Project

General

Profile

Download (13.4 KB) Statistics
| Branch: | Tag: | Revision:

foreman/app/views/unattended/provisioning_templates/provision/kickstart_default.erb @ bf03a259

<%#
kind: provision
name: Kickstart default
model: ProvisioningTemplate
oses:
- AlmaLinux
- CentOS
- CentOS_Stream
- Fedora
- RedHat
- Rocky
test_on:
- host4dhcp
- host6dhcp
- host4and6dhcp
- host4static
- host6static
- rhel9_dhcp
- rocky8_dhcp
- rocky9_dhcp
description: |
The provisioning template for kickstart based distributions. The output is fetched by Anaconda installer during
the network based installation. To customize the installation, modify the host parameters.

This template accepts the following parameters:
- lang: string (default="en_US.UTF-8")
- selinux-mode: string (default="enforcing")
- keyboard: string (default="us")
- time-zone: string (default="UTC")
- http-proxy: string (default="")
- http-proxy-port: string (default="")
- force-puppet: boolean (default=false)
- enable-epel: boolean (default=false)
- enable-puppetlabs-repo: boolean (default=false)
- enable-puppetlabs-puppet5-repo: boolean (default=false)
- enable-puppetlabs-puppet6-repo: boolean (default=false)
- enable-official-puppet7-repo: boolean (default=false)
- enable-official-puppet8-repo: boolean (default=false)
- skip-puppet-setup: boolean (default=false)
- salt_master: string (default=undef)
- ntp-server: string (default=undef)
- bootloader-append: string (default="nofb quiet splash=quiet")
- disable-firewall: boolean (default=false)
- package_upgrade: boolean (default=true)
- disable-uek: boolean (default=false)
- use-ntp: boolean (default depends on OS release)
- fips_enabled: boolean (default=false)
- encrypt_grub: boolean (default=false)
- use_graphical_installer: boolean (default=false)
- enable-remote-execution-pull: boolean (default=false)
- additional-packages: string (default=undef)

Reference links:
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/installation_guide/s1-kickstart2-options
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/sect-kickstart-syntax
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user
-%>
<%
rhel_compatible = @host.operatingsystem.family == 'Redhat' && @host.operatingsystem.name != 'Fedora'
is_fedora = @host.operatingsystem.name == 'Fedora'
os_major = @host.operatingsystem.major.to_i
os_minor = @host.operatingsystem.minor.to_i
realm_compatible = (@host.operatingsystem.name == 'Fedora' && os_major >= 20) || (rhel_compatible && os_major >= 7)
# safemode renderer does not support unary negation
proxy_uri = host_param('http-proxy') ? "http://#{host_param('http-proxy')}:#{host_param('http-proxy-port')}" : nil
proxy_string = proxy_uri ? " --proxy=#{proxy_uri}" : ''
puppet_enabled = !host_param_true?('skip-puppet-setup') && (host_puppet_server.present? || host_param_true?('force-puppet'))
salt_enabled = host_param('salt_master') ? true : false
chef_enabled = @host.respond_to?(:chef_proxy) && @host.chef_proxy
section_end = (rhel_compatible && os_major <= 5) ? '' : '%end'
use_ntp = host_param_true?('use-ntp', (is_fedora && os_major < 16) || (rhel_compatible && os_major <= 6))
iface = @host.provision_interface
appstream_present = false
use_rhsm = (@host.operatingsystem.name == 'RedHat' || @host.operatingsystem.name == 'RHEL') && os_major >= 8
-%>
# This kickstart file was rendered from the Foreman provisioning template "<%= @template_name %>".
# for <%= @host %> running <%= @host.operatingsystem.name %> <%= os_major %> <%= @arch %>
# Organization: <%= @host.organization %>
# Location: <%= @host.location %>
<%
if plugin_present?('katello')
-%>
# Lifecycle environment: <%= @host.single_lifecycle_environment %>
# Content View: <%= @host.single_content_view %>
# Content Source: <%= @host.content_source %>
<% end -%>

