Revision 7b966530
Added by Dominic Cleal about 8 years ago
app/views/unattended/kickstart/provision_rhel.erb | ||
---|---|---|
kind: provision
|
||
name: Kickstart RHEL default
|
||
oses:
|
||
- RedHat 4
|
||
- RedHat 5
|
||
- RedHat 6
|
||
- RedHat 7
|
||
- RedHat
|
||
%>
|
||
<%#
|
||
This template accepts the following parameters:
|
||
... | ... | |
- http-proxy-port: string (default="")
|
||
- force-puppet: boolean (default=false)
|
||
- enable-puppetlabs-repo: boolean (default=false)
|
||
- enable-puppetlabs-pc1-repo: boolean (default=false)
|
||
- salt_master: string (default=undef)
|
||
- ntp-server: string (default="0.fedora.pool.ntp.org")
|
||
- bootloader-append: string (default="nofb quiet splash=quiet")
|
||
- disable-firewall: boolean (default=false)
|
||
%>
|
||
<%
|
||
os_major = @host.operatingsystem.major.to_i
|
||
realm_compatible = os_major >= 7 ? true : false
|
||
# safemode renderer does not support unary negation
|
||
pm_set = @host.puppetmaster.empty? ? false : true
|
||
proxy_uri = @host.params['http-proxy'] ? "http://#{@host.params['http-proxy']}:#{@host.params['http-proxy-port']}" : nil
|
||
proxy_string = proxy_uri ? " --proxy=#{proxy_uri}" : ''
|
||
puppet_enabled = pm_set || @host.param_true?('force-puppet')
|
||
salt_enabled = @host.params['salt_master'] ? true : false
|
||
chef_enabled = @host.respond_to?(:chef_proxy) && @host.chef_proxy
|
||
section_end = os_major <= 5 ? '' : '%end'
|
||
%>
|
||
install
|
||
... | ... | |
|
||
<% subnet = @host.subnet -%>
|
||
<% if subnet.respond_to?(:dhcp_boot_mode?) -%>
|
||
<% dhcp = subnet.dhcp_boot_mode? && !@static -%>
|
||
<% dhcp = subnet.dhcp_boot_mode? && !@static -%>
|
||
<% else -%>
|
||
<% dhcp = !@static -%>
|
||
<% dhcp = !@static -%>
|
||
<% end -%>
|
||
network --bootproto <%= dhcp ? 'dhcp' : "static --ip=#{@host.ip} --netmask=#{subnet.mask} --gateway=#{subnet.gateway} --nameserver=#{[subnet.dns_primary, subnet.dns_secondary].select(&:present?).join(',')}" %> --hostname <%= @host %><%= os_major >= 6 ? " --device=#{@host.mac}" : '' -%>
|
||
|
||
rootpw --iscrypted <%= root_pass %>
|
||
<% if @host.param_true?('disable-firewall') -%>
|
||
firewall --disable
|
||
<% else -%>
|
||
firewall --<%= os_major >= 6 ? 'service=' : '' %>ssh
|
||
<% end -%>
|
||
authconfig --useshadow --passalgo=sha256 --kickstart
|
||
timezone --utc <%= @host.params['time-zone'] || 'UTC' %>
|
||
<% if os_major > 4 -%>
|
||
services --disabled gpm,sendmail,cups,pcmcia,isdn,rawdevices,hpoj,bluetooth,openibd,avahi-daemon,avahi-dnsconfd,hidd,hplip,pcscd
|
||
<% end -%>
|
||
|
||
<% if os_major >= 7 && @host.info['parameters']['realm'] && @host.realm && @host.realm.realm_type == 'Active Directory' -%>
|
||
<% if realm_compatible && @host.info['parameters']['realm'] && @host.realm && @host.realm.realm_type == 'Active Directory' -%>
