# CentOS 6.5 # Kickstart Automation 1.3.1 # Kickstart Configuration #10,113 install url --url http://mirrors.securedservers.com/centos/6.5/os/x86_64 lang en_US.UTF-8 keyboard us skipx text network --device eth0 --bootproto dhcp rootpw nn7t!ew7ynhl% firewall --disabled selinux --disabled authconfig --enableshadow --enablemd5 timezone --utc America/Phoenix bootloader --location=mbr --append="pcie_aspm=off" #added append to fix http://bugs.centos.org/view.php?id=6810 #bootloader --location=mbr firstboot --disable reboot services --disabled=cpuspeed,gpm,iptables,ip6tables,kudzu,mdmonitor,nfslock,portmap,rpcidmapd,rpcsvcgssd,xinetd,smartd,rpcgssd,xfs,pcscd --enabled=ntpd,snmpd # Write Partitioning zerombr yes clearpart --all --initlabel --drives=sda part pv.0 --size=1 --grow --ondisk=sda --asprimary volgroup sys-Mnac pv.0 logvol / --vgname=sys-Mnac --name=root --size=1 --grow part /boot --fstype ext4 --size=200 --ondisk=sda logvol /tmp --vgname=sys-Mnac --name=tmp --size=4192 part swap --size=8192 --ondisk=sda --asprimary %packages # installs base packages plus some extras bind-utils curl elinks grub iptraf kernel lftp ltrace lynx mc mutt nano nc nfs-utils nmap ntp openssh openssh-clients openssh-server screen sudo sysstat tcpdump telnet-server vim-enhanced yum yum-fastestmirror net-snmp # Development packages autoconf automake automake14 automake15 automake16 cpp dialog expat-devel flex gcc gcc-c++ gdbm gdbm-devel libcurl-devel libpng libstdc++-devel libxml2-devel ncurses-devel openssl-devel perl-DBI pkgconfig rpm-build # some handy network services httpd httpd-devel httpd-manual mod_ssl mysql mysql-devel mysql-server php php-cli php-common php-devel php-gd php-imap php-mysql # crap to ignore -bluez-utils -libnotify -redhat-lsb -cups -cairo -pango -paps -gtk2 -ORBit2 -libwnck -pinfo -htmlview -redhat-menus -NetworkManager -dhcdbd -dhcpv6_client -eject -startup-notification -libXft -mesa-libGL -libX11 -libXi -libXrandr -libXres -libXinerama -libXxf86vm -libXext -libXrender -libXfixes -libXcursor -libXt -libXau -libXdmcp -logwatch -mailx -rdate -system-config-network-tui -firstboot-tui -rhpl -coolkey -wireless-tools -xorg-x11-filesystem -setuptool %pre wget -q -O /dev/null 'http://192.168.200.2/automation/updateKickstartInstallationStatus.php?kickstartInstallationId=10895&securityKey=iyfaahobonnexnyxwfcltumppfpczrdp&percentComplete=10&message=Installing%20Operating%20System' %post # Output what's happening to another terminal for debugging purposes exec < /dev/tty6 > /dev/tty6 echo "Beginning Post Script" wget -q -O /dev/null 'http://192.168.200.2/automation/updateKickstartInstallationStatus.php?kickstartInstallationId=10895&securityKey=iyfaahobonnexnyxwfcltumppfpczrdp&percentComplete=20&message=Configuring%20Software' # Configure Backend IP on eth0 sed -i 's/BOOTPROTO="dhcp"/BOOTPROTO="static"/g' /etc/sysconfig/network-scripts/ifcfg-eth0 echo "IPADDR=\"172.25.59.5\"" >> /etc/sysconfig/network-scripts/ifcfg-eth0 echo "NETMASK=\"255.255.255.128\"" >> /etc/sysconfig/network-scripts/ifcfg-eth0 # Configure Frontend IP on eth1 # Limit speed to 10 or 100, but on 1000 is not written sed -i 