PuppetDemoClientKickstart

From SELinux Wiki
Jump to: navigation, search

Here is a downloadable version of the client kickstart.

##########################################################
# Puppet Demo Client Kickstart file
#
# Purpose - 
#   The purpose of the client kickstart is to build a very
# basic systems (just base packages + Puppet and dependencies)
# that will then be boot-strapped via Puppet. 
#
# External Dependencies - 
# Installation: To install boot the system from FC11
# installation media (DVD, CD, netboot, etc).  When the 
# grub interface appears, modify the boot options to load
# the kickstart and provide the desired boot options to 
# customize the installation (i.e. ks=http://webserver/dir/
# ks.cfg se_var1=val1 ...).
#
# Boot Options - 
#
#   se_dnsdomain - DNS domain of client (assumes example.com
#	if none provided)
#   se_fqdn - Fully qualified domain name of client (assumes
#	client1.${se_dnsdomain} if none provided)
#   se_pmaster - FQDN of Puppet server (assumes 
#	puppetmaster.${se_dnsdomain} if none provided)
#   se_www - IP address of resolvable DNS name of web server
#	from which packages should be downloaded. The default
#	value will download the packages from selinuxproject.org
#
# Assumptions:
#   Network address provisioning is with DHCP.  IF static
# addressing is desired uncomment and modify the static
# network configuration line and comment the DHCP network
# configuration line.
#
##########################################################
# Kickstart file

install
logging --level=info

# XXX: Network install options
#nfs --server=192.168.1.3 --dir=/site/isos/redhat/10/i386
#url --url http://192.168.1.3/fedora/10/i386

# XXX: use a local repo, if available
#repo --name="My Updates"  --baseurl=http://192.168.1.3/fedora/10/updates/i386/

#
# remove interactive for an automated install
#
interactive

lang en_US.UTF-8
keyboard us

network --device eth0 --bootproto dhcp
#network --device eth0 --bootproto static --ip 172.16.148.51 --netmask 255.255.255.0 --gateway 172.16.148.2 --nameserver 172.16.148.10


#
# make sure to change your password after installation, or during
# for interactive installs
#
rootpw sefos1

firewall --enabled --ssh 
authconfig --enableshadow --enablemd5

#
# --Disable doesn't work. Selinux is still enabled.
#
selinux --permissive

timezone --utc America/New_York
bootloader --location=mbr 

reboot

%packages --excludedocs --nobase
@core
perl
yum
openssh-server
openssh-clients
man

# optional packages
selinux-policy-targeted
audit
audit-libs
dhclient
bind-utils

%end

%post  --erroronfail --log=/root/nklinstall.log

# Boot arguments 
# get boot args beginning with 'se_'
< /proc/cmdline sed 's/ /\n/g' | grep ^se_ > /tmp/boot_args
. /tmp/boot_args



############# BOOT ARGUMENTS DEFAULTS ########################
# Enter default values below!
# If boot arguments exist, use them else use these

# set default dns name if none provided
if [ "${se_dnsdomain}x" == "x" ]; then
	se_dnsdomain="example.com"
fi

# set default fqdn is none provided
if [ "${se_fqdn}x" == "x" ]; then
    se_fqdn="client1.${se_dnsdomain}";
fi

# set default name of puppet server if none provided
if [ "${se_pmaster}x" == "x" ]; then
	se_pmaster="puppetmaster.${se_dnsdomain}"
fi

# set default location of web server for packages
if [ "${se_www}x" == "x" ]; then
	se_www="www.selinuxproject.org/~cgrube/puppet"
fi

############### NETWORK FILE TRANSFERS #######################
# do initial update, this should just get the repository info
/usr/bin/yum -y update | /usr/bin/tee -a /root/yumup.log
echo | /usr/bin/tee -a /root/yumup.log

##########################################
# install custom selinux policy packages
pv=3.6.12-78.fc11

rpm -e selinux-policy selinux-policy-targeted

rpm -U --force http://${se_www}/packages/selinux-policy-${pv}.noarch.rpm http://${se_www}/packages/selinux-policy-doc-${pv}.noarch.rpm http://${se_www}/packages/selinux-policy-targeted-${pv}.noarch.rpm
rpm -U http://${se_www}/packages/sefos-demo-policy-0.1-2.fc11.i386.rpm

# install the puppet client
/usr/bin/yum -y install puppet ruby-rdoc | /usr/bin/tee -a /root/yumup.log


################# FILE CONFIGURATION ################
# switch to enforcing mode
/usr/bin/perl -p -i.sefback -e "s/=disabled/=enforcing/" /etc/selinux/config

# set hostname
/usr/bin/perl -p -i.sefback -e "s/HOSTNAME=localhost.localdomain/HOSTNAME=${se_fqdn}/g" /etc/sysconfig/network  2>&1

# set default DNS search domain
echo "SEARCH=${se_dnsdomain}" >> /etc/sysconfig/network-scripts/ifcfg-eth0

## relabel file system at boot to ensure puppet files have right labels
touch /.autorelabel

# network service doesn't appear to be on by default, so turn it on to get clients with
# static addressing working.

/sbin/chkconfig network on
/sbin/chkconfig puppet on

# set puppet server 
echo "# Begin automated kickstart configuration" >> /etc/sysconfig/puppet
echo "PUPPET_SERVER=${se_pmaster}" >> /etc/sysconfig/puppet

%end