forked from rocky-linux/kickstarts
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request 'Add VMware Vagrant kickstart for 9' (rocky-linux#4)…
… from lumarel/kickstarts:feature/vagrant-vmware-ks-rl9 into r9 Reviewed-on: https://git.resf.org/sig_core/kickstarts/pulls/4
- Loading branch information
Showing
1 changed file
with
142 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,142 @@ | ||
text | ||
keyboard --vckeymap us | ||
lang en_US | ||
skipx | ||
network --bootproto=dhcp --device=link --activate --onboot=on | ||
rootpw --plaintext vagrant | ||
firewall --disabled | ||
timezone --utc UTC | ||
services --enabled=vmtoolsd | ||
# The biosdevname and ifnames options ensure we get "eth0" as our interface | ||
# even in environments like virtualbox that emulate a real NW card | ||
bootloader --timeout=1 --append="no_timer_check console=tty0 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 elevator=noop" | ||
zerombr | ||
clearpart --all --initlabel | ||
reqpart | ||
part / --fstype=xfs --asprimary --size=1024 --grow | ||
|
||
user --name=vagrant --plaintext --password=vagrant | ||
|
||
shutdown | ||
|
||
%packages --inst-langs=en | ||
bash-completion | ||
man-pages | ||
bzip2 | ||
rsync | ||
nfs-utils | ||
cifs-utils | ||
chrony | ||
yum-utils | ||
open-vm-tools | ||
# Vagrant boxes aren't normally visible, no need for Plymouth | ||
-plymouth | ||
# Microcode updates cannot work in a VM | ||
-microcode_ctl | ||
# Firmware packages are not needed in a VM | ||
-iwl100-firmware | ||
-iwl1000-firmware | ||
-iwl105-firmware | ||
-iwl135-firmware | ||
-iwl2000-firmware | ||
-iwl2030-firmware | ||
-iwl3160-firmware | ||
-iwl3945-firmware | ||
-iwl4965-firmware | ||
-iwl5000-firmware | ||
-iwl5150-firmware | ||
-iwl6000-firmware | ||
-iwl6000g2a-firmware | ||
-iwl6050-firmware | ||
-iwl7260-firmware | ||
# Don't build rescue initramfs | ||
-dracut-config-rescue | ||
%end | ||
|
||
# kdump needs to reserve 160MB + 2bits/4kB RAM, and automatic allocation only | ||
# works on systems with at least 2GB RAM (which excludes most Vagrant boxes) | ||
# CBS doesn't support %addon yet https://bugs.centos.org/view.php?id=12169 | ||
%addon com_redhat_kdump --disable | ||
%end | ||
|
||
%post | ||
# configure swap to a file | ||
fallocate -l 2G /swapfile | ||
chmod 600 /swapfile | ||
mkswap /swapfile | ||
echo "/swapfile none swap defaults 0 0" >> /etc/fstab | ||
# sudo | ||
echo "%vagrant ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/vagrant | ||
chmod 0440 /etc/sudoers.d/vagrant | ||
# sshd: disable password authentication and DNS checks | ||
ex -s /etc/ssh/sshd_config <<EOF | ||
:%substitute/^\(PasswordAuthentication\) yes$/\1 no/ | ||
:%substitute/^#\(UseDNS\) yes$/&\r\1 no/ | ||
:update | ||
:quit | ||
EOF | ||
cat >>/etc/sysconfig/sshd <<EOF | ||
# Decrease connection time by preventing reverse DNS lookups | ||
# (see https://lists.centos.org/pipermail/centos-devel/2016-July/014981.html | ||
# and man sshd for more information) | ||
OPTIONS="-u0" | ||
EOF | ||
# Default insecure vagrant key | ||
mkdir -m 0700 -p /home/vagrant/.ssh | ||
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" >> /home/vagrant/.ssh/authorized_keys | ||
chmod 600 /home/vagrant/.ssh/authorized_keys | ||
chown -R vagrant:vagrant /home/vagrant/.ssh | ||
# Fix for issue #76, regular users can gain admin privileges via su | ||
ex -s /etc/pam.d/su <<'EOF' | ||
# allow vagrant to use su, but prevent others from becoming root or vagrant | ||
/^account\s\+sufficient\s\+pam_succeed_if.so uid = 0 use_uid quiet$/ | ||
:append | ||
account [success=1 default=ignore] \\ | ||
pam_succeed_if.so user = vagrant use_uid quiet | ||
account required pam_succeed_if.so user notin root:vagrant | ||
. | ||
:update | ||
:quit | ||
EOF | ||
# systemd should generate a new machine id during the first boot, to | ||
# avoid having multiple Vagrant instances with the same id in the local | ||
# network. /etc/machine-id should be empty, but it must exist to prevent | ||
# boot errors (e.g. systemd-journald failing to start). | ||
:>/etc/machine-id | ||
echo 'vag' > /etc/yum/vars/infra | ||
# Blacklist the floppy module to avoid probing timeouts | ||
echo blacklist floppy > /etc/modprobe.d/nofloppy.conf | ||
chcon -u system_u -r object_r -t modules_conf_t /etc/modprobe.d/nofloppy.conf | ||
# Customize the initramfs | ||
pushd /etc/dracut.conf.d | ||
# Enable VMware PVSCSI support for VMware Fusion guests. | ||
echo 'add_drivers+=" vmw_pvscsi "' > vmware-fusion-drivers.conf | ||
echo 'add_drivers+=" hv_netvsc hv_storvsc hv_utils hv_vmbus hid-hyperv "' > hyperv-drivers.conf | ||
# There's no floppy controller, but probing for it generates timeouts | ||
echo 'omit_drivers+=" floppy "' > nofloppy.conf | ||
popd | ||
# Fix the SELinux context of the new files | ||
restorecon -f - <<EOF | ||
/etc/sudoers.d/vagrant | ||
/etc/dracut.conf.d/vmware-fusion-drivers.conf | ||
/etc/dracut.conf.d/nofloppy.conf | ||
EOF | ||
# Rerun dracut for the installed kernel (not the running kernel): | ||
KERNEL_VERSION=$(rpm -q kernel --qf '%{version}-%{release}.%{arch}\n') | ||
dracut -f /boot/initramfs-${KERNEL_VERSION}.img ${KERNEL_VERSION} | ||
# Seal for deployment | ||
rm -rf /etc/ssh/ssh_host_* | ||
hostnamectl set-hostname localhost.localdomain | ||
rm -rf /etc/udev/rules.d/70-* | ||
%end |