<% if (is_fedora && os_major < 29) || (rhel_compatible && os_major <= 7) -%>
install
<% end -%>
<%
if host_param('kickstart_liveimg')
img_name = host_param('kickstart_liveimg')
liveimg_url = if host_param('kt_activation_keys')
repository_url(img_name, 'isos')
else
if img_name.match(%r|^([\w\-\+]+)://|)
img_name
else
"#{medium_uri}/#{img_name}"
end
end
%>
liveimg --url=<%= liveimg_url %> <%= proxy_string %>
<% else %>
<%= @mediapath %><%= proxy_string %>
<% @additional_media.each do |medium| -%>
repo --name <%= medium[:name] %> --baseurl <%= medium[:url] %> <%= medium[:install] ? ' --install' : '' %><%= proxy_string %>
<% end -%>
<%= snippet_if_exists(template_name + " custom repositories") %>
<% end %>
lang <%= host_param('lang') || 'en_US.UTF-8' %>
selinux --<%= host_param('selinux-mode') || host_param('selinux') || 'enforcing' %>
keyboard <%= host_param('keyboard') || 'us' %>

<%
network_options = []
nameservers = []
subnet4 = iface.subnet
subnet6 = iface.subnet6

# device and hostname
if iface.bond? && rhel_compatible && os_major >= 6
network_options.push("--device=#{iface.identifier}")
else
network_options.push("--device=#{iface.mac || iface.identifier}")
end
network_options.push("--hostname #{@host.name}")

# single stack
if subnet4 && !subnet6
network_options.push("--noipv6")
elsif !subnet4 && subnet6
network_options.push("--noipv4")
end

# dual stack MTU check
raise("IPv4 and IPv6 subnets have different MTU") if subnet4 && subnet6 && subnet4.mtu.present? && subnet6.mtu.present? && subnet4.mtu != subnet6.mtu

# IPv4
if (subnet4 && !subnet4.dhcp_boot_mode?) || @static
network_options.push("--bootproto static")
network_options.push("--ip=#{iface.ip}")
network_options.push("--netmask=#{subnet4.mask}")
network_options.push("--gateway=#{subnet4.gateway}")
elsif subnet4 && subnet4.dhcp_boot_mode?
network_options.push("--bootproto dhcp")
end
if subnet4
nameservers.concat(subnet4.dns_servers)
network_options.push("--mtu=#{subnet4.mtu}") if subnet4.mtu.present?
end

# IPv6
if rhel_compatible && os_major >= 6
if (subnet6 && !subnet6.dhcp_boot_mode?) || @static6
network_options.push("--ipv6=#{iface.ip6}/#{subnet6.cidr}")
network_options.push("--ipv6gateway=#{subnet6.gateway}")
elsif subnet6 && subnet6.dhcp_boot_mode?
if host_param_true?('use-slaac')
network_options.push("--ipv6 auto")
else
network_options.push("--ipv6 dhcp")
end
end
if subnet6
nameservers.concat(subnet6.dns_servers)
network_options.push("--mtu=#{subnet6.mtu}") if subnet6.mtu.present?
end
end

# bond
if iface.bond? && rhel_compatible && os_major >= 6
bond_slaves = iface.attached_devices_identifiers.join(',')
network_options.push("--bondslaves=#{bond_slaves}")
network_options.push("--bondopts=mode=#{iface.mode},#{iface.bond_options.tr(' ', ',')}")
end

# VLAN (only on physical is recognized)
if iface.virtual? && iface.tag.present? && iface.attached_to.present?
if rhel_compatible && os_major == 6
network_options.push("--vlanid=#{iface.tag}")
else
network_options.push("--interfacename=vlan#{iface.tag}")
end
end

