|
<%#
|
|
kind: provision
|
|
name: Kickstart default
|
|
model: ProvisioningTemplate
|
|
oses:
|
|
- AlmaLinux
|
|
- CentOS
|
|
- CentOS_Stream
|
|
- Fedora
|
|
- RedHat
|
|
- Rocky
|
|
test_on:
|
|
- host4dhcp
|
|
- host6dhcp
|
|
- host4and6dhcp
|
|
- host4static
|
|
- host6static
|
|
- rhel9_dhcp
|
|
- rocky8_dhcp
|
|
- rocky9_dhcp
|
|
description: |
|
|
The provisioning template for kickstart based distributions. The output is fetched by Anaconda installer during
|
|
the network based installation. To customize the installation, modify the host parameters.
|
|
|
|
This template accepts the following parameters:
|
|
- lang: string (default="en_US.UTF-8")
|
|
- selinux-mode: string (default="enforcing")
|
|
- keyboard: string (default="us")
|
|
- time-zone: string (default="UTC")
|
|
- http-proxy: string (default="")
|
|
- http-proxy-port: string (default="")
|
|
- force-puppet: boolean (default=false)
|
|
- enable-epel: boolean (default=false)
|
|
- enable-puppetlabs-repo: boolean (default=false)
|
|
- enable-puppetlabs-puppet5-repo: boolean (default=false)
|
|
- enable-puppetlabs-puppet6-repo: boolean (default=false)
|
|
- enable-official-puppet7-repo: boolean (default=false)
|
|
- enable-official-puppet8-repo: boolean (default=false)
|
|
- skip-puppet-setup: boolean (default=false)
|
|
- salt_master: string (default=undef)
|
|
- ntp-server: string (default=undef)
|
|
- bootloader-append: string (default="nofb quiet splash=quiet")
|
|
- disable-firewall: boolean (default=false)
|
|
- package_upgrade: boolean (default=true)
|
|
- disable-uek: boolean (default=false)
|
|
- use-ntp: boolean (default depends on OS release)
|
|
- fips_enabled: boolean (default=false)
|
|
- encrypt_grub: boolean (default=false)
|
|
- use_graphical_installer: boolean (default=false)
|
|
- enable-remote-execution-pull: boolean (default=false)
|
|
- additional-packages: string (default=undef)
|
|
|
|
Reference links:
|
|
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/installation_guide/s1-kickstart2-options
|
|
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/sect-kickstart-syntax
|
|
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user
|
|
-%>
|
|
<%
|
|
rhel_compatible = @host.operatingsystem.family == 'Redhat' && @host.operatingsystem.name != 'Fedora'
|
|
is_fedora = @host.operatingsystem.name == 'Fedora'
|
|
os_major = @host.operatingsystem.major.to_i
|
|
os_minor = @host.operatingsystem.minor.to_i
|
|
realm_compatible = (@host.operatingsystem.name == 'Fedora' && os_major >= 20) || (rhel_compatible && os_major >= 7)
|
|
# safemode renderer does not support unary negation
|
|
proxy_uri = host_param('http-proxy') ? "http://#{host_param('http-proxy')}:#{host_param('http-proxy-port')}" : nil
|
|
proxy_string = proxy_uri ? " --proxy=#{proxy_uri}" : ''
|
|
puppet_enabled = !host_param_true?('skip-puppet-setup') && (host_puppet_server.present? || host_param_true?('force-puppet'))
|
|
salt_enabled = host_param('salt_master') ? true : false
|
|
chef_enabled = @host.respond_to?(:chef_proxy) && @host.chef_proxy
|
|
section_end = (rhel_compatible && os_major <= 5) ? '' : '%end'
|
|
use_ntp = host_param_true?('use-ntp', (is_fedora && os_major < 16) || (rhel_compatible && os_major <= 6))
|
|
iface = @host.provision_interface
|
|
appstream_present = false
|
|
use_rhsm = (@host.operatingsystem.name == 'RedHat' || @host.operatingsystem.name == 'RHEL') && os_major >= 8
