Difference between revisions of "PuppetDemoServerKickstart"
From SELinux Wiki
CraigGrube (Talk | contribs) (New page: The Puppet demo server kickstart file: <pre> ########################################################## # Puppet Demo Server Kickstart file # # Purpose - # The purpose of the server kic...) |
CraigGrube (Talk | contribs) |
||
Line 1: | Line 1: | ||
− | + | Here's a downloadable version of the [http://www.selinuxproject.org/~cgrube/puppet/kickstart/ks.server.cfg server kickstart]. | |
<pre> | <pre> | ||
Line 24: | Line 24: | ||
# se_fqdn - Fully qualified domain name of server (assumes | # se_fqdn - Fully qualified domain name of server (assumes | ||
# puppetmaster.${se_dnsdomain} if none is provided.) | # puppetmaster.${se_dnsdomain} if none is provided.) | ||
− | # se_www - IP or resolvable DNS name of web server | + | # se_www - IP or resolvable DNS name of web server and base |
− | # from which | + | # path from which packages should be downloaded. Defaults |
− | # | + | # to downloading the packages from selinuxproject.org |
# | # | ||
# Assumptions: | # Assumptions: | ||
Line 121: | Line 121: | ||
# set default location of web server if none identified. | # set default location of web server if none identified. | ||
if [ "${se_www}x" == "x" ]; then | if [ "${se_www}x" == "x" ]; then | ||
− | se_www= | + | se_www="www.selinuxproject.org/~cgrube/puppet" |
fi | fi | ||
Line 173: | Line 173: | ||
%end | %end | ||
+ | |||
</pre> | </pre> |
Latest revision as of 00:49, 18 September 2009
Here's a downloadable version of the server kickstart.
########################################################## # Puppet Demo Server Kickstart file # # Purpose - # The purpose of the server kickstart is to build a # basic Puppet server. The installation is small (essentially # just base packages + Puppet and dependencies), so many # administrative and user packages are not installed. # # External Dependencies - # Installation: To install boot the system from FC9 # installation media (DVD, CD, netboot, etc). When the # grub interface appears, modify the boot options to load # the kickstart and provide the desired boot options to # customize the installation (i.e. ks=http://webserver/dir/ # ks.cfg se_var1=val1 ...). # # Boot Options - # se_dnsdomain - DNS domain of server (assumes example.com # if none is provided) # se_fqdn - Fully qualified domain name of server (assumes # puppetmaster.${se_dnsdomain} if none is provided.) # se_www - IP or resolvable DNS name of web server and base # path from which packages should be downloaded. Defaults # to downloading the packages from selinuxproject.org # # Assumptions: # By default network address provisioning is via DHCP. If # static addressing is required uncomment and modify the # network configuration for static addressing. # ########################################################## # Kickstart file install logging --level=info ## examples of repo sources if using local repos via http or nfs #nfs --server=192.168.1.3 --dir=/site/isos/redhat/10/i386 #url --url http://192.168.1.3/fedora/10/i386 # XXX: use a local repo , if available #repo --name="My Updates" --baseurl=http://192.168.1.3/fedora/9/updates/i386 #repo --name="My Updates" --baseurl=http://192.168.1.3/fedora/10/updates/i386 # # remove interactive for an automated install # interactive lang en_US.UTF-8 keyboard us network --device eth0 --bootproto dhcp #network --device eth0 --bootproto static --ip 172.16.148.50 --netmask 255.255.255.0 --gateway 172.16.148.2 --nameserver 172.16.148.10 # # make sure to change your password after installation, or during # for interactive installs # rootpw sefos1 firewall --enabled --ssh --port=8140:tcp authconfig --enableshadow --enablemd5 # # --Disable doesn't work. Selinux is still enabled. # selinux --permissive timezone --utc America/New_York bootloader --location=mbr reboot %packages --excludedocs --nobase @core yum openssh-server openssh-clients # optional packages audit audit-libs make perl man # basic networking tools dhclient bind-utils %end %post --erroronfail --log=/root/nklinstall.log # Boot arguments # get boot args beginning with 'se_' < /proc/cmdline sed 's/ /\n/g' | grep ^se_ > /tmp/boot_args . /tmp/boot_args ############# BOOT ARGUMENTS DEFAULTS ######################## # Enter default values below! # If boot arguments exist, use them else use these # set default domain name if necessary if [ "${se_dnsdomain}x" == "x" ]; then se_dnsdomain="example.com" fi # set default fqdn of system if necessary if [ "${se_fqdn}x" == "x" ]; then se_fqdn="puppetmaster.${se_dnsdomain}"; fi # set default location of web server if none identified. if [ "${se_www}x" == "x" ]; then se_www="www.selinuxproject.org/~cgrube/puppet" fi ############### NETWORK FILE TRANSFERS ####################### # do initial update, this should just get the repository info /usr/bin/yum -y update | /usr/bin/tee -a /root/yumup.log echo | /usr/bin/tee -a /root/yumup.log ######################################### # install custom selinux policy packages rpm -e selinux-policy-targeted selinux-policy # packages have the same version number, so just update # here if newer packages are made pv=3.6.12-78.fc11 rpm -U --force http://${se_www}/packages/selinux-policy-${pv}.noarch.rpm http://${se_www}/packages/selinux-policy-doc-${pv}.noarch.rpm http://${se_www}/packages/selinux-policy-targeted-${pv}.noarch.rpm ## install puppet server /usr/bin/yum -y install puppet-server ruby-rdoc | /usr/bin/tee -a /root/yumup.log ## download and untar puppet policy to /etc/puppet /usr/bin/curl http://${se_www}/packages/puppet-policy.tar.gz -o /tmp/puppet-policy.tar.gz if [ -d /etc/puppet ]; then cd /etc/puppet && tar -xzf /tmp/puppet-policy.tar.gz chown -R root:root /etc/puppet else echo "/etc/puppet doesn't exist, unable to extract /tmp/puppet-policy.tar.gz" fi ## relabel the file system to ensure all puppet files are appropriately ## labeled touch /.autorelabel ################# FILE CONFIGURATION ################ # switch to enforcing mode /usr/bin/perl -p -i.sefback -e "s/=disabled/=enforcing/" /etc/selinux/config # set hostname /usr/bin/perl -p -i.sefback -e "s/HOSTNAME=localhost.localdomain/HOSTNAME=${se_fqdn}/g" /etc/sysconfig/network 2>&1 # set default DNS search domain echo "SEARCH=${se_dnsdomain}" >> /etc/sysconfig/network-scripts/ifcfg-eth0 # for some reason the network service isn't on by default, so when using # static addressing the interfaces never come up /sbin/chkconfig network on /sbin/chkconfig puppetmaster on %end