywtAOxENQ/bZ9E7Tc\ jp2Hzuh5rE145TeN/J2wh3Bw09d+FernumAtwayD3VRoLZudlU9Z/+h+\ 6dgZ6Y9XHumjvUIvU8JTFDay5eqtPM5ueIUI7xO/hw== Tom Rockwell ENDSSHKEY %end %post # kill grub splashimage and hidden menu grub options sed -i '/^hiddenmenu/d' /boot/grub/grub.conf sed -i '/^splashimage/d' /boot/grub/grub.conf # kill the graphical and quiet kernel options sed -i 's/ rhgb//' /boot/grub/grub.conf sed -i 's/ quiet//' /boot/grub/grub.conf # add time boot parameter for timestamp in dmesg # match "kernel /vmlinuz" and append to the line sed -i 's/\(.*kernel .vmlinuz.*\)/\1 printk.time=1/' /boot/grub/grub.conf %end %post # Overwrite sl.repo so local repo mirror is used rm /etc/yum.repos.d/sl-other.repo # fill file using here-doc with parameter sub turned off cat > /etc/yum.repos.d/sl.repo << 'ENDSLREPO' # Written by kickstart. Use local mirrors. [sl] name=Scientific Linux $releasever - $basearch baseurl=http://mirror.msulocal/mirror/scientific/$releasever/$basearch/os enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl6 file:///etc/pki/rpm-gpg/RPM-GPG-KEY-cern [sl-security] name=Scientific Linux $releasever - $basearch - security updates baseurl=http://mirror.msulocal/mirror/scientific/$releasever/$basearch/updates/security enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl6 file:///etc/pki/rpm-gpg/RPM-GPG-KEY-cern ENDSLREPO chmod 644 /etc/yum.repos.d/sl.repo # add the AGLT2 repo cat > /etc/yum.repos.d/aglt2.repo << 'ENDAGLT2REPO' [aglt2] name=AGLT2 $releasever - $basearch baseurl=http://mirror.msulocal/mirror/aglt2/$releasever/$basearch enabled=1 gpgcheck=0 [aglt2-testing] name=AGLT2 Testing $releasever - $basearch baseurl=http://mirror.msulocal/mirror/aglt2/testing/$releasever/$basearch enabled=0 gpgcheck=0 ENDAGLT2REPO chmod 644 /etc/yum.repos.d/aglt2.repo %end %post echo 'atlas.umich.edu' > /usr/vice/etc/ThisCell sed -i s/^CACHESIZE=.*/CACHESIZE=1900000/ /etc/sysconfig/afs chkconfig afs on %pre %post # add static routes using /etc/sysconfig/network-scripts/devname.route files echo "ADDRESS0=10.10.0.0" >> /etc/sysconfig/network-scripts/eth0.route echo "NETMASK0=255.255.240.0" >> /etc/sysconfig/network-scripts/eth0.route echo "GATEWAY0=10.10.128.1" >> /etc/sysconfig/network-scripts/eth0.route %end %post # create the repo file pointing to local mirror of OMSA cat > /etc/yum.repos.d/dell-omsa.repo <&1 | tee /root/anaconda_post-ssh-keys.log %end %post # for debugging #sleep 3456 sleep 7 %end