Project

General

Profile

Download (11.4 KB) Statistics
| Branch: | Tag: | Revision:

foreman/app/views/unattended/provisioning_templates/provision/kickstart_default.erb @ ca34010f

<%#
kind: provision
name: Kickstart default
model: ProvisioningTemplate
oses:
- AlmaLinux
- CentOS
- CentOS_Stream
- Fedora
- RedHat
- Rocky
test_on:
- host4dhcp
- host6dhcp
- host4and6dhcp
- host4static
- host6static
- rhel9_dhcp
- rocky8_dhcp
- rocky9_dhcp
description: |
The provisioning template for kickstart based distributions. The output is fetched by Anaconda installer during
the network based installation. To customize the installation, modify the host parameters.

This template accepts the following parameters:
- lang: string (default="en_US.UTF-8")
- selinux-mode: string (default="enforcing")
- keyboard: string (default="us")
- time-zone: string (default="UTC")
- http-proxy: string (default="")
- http-proxy-port: string (default="")
- force-puppet: boolean (default=false)
- enable-epel: boolean (default=false)
- enable-puppetlabs-repo: boolean (default=false)
- enable-puppetlabs-puppet5-repo: boolean (default=false)
- enable-puppetlabs-puppet6-repo: boolean (default=false)
- enable-official-puppet7-repo: boolean (default=false)
- enable-official-puppet8-repo: boolean (default=false)
- skip-puppet-setup: boolean (default=false)
- salt_master: string (default=undef)
- ntp-server: string (default=undef)
- bootloader-append: string (default="nofb quiet splash=quiet")
- disable-firewall: boolean (default=false)
- package_upgrade: boolean (default=true)
- disable-uek: boolean (default=false)
- use-ntp: boolean (default depends on OS release)
- fips_enabled: boolean (default=false)
- encrypt_grub: boolean (default=false)
- use_graphical_installer: boolean (default=false)
- enable-remote-execution-pull: boolean (default=false)
- additional-packages: string (default=undef)

Reference links:
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/installation_guide/s1-kickstart2-options
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/sect-kickstart-syntax
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user
-%>
<%
rhel_compatible = @host.operatingsystem.family == 'Redhat' && @host.operatingsystem.name != 'Fedora'
is_fedora = @host.operatingsystem.name == 'Fedora'
os_major = @host.operatingsystem.major.to_i
os_minor = @host.operatingsystem.minor.to_i
realm_compatible = (@host.operatingsystem.name == 'Fedora' && os_major >= 20) || (rhel_compatible && os_major >= 7)
# safemode renderer does not support unary negation
proxy_uri = host_param('http-proxy') ? "http://#{host_param('http-proxy')}:#{host_param('http-proxy-port')}" : nil
proxy_string = proxy_uri ? " --proxy=#{proxy_uri}" : ''
puppet_enabled = !host_param_true?('skip-puppet-setup') && (host_puppet_server.present? || host_param_true?('force-puppet'))
salt_enabled = host_param('salt_master') ? true : false
chef_enabled = @host.respond_to?(:chef_proxy) && @host.chef_proxy
section_end = (rhel_compatible && os_major <= 5) ? '' : '%end'
use_ntp = host_param_true?('use-ntp', (is_fedora && os_major < 16) || (rhel_compatible && os_major <= 6))
iface = @host.provision_interface
appstream_present = false
use_rhsm = (@host.operatingsystem.name == 'RedHat' || @host.operatingsystem.name == 'RHEL') && os_major >= 8
-%>
# This kickstart file was rendered from the Foreman provisioning template "<%= @template_name %>".
# for <%= @host %> running <%= @host.operatingsystem.name %> <%= os_major %> <%= @arch %>
# Organization: <%= @host.organization %>
# Location: <%= @host.location %>
<%
if plugin_present?('katello')
-%>
# Lifecycle environment: <%= @host.single_lifecycle_environment %>
# Content View: <%= @host.single_content_view %>
# Content Source: <%= @host.content_source %>
<% end -%>