's/BOOTPROTO="dhcp"/BOOTPROTO="static"/g' /etc/sysconfig/network-scripts/ifcfg-eth1 sed -i 's/BOOTPROTO=dhcp/BOOTPROTO=static/g' /etc/sysconfig/network-scripts/ifcfg-eth1 sed -i 's/ONBOOT=\"no\"/ONBOOT=\"yes\"/' /etc/sysconfig/network-scripts/ifcfg-eth1 sed -i 's/ONBOOT=no/ONBOOT=yes/' /etc/sysconfig/network-scripts/ifcfg-eth1 echo "IPADDR=\"66.85.167.50\"" >> /etc/sysconfig/network-scripts/ifcfg-eth1 echo "NETMASK=\"255.255.255.248\"" >> /etc/sysconfig/network-scripts/ifcfg-eth1 echo "GATEWAY=\"66.85.167.49\"" >> /etc/sysconfig/network-scripts/ifcfg-eth1 echo 'ETHTOOL_OPTS="speed 100 duplex full autoneg off"' >> /etc/sysconfig/network-scripts/ifcfg-eth1 echo DEVICE=\"eth1:1\" > /etc/sysconfig/network-scripts/ifcfg-eth1:1 echo BOOTPROTO=\"static\" >> /etc/sysconfig/network-scripts/ifcfg-eth1:1 echo IPADDR=\"66.85.167.51\" >> /etc/sysconfig/network-scripts/ifcfg-eth1:1 echo NETMASK=\"255.255.255.248\" >> /etc/sysconfig/network-scripts/ifcfg-eth1:1 echo ONBOOT=\"yes\" >> /etc/sysconfig/network-scripts/ifcfg-eth1:1 echo DEVICE=\"eth1:2\" > /etc/sysconfig/network-scripts/ifcfg-eth1:2 echo BOOTPROTO=\"static\" >> /etc/sysconfig/network-scripts/ifcfg-eth1:2 echo IPADDR=\"66.85.167.52\" >> /etc/sysconfig/network-scripts/ifcfg-eth1:2 echo NETMASK=\"255.255.255.248\" >> /etc/sysconfig/network-scripts/ifcfg-eth1:2 echo ONBOOT=\"yes\" >> /etc/sysconfig/network-scripts/ifcfg-eth1:2 echo DEVICE=\"eth1:3\" > /etc/sysconfig/network-scripts/ifcfg-eth1:3 echo BOOTPROTO=\"static\" >> /etc/sysconfig/network-scripts/ifcfg-eth1:3 echo IPADDR=\"66.85.167.53\" >> /etc/sysconfig/network-scripts/ifcfg-eth1:3 echo NETMASK=\"255.255.255.248\" >> /etc/sysconfig/network-scripts/ifcfg-eth1:3 echo ONBOOT=\"yes\" >> /etc/sysconfig/network-scripts/ifcfg-eth1:3 echo DEVICE=\"eth1:4\" > /etc/sysconfig/network-scripts/ifcfg-eth1:4 echo BOOTPROTO=\"static\" >> /etc/sysconfig/network-scripts/ifcfg-eth1:4 echo IPADDR=\"66.85.167.54\" >> /etc/sysconfig/network-scripts/ifcfg-eth1:4 echo NETMASK=\"255.255.255.248\" >> /etc/sysconfig/network-scripts/ifcfg-eth1:4 echo ONBOOT=\"yes\" >> /etc/sysconfig/network-scripts/ifcfg-eth1:4 # Set the Nameservers for installing software from the internet... Do we need this? # echo "nameserver 64.38.192.12" >> /etc/resolv.conf # echo "nameserver 64.38.192.13" >> /etc/resolv.conf ## modify fstab default security cp /etc/fstab /etc/fstab.orig sed -i '\/tmp/s/defaults/noexec,nosuid/g' /etc/fstab #change hostname sed -i '/^HOSTNAME=localhost/ d' /etc/sysconfig/network echo "HOSTNAME=server2.securedservers.com" >> /etc/sysconfig/network #tweak bash config echo "HISTTIMEFORMAT=\"%m/%d %H:%M \"" >> /etc/profile echo -e "HISTFILESIZE=1000000\nHISTSIZE=1000000\nexport HISTTIMEFORMAT" >> /etc/profile echo "set completion-ignore-case on" >> ~/.inputrc #fixup logrotate mv /etc/cron.daily/logrotate /root/old-logrotate-cron-script cd /etc/cron.daily wget http://192.168.200.2/post/logrotate.repl -O logrotate chmod +x logrotate mkdir -p /etc/logrotate/tmp chmod -R 755 /etc/logrotate # Install snmpd config & fix logging mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.stock wget http://192.168.200.2/post/snmpd.conf -O /etc/snmp/snmpd.conf sed -ir 's/-Lsd/-LS 0-4 d/g' /etc/init.d/snmpd