# DNS
if nameservers.size > 0
network_options.push("--nameserver=#{nameservers.join(',')}")
else
network_options.push("--nodns")
end
-%>
network <%= network_options.join(' ') %>

rootpw --iscrypted <%= root_pass %>
<% if host_param_true?('disable-firewall') -%>
firewall --disable
<% else -%>
firewall --<%= os_major >= 6 ? 'service=' : '' %>ssh
<% end -%>
<% if (is_fedora && os_major >= 28) || (rhel_compatible && os_major > 7) -%>
authselect --useshadow --passalgo=<%= @host.operatingsystem.password_hash.downcase || 'sha256' %> --kickstart
<% else -%>
authconfig --useshadow --passalgo=<%= @host.operatingsystem.password_hash.downcase || 'sha256' %> --kickstart
<% end -%>
timezone --utc <%= host_param('time-zone') || 'UTC' %> <%= host_param('ntp-server') ? "--ntpservers #{host_param('ntp-server')}" : '' %>

<% if rhel_compatible -%>
services --disabled gpm,sendmail,cups,pcmcia,isdn,rawdevices,hpoj,bluetooth,openibd,avahi-daemon,avahi-dnsconfd,hidd,hplip,pcscd
<% end -%>

<% if realm_compatible && host_enc['parameters']['realm'] && @host.realm && @host.realm.realm_type == 'Active Directory' -%>
# One-time password will be requested at install time. Otherwise, $HOST[OTP] is used as a placeholder value.
realm join --one-time-password='<%= @host.otp || "$HOST[OTP]" %>' <%= @host.realm %>
<% end -%>

<% if @host.operatingsystem.name == 'OracleLinux' && os_major == 7 && os_minor < 5 -%>
repo --name="Server-Mysql"
<% end -%>

<% if @host.operatingsystem.name == 'Fedora' && os_major <= 16 -%>
# Bootloader exception for Fedora 16:
bootloader --append="<%= host_param('bootloader-append') || 'nofb quiet splash=quiet' %> <%= ks_console %>" <%= grub_pass %>
part biosboot --fstype=biosboot --size=1
<% else -%>
bootloader --location=mbr --append="<%= host_param('bootloader-append') || 'nofb quiet splash=quiet' %>" <%= grub_pass %>
<% if os_major == 5 -%>
key --skip
<% end -%>
<% end -%>

<% if @dynamic -%>
%include /tmp/diskpart.cfg
<% else -%>
<%= @host.diskLayout %>
<% end -%>
<%= snippet('kickstart_rhsm') if use_rhsm -%>

<% if host_param_true?('use_graphical_installer') -%>
graphical
<% else -%>
skipx
text
<% end -%>
reboot<% if host_param_true?('install_reboot_kexec') %> --kexec<% end %>

%packages
<%= snippet_if_exists(template_name + " custom packages") %>
yum
<% if os_major < 8 -%>
dhclient
<% end -%>
<% if use_ntp -%>
ntp
-chrony
<% else -%>
chrony
-ntp
<% end -%>
<% if rhel_compatible && os_major < 9 -%>
wget
<% end -%>
<% if host_param_true?('fips_enabled') -%>
<%= snippet 'fips_packages' %>
<% end -%>
<% if host_param('additional-packages').present? -%>
<%= host_param('additional-packages').split(" ").join("\n") %>
<% end -%>
<%= section_end %>

<% if @dynamic -%>
%pre --log=/tmp/install.pre.dynamic.log
<%= snippet_if_exists(template_name + " custom pre") %>
<%= @host.diskLayout %>
<%= section_end %>
<% end -%>

%post --nochroot
exec < /dev/tty3 > /dev/tty3
chvt 3
(

<% if host_param_false?('no-resolv-override') -%>
cp -va /etc/resolv.conf /mnt/sysimage/etc/resolv.conf
<% end -%>

<%= snippet_if_exists(template_name + " custom postnochroot") -%>

chvt 1
) 2>&1 | tee /mnt/sysimage/root/install.postnochroot.log
<%= section_end %>

<%#
Main post script, if it fails the last post is still executed.
%>
%post
exec < /dev/tty3 > /dev/tty3
chvt 3
(
logger "Starting anaconda <%= @host %> postinstall"
<%= snippet 'kickstart_networking_setup' %>