<% if (is_fedora && os_major < 29) || (rhel_compatible && os_major <= 7) -%>
install
<% end -%>
<%
if host_param('kickstart_liveimg')
img_name = host_param('kickstart_liveimg')
liveimg_url = if host_param('kt_activation_keys')
repository_url(img_name, 'isos')
else
if img_name.match(%r|^([\w\-\+]+)://|)
img_name
else
"#{medium_uri}/#{img_name}"
end
end
%>
liveimg --url=<%= liveimg_url %> <%= proxy_string %>
<% else %>
<%= @mediapath %><%= proxy_string %>
<% @additional_media.each do |medium| -%>
repo --name <%= medium[:name] %> --baseurl <%= medium[:url] %> <%= medium[:install] ? ' --install' : '' %><%= proxy_string %>
<% end -%>
<%= snippet_if_exists(template_name + " custom repositories") %>
<% end %>
lang <%= host_param('lang') || 'en_US.UTF-8' %>
selinux --<%= host_param('selinux-mode') || host_param('selinux') || 'enforcing' %>
keyboard <%= host_param('keyboard') || 'us' %>

<%
# start with provisioning interface, then other non-bond non-bridge interfaces and the bonds + bridges at the end
@host.interfaces.reject{ |iface| iface.bmc? }.sort_by { |iface| (iface.bond? || iface.bridge?) ? 0 : iface.provision? ? 20 : 10 }.each do |iface|
-%>
<%= snippet(
'kickstart_network_interface',
variables: {
iface: iface,
host: @host,
use_slaac: host_param_true?('use-slaac'),
static: @static,
static6: @static6
}
) -%>
<%
end
-%>

rootpw --iscrypted <%= root_pass %>
<% if host_param_true?('disable-firewall') -%>
firewall --disable
<% else -%>
firewall --<%= os_major >= 6 ? 'service=' : '' %>ssh
<% end -%>
<% if (is_fedora && os_major >= 28) || (rhel_compatible && os_major > 7) -%>
authselect --useshadow --passalgo=<%= @host.operatingsystem.password_hash.downcase || 'sha256' %> --kickstart
<% else -%>
authconfig --useshadow --passalgo=<%= @host.operatingsystem.password_hash.downcase || 'sha256' %> --kickstart
<% end -%>
timezone --utc <%= host_param('time-zone') || 'UTC' %> <%= host_param('ntp-server') ? "--ntpservers #{host_param('ntp-server')}" : '' %>

<% if rhel_compatible -%>
services --disabled gpm,sendmail,cups,pcmcia,isdn,rawdevices,hpoj,bluetooth,openibd,avahi-daemon,avahi-dnsconfd,hidd,hplip,pcscd
<% end -%>

<% if realm_compatible && host_enc['parameters']['realm'] && @host.realm && @host.realm.realm_type == 'Active Directory' -%>
# One-time password will be requested at install time. Otherwise, $HOST[OTP] is used as a placeholder value.
realm join --one-time-password='<%= @host.otp || "$HOST[OTP]" %>' <%= @host.realm %>
<% end -%>

<% if @host.operatingsystem.name == 'OracleLinux' && os_major == 7 && os_minor < 5 -%>
repo --name="Server-Mysql"
<% end -%>

<% if @host.operatingsystem.name == 'Fedora' && os_major <= 16 -%>
# Bootloader exception for Fedora 16:
bootloader --append="<%= host_param('bootloader-append') || 'nofb quiet splash=quiet' %> <%= ks_console %>" <%= grub_pass %>
part biosboot --fstype=biosboot --size=1
<% else -%>
bootloader --location=mbr --append="<%= host_param('bootloader-append') || 'nofb quiet splash=quiet' %>" <%= grub_pass %>
<% if os_major == 5 -%>
key --skip
<% end -%>
<% end -%>

<% if @dynamic -%>
%include /tmp/diskpart.cfg
<% else -%>
<%= @host.diskLayout %>
<% end -%>
<%= snippet('kickstart_rhsm') if use_rhsm -%>

<% if host_param_true?('use_graphical_installer') -%>
graphical
<% else -%>
skipx
text
<% end -%>
reboot<% if host_param_true?('install_reboot_kexec') %> --kexec<% end %>

%packages
<%= snippet_if_exists(template_name + " custom packages") %>
yum
<% if os_major < 8 -%>
dhclient
<% end -%>
<% if use_ntp -%>
ntp
-chrony
<% else -%>
chrony
-ntp
<% end -%>
<% if rhel_compatible && os_major < 9 -%>
wget
<% end -%>
<% if host_param_true?('fips_enabled') -%>
<%= snippet 'fips_packages' %>
<% end -%>
<% if host_param('additional-packages').present? -%>
<%= host_param('additional-packages').split(" ").join("\n") %>
<% end -%>
<%= section_end %>

<% if @dynamic -%>
%pre --log=/tmp/install.pre.dynamic.log
<%= snippet_if_exists(template_name + " custom pre") %>
<%= @host.diskLayout %>
<%= section_end %>
<% end -%>