|
|
-%>
|
|
# This kickstart file was rendered from the Foreman provisioning template "<%= @template_name %>".
|
|
# for <%= @host %> running <%= @host.operatingsystem.name %> <%= os_major %> <%= @arch %>
|
|
# Organization: <%= @host.organization %>
|
|
# Location: <%= @host.location %>
|
|
<%
|
|
if plugin_present?('katello')
|
|
-%>
|
|
# Lifecycle environment: <%= @host.single_lifecycle_environment %>
|
|
# Content View: <%= @host.single_content_view %>
|
|
# Content Source: <%= @host.content_source %>
|
|
<% end -%>
|
|
|
|
<% if (is_fedora && os_major < 29) || (rhel_compatible && os_major <= 7) -%>
|
|
install
|
|
<% end -%>
|
|
<%
|
|
if host_param('kickstart_liveimg')
|
|
img_name = host_param('kickstart_liveimg')
|
|
liveimg_url = if host_param('kt_activation_keys')
|
|
repository_url(img_name, 'isos')
|
|
else
|
|
if img_name.match(%r|^([\w\-\+]+)://|)
|
|
img_name
|
|
else
|
|
"#{medium_uri}/#{img_name}"
|
|
end
|
|
end
|
|
%>
|
|
liveimg --url=<%= liveimg_url %> <%= proxy_string %>
|
|
<% else %>
|
|
<%= @mediapath %><%= proxy_string %>
|
|
<% @additional_media.each do |medium| -%>
|
|
repo --name <%= medium[:name] %> --baseurl <%= medium[:url] %> <%= medium[:install] ? ' --install' : '' %><%= proxy_string %>
|
|
<% end -%>
|
|
<%= snippet_if_exists(template_name + " custom repositories") %>
|
|
<% end %>
|
|
lang <%= host_param('lang') || 'en_US.UTF-8' %>
|
|
selinux --<%= host_param('selinux-mode') || host_param('selinux') || 'enforcing' %>
|
|
keyboard <%= host_param('keyboard') || 'us' %>
|
|
|
|
<%
|
|
# start with provisioning interface, then other non-bond non-bridge interfaces and the bonds + bridges at the end
|
|
@host.interfaces.reject{ |iface| iface.bmc? }.sort_by { |iface| (iface.bond? || iface.bridge?) ? 0 : iface.provision? ? 20 : 10 }.each do |iface|
|
|
-%>
|
|
<%= snippet(
|
|
'kickstart_network_interface',
|
|
variables: {
|
|
iface: iface,
|
|
host: @host,
|
|
use_slaac: host_param_true?('use-slaac'),
|
|
static: @static,
|
|
static6: @static6
|
|
}
|
|
) -%>
|
|
<%
|
|
end
|
|
-%>
|
|
|
|
rootpw --iscrypted <%= root_pass %>
|
|
<% if host_param_true?('disable-firewall') -%>
|
|
firewall --disable
|
|
<% else -%>
|
|
firewall --<%= os_major >= 6 ? 'service=' : '' %>ssh
|
|
<% end -%>
|
|
<% if (is_fedora && os_major >= 28) || (rhel_compatible && os_major > 7) -%>
|
|
authselect --useshadow --passalgo=<%= @host.operatingsystem.password_hash.downcase || 'sha256' %> --kickstart
|
|
<% else -%>
|
|
authconfig --useshadow --passalgo=<%= @host.operatingsystem.password_hash.downcase || 'sha256' %> --kickstart
|
|
<% end -%>
|
|
timezone --utc <%= host_param('time-zone') || 'UTC' %> <%= host_param('ntp-server') ? "--ntpservers #{host_param('ntp-server')}" : '' %>
|
|
|
|
<% if rhel_compatible -%>
|
|
services --disabled gpm,sendmail,cups,pcmcia,isdn,rawdevices,hpoj,bluetooth,openibd,avahi-daemon,avahi-dnsconfd,hidd,hplip,pcscd
|
|
<% end -%>
|
|
|
|
<% if realm_compatible && host_enc['parameters']['realm'] && @host.realm && @host.realm.realm_type == 'Active Directory' -%>
