PuppetDemoClientKickstart
From SELinux Wiki
Revision as of 22:29, 14 September 2009 by CraigGrube (Talk | contribs)
The Puppet demo client kickstart:
########################################################## # Sefos Demo Client Kickstart file # # Purpose - # The purpose of the client kickstart is to build a very # basic systems (just base packages + Puppet and dependencies) # that will then be boot-strapped via Puppet. # # External Dependencies - # Installation: To install boot the system from FC9 # installation media (DVD, CD, netboot, etc). When the # grub interface appears, modify the boot options to load # the kickstart and provide the desired boot options to # customize the installation (i.e. ks=http://webserver/dir/ # ks.cfg se_var1=val1 ...). # # Boot Options - # # se_dnsdomain - DNS domain of client (assumes example.com # if none provided) # se_fqdn - Fully qualified domain name of client (assumes # client1.${se_dnsdomain} if none provided) # se_pmaster - FQDN of Puppet server (assumes # puppetmaster.${se_dnsdomain} if none provided) # se_www - IP address of resolvable DNS name of web server # from which packages should be downloaded # # Assumptions: # Network address provisioning is with DHCP. IF static # addressing is desired uncomment and modify the static # network configuration line and comment the DHCP network # configuration line. # ########################################################## # Kickstart file install logging --level=info # XXX: Network install options #nfs --server=192.168.1.3 --dir=/site/isos/redhat/10/i386 #url --url http://192.168.1.3/fedora/10/i386 # XXX: use a local repo, if available #repo --name="My Updates" --baseurl=http://192.168.1.3/fedora/10/updates/i386/ # # remove interactive for an automated install # interactive lang en_US.UTF-8 keyboard us network --device eth0 --bootproto dhcp #network --device eth0 --bootproto static --ip 172.16.148.51 --netmask 255.255.255.0 --gateway 172.16.148.2 --nameserver 172.16.148.10 # # make sure to change your password after installation, or during # for interactive installs # rootpw sefos1 firewall --enabled --ssh authconfig --enableshadow --enablemd5 # # --Disable doesn't work. Selinux is still enabled. # selinux --permissive timezone --utc America/New_York bootloader --location=mbr reboot %packages --excludedocs --nobase @core perl yum openssh-server openssh-clients man # optional packages selinux-policy-targeted audit audit-libs dhclient bind-utils %end %post --erroronfail --log=/root/nklinstall.log # Boot arguments # get boot args beginning with 'se_' < /proc/cmdline sed 's/ /\n/g' | grep ^se_ > /tmp/boot_args . /tmp/boot_args ############# BOOT ARGUMENTS DEFAULTS ######################## # Enter default values below! # If boot arguments exist, use them else use these # set default dns name if none provided if [ "${se_dnsdomain}x" == "x" ]; then se_dnsdomain="example.com" fi # set default fqdn is none provided if [ "${se_fqdn}x" == "x" ]; then se_fqdn="client1.${se_dnsdomain}"; fi # set default name of puppet server if none provided if [ "${se_pmaster}x" == "x" ]; then se_pmaster="puppetmaster.${se_dnsdomain}" fi # set default location of web server for packages if [ "${se_www}x" == "x" ]; then se_www="172.16.148.10" fi ############### NETWORK FILE TRANSFERS ####################### # do initial update, this should just get the repository info /usr/bin/yum -y update | /usr/bin/tee -a /root/yumup.log echo | /usr/bin/tee -a /root/yumup.log ########################################## # install custom selinux policy packages pv=3.6.12-78.fc11 rpm -e selinux-policy selinux-policy-targeted rpm -U --force http://${se_www}/packages/selinux-policy-${pv}.noarch.rpm http://${se_www}/packages/selinux-policy-doc-${pv}.noarch.rpm http://${se_www}/packages/selinux-policy-targeted-${pv}.noarch.rpm rpm -U http://${se_www}/packages/sefos-demo-policy-0.1-2.fc11.i386.rpm # install the puppet client /usr/bin/yum -y install puppet ruby-rdoc | /usr/bin/tee -a /root/yumup.log ################# FILE CONFIGURATION ################ # switch to enforcing mode /usr/bin/perl -p -i.sefback -e "s/=disabled/=enforcing/" /etc/selinux/config # set hostname /usr/bin/perl -p -i.sefback -e "s/HOSTNAME=localhost.localdomain/HOSTNAME=${se_fqdn}/g" /etc/sysconfig/network 2>&1 # set default DNS search domain echo "SEARCH=${se_dnsdomain}" >> /etc/sysconfig/network-scripts/ifcfg-eth0 ## relabel file system at boot to ensure puppet files have right labels touch /.autorelabel # network service doesn't appear to be on by default, so turn it on to get clients with # static addressing working. /sbin/chkconfig network on /sbin/chkconfig puppet on # set puppet server echo "# Begin automated kickstart configuration" >> /etc/sysconfig/puppet echo "PUPPET_SERVER=${se_pmaster}" >> /etc/sysconfig/puppet %end