%post --nochroot
exec < /dev/tty3 > /dev/tty3
chvt 3
(

<% if host_param_false?('no-resolv-override') -%>
cp -va /etc/resolv.conf /mnt/sysimage/etc/resolv.conf
<% end -%>

<%= snippet_if_exists(template_name + " custom postnochroot") -%>

chvt 1
) 2>&1 | tee /mnt/sysimage/root/install.postnochroot.log
<%= section_end %>

<%#
Main post script, if it fails the last post is still executed.
%>
%post
exec < /dev/tty3 > /dev/tty3
chvt 3
(
logger "Starting anaconda <%= @host %> postinstall"
<%= snippet 'ntp' %>

<%= snippet 'yum_proxy' %>

<% if rhel_compatible && host_param_true?('enable-epel') -%>
<%= snippet 'epel' -%>
<% end -%>

<%= snippet 'redhat_register' if rhel_compatible && !use_rhsm -%>

<% if host_enc['parameters']['realm'] && @host.realm && (@host.realm.realm_type == 'FreeIPA' || @host.realm.realm_type == 'Red Hat Identity Management') -%>
<%= snippet 'freeipa_register' %>
<% end -%>

<% unless host_param_false?('package_upgrade') -%>
# update all the base packages from the updates repository
if [ -f /usr/bin/dnf ]; then
dnf -y update
else
yum -t -y update
fi
<% end -%>

<%= snippet('remote_execution_ssh_keys') %>

<% if plugin_present?('katello') && host_param_true?('enable-remote-execution-pull') -%>
<%= save_to_file('/root/remote_execution_pull_setup.sh', snippet('remote_execution_pull_setup'), verbatim: true) %>
chmod +x /root/remote_execution_pull_setup.sh
/root/remote_execution_pull_setup.sh
<% end -%>

<%= snippet "blacklist_kernel_modules" %>

<% if chef_enabled %>
<%= snippet 'chef_client' %>
<% end -%>

<% if puppet_enabled %>
<% if host_param_true?('enable-puppetlabs-repo') || host_param_true?('enable-official-puppet8-repo') || host_param_true?('enable-official-puppet7-repo') || host_param_true?('enable-puppetlabs-puppet6-repo')|| host_param_true?('enable-puppetlabs-puppet5-repo') -%>
<%= snippet 'puppetlabs_repo' %>
<% end -%>
<%= snippet 'puppet_setup' %>
<% end -%>

<% if salt_enabled %>
<%= snippet 'saltstack_setup' %>
<% end -%>

<% if @host.operatingsystem.name == 'OracleLinux' && host_param_true?('disable-uek') -%>
# Uninstall the Oracle Unbreakable Kernel packages
yum -t -y remove kernel-uek*
sed -e 's/DEFAULTKERNEL=kernel-uek/DEFAULTKERNEL=kernel/g' -i /etc/sysconfig/kernel
<% end -%>

<%= snippet('ansible_provisioning_callback') %>

<%= snippet 'efibootmgr_netboot' %>

<%= snippet_if_exists(template_name + " custom post") %>

<%= snippet 'insights' if host_param_true?('host_registration_insights') && os_major < 9 -%>
<%= snippet 'disk_enc_clevis_tang' if host_param('disk_enc_tang_servers') -%>

touch /tmp/foreman_built

<% if host_param_true?('use_graphical_installer') -%>
chvt 6
<% else -%>
chvt 1
<% end -%>
) 2>&1 | tee /root/install.post.log
<%= section_end %>

# copy %pre log files into chroot
%post --nochroot
cp -vf /tmp/*.pre.*.log /mnt/sysimage/root/
<%= section_end %>

<%#
The last post section halts Anaconda to prevent endless loop in case HTTP request fails
%>
<% if (is_fedora && os_major < 20) || (rhel_compatible && os_major < 7) -%>
%post
<% else -%>
%post --erroronfail --log=/root/install-callhome.post.log
<% end -%>

<%= snippet 'eject_cdrom' -%>

if test -f /tmp/foreman_built; then
echo "calling home: build is done!"
<%= indent(2, skip1: true) { snippet('built', :variables => { :endpoint => 'built', :method => 'POST', :body_file => '/root/install.post.log' }) } -%>
else
echo "calling home: build failed!"
<%= indent(2, skip1: true) { snippet('built', :variables => { :endpoint => 'failed', :method => 'POST', :body_file => '/root/install.post.log' }) } -%>
fi

sync
<%= section_end %>
(8-8/13)