<%= snippet 'ntp' %>

<%= snippet 'yum_proxy' %>

<% if rhel_compatible && host_param_true?('enable-epel') -%>
<%= snippet 'epel' -%>
<% end -%>

<%= snippet 'redhat_register' if rhel_compatible && !use_rhsm -%>

<% if host_enc['parameters']['realm'] && @host.realm && (@host.realm.realm_type == 'FreeIPA' || @host.realm.realm_type == 'Red Hat Identity Management') -%>
<%= snippet 'freeipa_register' %>
<% end -%>

<% unless host_param_false?('package_upgrade') -%>
# update all the base packages from the updates repository
if [ -f /usr/bin/dnf ]; then
dnf -y update
else
yum -t -y update
fi
<% end -%>

<%= snippet('remote_execution_ssh_keys') %>

<% if plugin_present?('katello') && host_param_true?('enable-remote-execution-pull') -%>
<%= save_to_file('/root/remote_execution_pull_setup.sh', snippet('remote_execution_pull_setup'), verbatim: true) %>
chmod +x /root/remote_execution_pull_setup.sh
/root/remote_execution_pull_setup.sh
<% end -%>

<%= snippet "blacklist_kernel_modules" %>

<% if chef_enabled %>
<%= snippet 'chef_client' %>
<% end -%>

<% if puppet_enabled %>
<% if host_param_true?('enable-puppetlabs-repo') || host_param_true?('enable-official-puppet8-repo') || host_param_true?('enable-official-puppet7-repo') || host_param_true?('enable-puppetlabs-puppet6-repo')|| host_param_true?('enable-puppetlabs-puppet5-repo') -%>
<%= snippet 'puppetlabs_repo' %>
<% end -%>
<%= snippet 'puppet_setup' %>
<% end -%>

<% if salt_enabled %>
<%= snippet 'saltstack_setup' %>
<% end -%>

<% if @host.operatingsystem.name == 'OracleLinux' && host_param_true?('disable-uek') -%>
# Uninstall the Oracle Unbreakable Kernel packages
yum -t -y remove kernel-uek*
sed -e 's/DEFAULTKERNEL=kernel-uek/DEFAULTKERNEL=kernel/g' -i /etc/sysconfig/kernel
<% end -%>

<%= snippet('ansible_provisioning_callback') %>

<%= snippet 'efibootmgr_netboot' %>

<%= snippet_if_exists(template_name + " custom post") %>

<%= snippet 'insights' if host_param_true?('host_registration_insights') && os_major < 9 -%>
<%= snippet 'disk_enc_clevis_tang' if host_param('disk_enc_tang_servers') -%>

touch /tmp/foreman_built

<% if host_param_true?('use_graphical_installer') -%>
chvt 6
<% else -%>
chvt 1
<% end -%>
) 2>&1 | tee /root/install.post.log
<%= section_end %>

# copy %pre log files into chroot
%post --nochroot
cp -vf /tmp/*.pre.*.log /mnt/sysimage/root/
<%= section_end %>

<%#
The last post section halts Anaconda to prevent endless loop in case HTTP request fails
%>
<% if (is_fedora && os_major < 20) || (rhel_compatible && os_major < 7) -%>
%post
<% else -%>
%post --erroronfail --log=/root/install-callhome.post.log
<% end -%>

<%= snippet 'eject_cdrom' -%>

if test -f /tmp/foreman_built; then
echo "calling home: build is done!"
<%= indent(2, skip1: true) { snippet('built', :variables => { :endpoint => 'built', :method => 'POST', :body_file => '/root/install.post.log' }) } -%>
else
echo "calling home: build failed!"
<%= indent(2, skip1: true) { snippet('built', :variables => { :endpoint => 'failed', :method => 'POST', :body_file => '/root/install.post.log' }) } -%>
fi

sync
<%= section_end %>
(8-8/13)