|
|
# One-time password will be requested at install time. Otherwise, $HOST[OTP] is used as a placeholder value.
|
|
realm join --one-time-password='<%= @host.otp || "$HOST[OTP]" %>' <%= @host.realm %>
|
|
<% end -%>
|
|
|
|
<% if @host.operatingsystem.name == 'OracleLinux' && os_major == 7 && os_minor < 5 -%>
|
|
repo --name="Server-Mysql"
|
|
<% end -%>
|
|
|
|
<% if @host.operatingsystem.name == 'Fedora' && os_major <= 16 -%>
|
|
# Bootloader exception for Fedora 16:
|
|
bootloader --append="<%= host_param('bootloader-append') || 'nofb quiet splash=quiet' %> <%= ks_console %>" <%= grub_pass %>
|
|
part biosboot --fstype=biosboot --size=1
|
|
<% else -%>
|
|
bootloader --location=mbr --append="<%= host_param('bootloader-append') || 'nofb quiet splash=quiet' %>" <%= grub_pass %>
|
|
<% if os_major == 5 -%>
|
|
key --skip
|
|
<% end -%>
|
|
<% end -%>
|
|
|
|
<% if @dynamic -%>
|
|
%include /tmp/diskpart.cfg
|
|
<% else -%>
|
|
<%= @host.diskLayout %>
|
|
<% end -%>
|
|
<%= snippet('kickstart_rhsm') if use_rhsm -%>
|
|
|
|
<% if host_param_true?('use_graphical_installer') -%>
|
|
graphical
|
|
<% else -%>
|
|
skipx
|
|
text
|
|
<% end -%>
|
|
reboot<% if host_param_true?('install_reboot_kexec') %> --kexec<% end %>
|
|
|
|
%packages
|
|
<%= snippet_if_exists(template_name + " custom packages") %>
|
|
yum
|
|
<% if os_major < 8 -%>
|
|
dhclient
|
|
<% end -%>
|
|
<% if use_ntp -%>
|
|
ntp
|
|
-chrony
|
|
<% else -%>
|
|
chrony
|
|
-ntp
|
|
<% end -%>
|
|
<% if rhel_compatible && os_major < 9 -%>
|
|
wget
|
|
<% end -%>
|
|
<% if host_param_true?('fips_enabled') -%>
|
|
<%= snippet 'fips_packages' %>
|
|
<% end -%>
|
|
<% if host_param('additional-packages').present? -%>
|
|
<%= host_param('additional-packages').split(" ").join("\n") %>
|
|
<% end -%>
|
|
<%= section_end %>
|
|
|
|
<% if @dynamic -%>
|
|
%pre --log=/tmp/install.pre.dynamic.log
|
|
<%= snippet_if_exists(template_name + " custom pre") %>
|
|
<%= @host.diskLayout %>
|
|
<%= section_end %>
|
|
<% end -%>
|
|
|
|
%post --nochroot
|
|
exec < /dev/tty3 > /dev/tty3
|
|
chvt 3
|
|
(
|
|
|
|
<% if host_param_false?('no-resolv-override') -%>
|
|
cp -va /etc/resolv.conf /mnt/sysimage/etc/resolv.conf
|
|
<% end -%>
|
|
|
|
<%= snippet_if_exists(template_name + " custom postnochroot") -%>
|
|
|
|
chvt 1
|
|
) 2>&1 | tee /mnt/sysimage/root/install.postnochroot.log
|
|
<%= section_end %>
|
|
|
|
<%#
|
|
Main post script, if it fails the last post is still executed.