wget -q -O /dev/null 'http://192.168.200.2/automation/updateKickstartInstallationStatus.php?kickstartInstallationId=10895&securityKey=iyfaahobonnexnyxwfcltumppfpczrdp&percentComplete=30&message=Installing%20Updates' #modify default yum database # wget http://192.168.200.2/post/centos5-yum.repo -O /etc/yum.repos.d/CentOS-Base.repo #update yum and install stress util rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 yum -y install yum-priorities # Commenting this out, otherwise we install broken Centos 6.5 # yum -y update # Use the correct version for the processor architecture rpm -Uhv http://192.168.200.2/post/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm echo "priority=10" >> /etc/yum.repos.d/rpmforge.repo yum -y install stress lshw rsync htop --disablerepo=\* --enablerepo=rpmforge wget -q -O /dev/null 'http://192.168.200.2/automation/updateKickstartInstallationStatus.php?kickstartInstallationId=10895&securityKey=iyfaahobonnexnyxwfcltumppfpczrdp&percentComplete=40&message=Creating%20Users' # Setup the user here sed -i -r -e 's/^#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config useradd -G wheel -p `openssl passwd -1 y6f1\!wik43zlgh` ss7850 # Switch to the first kernel, which will have no useful effect in x86_64, but will switch to PAE in i386 sed -i -r -e 's/^default=[0-9]$/default=0/' /boot/grub/menu.lst # CentOS 6.5 FIX: Solves the problem of powering down ports sed -i 's/rhgb quiet/rhgb quiet pcie_aspm=off/g' /boot/grub/grub.conf #Sendmail hopeful fix echo "66.85.167.50 server2.securedservers.com server2" >> /etc/hosts wget -q -O /dev/null 'http://192.168.200.2/automation/completeKickstartInstallationStep.php?kickstartInstallationId=10895&securityKey=iyfaahobonnexnyxwfcltumppfpczrdp&identifier=centos6_5&percentComplete=50&message=Installing%20Software' # Update the resolv.conf to increase the speed of the installation echo "nameserver 174.138.175.115" > /etc/resolv.conf echo "nameserver 174.138.175.116" >> /etc/resolv.conf echo "nameserver 192.168.200.2" >> /etc/resolv.conf # Software Installation # Cleanup wget -q -O /dev/null 'http://192.168.200.2/automation/updateKickstartInstallationStatus.php?kickstartInstallationId=10895&securityKey=iyfaahobonnexnyxwfcltumppfpczrdp&percentComplete=99&message=Completing%20Installation' # Complete installation before we remove nameservers wget --timeout=30 -O /dev/null 'http://192.168.200.2/automation/completeKickstartInstallation.php?kickstartInstallationId=10895&securityKey=iyfaahobonnexnyxwfcltumppfpczrdp' #This removes 192.168.200.2 from the resolv.conf, but it also prevents the "complete installation" post #echo "domain cwie.net" > /etc/resolv.conf #echo "search cwie.net" >> /etc/resolv.conf #echo "nameserver 64.38.192.12" >> /etc/resolv.conf #echo "nameserver 64.38.192.13" >> /etc/resolv.conf # secured servers #add default nameserver #line removed below to fix bug #echo "options rotate" > /etc/resolv.conf echo "options rotate" > /etc/resolv.conf echo "nameserver 174.138.175.115" >> /etc/resolv.conf echo "nameserver 174.138.175.116" >> /etc/resolv.conf # Remove the anaconda install copy rm /root/anaconda-ks.cfg echo "Installation Complete."