|
||
# One-time password will be requested at install time. Otherwise, $HOST[OTP] is used as a placeholder value.
|
||
realm join --one-time-password=<%= @host.otp || "$HOST[OTP]" %> <%= @host.realm %>
|
||
realm join --one-time-password='<%= @host.otp || "$HOST[OTP]" %>' <%= @host.realm %>
|
||
<% end -%>
|
||
|
||
<% if os_major > 4 -%>
|
||
services --disabled gpm,sendmail,cups,pcmcia,isdn,rawdevices,hpoj,bluetooth,openibd,avahi-daemon,avahi-dnsconfd,hidd,hplip,pcscd
|
||
|
||
repo --name="EPEL" --mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-<%= @host.operatingsystem.major %>&arch=<%= @host.architecture %><%= proxy_string %>
|
||
<% if puppet_enabled && @host.param_true?('enable-puppetlabs-repo') -%>
|
||
<% if puppet_enabled -%>
|
||
<% if @host.param_true?('enable-puppetlabs-repo') -%>
|
||
repo --name=puppetlabs-products --baseurl=http://yum.puppetlabs.com/el/<%= @host.operatingsystem.major %>/products/<%= @host.architecture %><%= proxy_string %>
|
||
repo --name=puppetlabs-deps --baseurl=http://yum.puppetlabs.com/el/<%= @host.operatingsystem.major %>/dependencies/<%= @host.architecture %><%= proxy_string %>
|
||
<% end -%>
|
||
<% if @host.param_true?('enable-puppetlabs-pc1-repo') -%>
|
||
repo --name=puppetlabs-pc1 --baseurl=http://yum.puppetlabs.com/el/<%= @host.operatingsystem.major %>/PC1/<%= @host.architecture %><%= proxy_string %>
|
||
<% end -%>
|
||
<% end -%>
|
||
<% end -%>
|
||
|
||
bootloader --location=mbr --append="<%= @host.params['bootloader-append'] || 'nofb quiet splash=quiet' %>" <%= grub_pass %>
|
||
... | ... | |
key --skip
|
||
<% end -%>
|
||
|
||
|
||
<% if @dynamic -%>
|
||
%include /tmp/diskpart.cfg
|
||
<% else -%>
|
||
... | ... | |
<% if os_major >= 6 -%>
|
||
redhat-lsb-core
|
||
<% end -%>
|
||
<% if os_major > 4 -%>
|
||
epel-release
|
||
<% if puppet_enabled && @host.param_true?('enable-puppetlabs-repo') -%>
|
||
<% end -%>
|
||
<% if puppet_enabled -%>
|
||
<% if @host.param_true?('enable-puppetlabs-repo') -%>
|
||
puppetlabs-release
|
||
<% end -%>
|
||
<% if @host.param_true?('enable-puppetlabs-pc1-repo') -%>
|
||
puppetlabs-release-pc1
|
||
<% end -%>
|
||
<% end -%>
|
||
<% if salt_enabled %>
|
||
salt-minion
|
||
<% end -%>
|
||
... | ... | |
<% end -%>
|
||
|
||
# update all the base packages from the updates repository
|
||
yum -t -y -e 0 update
|
||
yum -t -y update
|
||
|
||
<% if puppet_enabled %>
|
||
# and add the puppet package
|
||
yum -t -y -e 0 install puppet
|
||
|
||
echo "Configuring puppet"
|
||
cat > /etc/puppet/puppet.conf << EOF
|
||
<%= snippet 'puppet.conf' %>
|
||
EOF
|
||
<%= snippet('remote_execution_ssh_keys') %>
|
||
|
||
# Setup puppet to run on system reboot
|
||
/sbin/chkconfig --level 345 puppet on
|
||
<% if chef_enabled %>
|
||
<%= snippet 'chef_client' %>
|
||
<% end -%>
|
||
|
||
/usr/bin/puppet agent --config /etc/puppet/puppet.conf -o --tags no_such_tag <%= @host.puppetmaster.blank? ? '' : "--server #{@host.puppetmaster}" %> --no-daemonize
|
||
<% if puppet_enabled %>
|
||
<%= snippet 'puppet_setup' %>
|
||
<% end -%>
|
||
|
||
<% if salt_enabled %>
|
||
cat > /etc/salt/minion << EOF
|
||
<%= snippet 'saltstack_minion' %>
|
||
EOF
|
||
# Setup salt-minion to run on system reboot
|
||
/sbin/chkconfig --level 345 salt-minion on
|
||
# Running salt-call to trigger key signing
|
||
salt-call --no-color --grains >/dev/null
|
||
<%= snippet 'saltstack_setup' %>
|
||
<% end -%>
|
||
|
||
sync
|
||
|
||
# Inform the build system that we are done.
|
||
echo "Informing Foreman that we are built"
|
||
wget -q -O /dev/null --no-check-certificate <%= foreman_url %>
|
||
wget -q -O /dev/null --no-check-certificate <%= foreman_url('built') %>
|
||
) 2>&1 | tee /root/install.post.log
|
||
exit 0
|
||
|
Also available in: Unified diff
templates - sync from community-templates