|
|
%>
|
|
%post
|
|
exec < /dev/tty3 > /dev/tty3
|
|
chvt 3
|
|
(
|
|
logger "Starting anaconda <%= @host %> postinstall"
|
|
<%= snippet 'ntp' %>
|
|
|
|
<%= snippet 'yum_proxy' %>
|
|
|
|
<% if rhel_compatible && host_param_true?('enable-epel') -%>
|
|
<%= snippet 'epel' -%>
|
|
<% end -%>
|
|
|
|
<%= snippet 'redhat_register' if rhel_compatible && !use_rhsm -%>
|
|
|
|
<% if host_enc['parameters']['realm'] && @host.realm && (@host.realm.realm_type == 'FreeIPA' || @host.realm.realm_type == 'Red Hat Identity Management') -%>
|
|
<%= snippet 'freeipa_register' %>
|
|
<% end -%>
|
|
|
|
<% unless host_param_false?('package_upgrade') -%>
|
|
# update all the base packages from the updates repository
|
|
if [ -f /usr/bin/dnf ]; then
|
|
dnf -y update
|
|
else
|
|
yum -t -y update
|
|
fi
|
|
<% end -%>
|
|
|
|
<%= snippet('remote_execution_ssh_keys') %>
|
|
|
|
<% if plugin_present?('katello') && host_param_true?('enable-remote-execution-pull') -%>
|
|
<%= save_to_file('/root/remote_execution_pull_setup.sh', snippet('remote_execution_pull_setup'), verbatim: true) %>
|
|
chmod +x /root/remote_execution_pull_setup.sh
|
|
/root/remote_execution_pull_setup.sh
|
|
<% end -%>
|
|
|
|
<%= snippet "blacklist_kernel_modules" %>
|
|
|
|
<% if chef_enabled %>
|
|
<%= snippet 'chef_client' %>
|
|
<% end -%>
|
|
|
|
<% if puppet_enabled %>
|
|
<% if host_param_true?('enable-puppetlabs-repo') || host_param_true?('enable-official-puppet8-repo') || host_param_true?('enable-official-puppet7-repo') || host_param_true?('enable-puppetlabs-puppet6-repo')|| host_param_true?('enable-puppetlabs-puppet5-repo') -%>
|
|
<%= snippet 'puppetlabs_repo' %>
|
|
<% end -%>
|
|
<%= snippet 'puppet_setup' %>
|
|
<% end -%>
|
|
|
|
<% if salt_enabled %>
|
|
<%= snippet 'saltstack_setup' %>
|
|
<% end -%>
|
|
|
|
<% if @host.operatingsystem.name == 'OracleLinux' && host_param_true?('disable-uek') -%>
|
|
# Uninstall the Oracle Unbreakable Kernel packages
|
|
yum -t -y remove kernel-uek*
|
|
sed -e 's/DEFAULTKERNEL=kernel-uek/DEFAULTKERNEL=kernel/g' -i /etc/sysconfig/kernel
|
|
<% end -%>
|
|
|
|
<%= snippet('ansible_provisioning_callback') %>
|
|
|
|
<%= snippet 'efibootmgr_netboot' %>
|
|
|
|
<%= snippet_if_exists(template_name + " custom post") %>
|
|
|
|
<%= snippet 'insights' if host_param_true?('host_registration_insights') && os_major < 9 -%>
|
|
<%= snippet 'disk_enc_clevis_tang' if host_param('disk_enc_tang_servers') -%>
|
|
|
|
touch /tmp/foreman_built
|
|
|
|
<% if host_param_true?('use_graphical_installer') -%>
|
|
chvt 6
|
|
<% else -%>
|
|
chvt 1
|
|
<% end -%>
|
|
) 2>&1 | tee /root/install.post.log
|
|
<%= section_end %>
|
|
|
|
# copy %pre log files into chroot
|
|
%post --nochroot
|
|
cp -vf /tmp/*.pre.*.log /mnt/sysimage/root/
|
|
<%= section_end %>
|
|
|
|
<%#
|
|
The last post section halts Anaconda to prevent endless loop in case HTTP request fails
|
|
%>
|
|
<% if (is_fedora && os_major < 20) || (rhel_compatible && os_major < 7) -%>
|
|
%post
|
|
<% else -%>
|
|
%post --erroronfail --log=/root/install-callhome.post.log
|
|
<% end -%>
|
|
|
|
<%= snippet 'eject_cdrom' -%>
|
|
|
|
if test -f /tmp/foreman_built; then
|
|
echo "calling home: build is done!"
|
|
<%= indent(2, skip1: true) { snippet('built', :variables => { :endpoint => 'built', :method => 'POST', :body_file => '/root/install.post.log' }) } -%>
|
|
else
|
|
echo "calling home: build failed!"
|
|
<%= indent(2, skip1: true) { snippet('built', :variables => { :endpoint => 'failed', :method => 'POST', :body_file => '/root/install.post.log' }) } -%>
|
|
fi
|
|
|
|
sync
|
|
<%= section_end %>
|