PuppetDemoServerKickstart

From SELinux Wiki
Revision as of 22:28, 14 September 2009 by CraigGrube (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The Puppet demo server kickstart file:

##########################################################
# Puppet Demo Server Kickstart file
#
# Purpose - 
#  The purpose of the server kickstart is to build a 
# basic Puppet server.  The installation is small (essentially
# just base packages + Puppet and dependencies), so many 
# administrative and user packages are not installed.
#
# External Dependencies - 
# Installation: To install boot the system from FC9 
# installation media (DVD, CD, netboot, etc).  When the 
# grub interface appears, modify the boot options to load
# the kickstart and provide the desired boot options to 
# customize the installation (i.e. ks=http://webserver/dir/
# ks.cfg se_var1=val1 ...).
#
# Boot Options - 
#   se_dnsdomain - DNS domain of server (assumes example.com
#	if none is provided)
#   se_fqdn - Fully qualified domain name of server (assumes
#	puppetmaster.${se_dnsdomain} if none is provided.)
#   se_www - IP or resolvable DNS name of web server to
#	from which to download packages.  Assuming path
#	of /packages/ from web root to various packages.
#
# Assumptions:
#  By default network address provisioning is via DHCP.  If
# static addressing is required uncomment and modify the 
# network configuration for static addressing.
#
##########################################################
# Kickstart file

install
logging --level=info

## examples of repo sources if using local repos via http or nfs
#nfs --server=192.168.1.3 --dir=/site/isos/redhat/10/i386
#url --url http://192.168.1.3/fedora/10/i386

# XXX: use a local repo , if available
#repo --name="My Updates" --baseurl=http://192.168.1.3/fedora/9/updates/i386
#repo --name="My Updates" --baseurl=http://192.168.1.3/fedora/10/updates/i386


#
# remove interactive for an automated install
#
interactive

lang en_US.UTF-8
keyboard us

network --device eth0 --bootproto dhcp
#network --device eth0 --bootproto static --ip 172.16.148.50 --netmask 255.255.255.0 --gateway 172.16.148.2 --nameserver 172.16.148.10


#
# make sure to change your password after installation, or during
# for interactive installs
#
rootpw sefos1

firewall --enabled --ssh --port=8140:tcp 
authconfig --enableshadow --enablemd5

#
# --Disable doesn't work. Selinux is still enabled.
#
selinux --permissive

timezone --utc America/New_York
bootloader --location=mbr 

reboot

%packages --excludedocs --nobase
@core
yum
openssh-server
openssh-clients
# optional packages
audit
audit-libs
make
perl
man

# basic networking tools
dhclient
bind-utils

%end

%post  --erroronfail --log=/root/nklinstall.log

# Boot arguments 
# get boot args beginning with 'se_'
< /proc/cmdline sed 's/ /\n/g' | grep ^se_ > /tmp/boot_args 
. /tmp/boot_args


############# BOOT ARGUMENTS DEFAULTS ########################
# Enter default values below!
# If boot arguments exist, use them else use these

# set default domain name if necessary
if [ "${se_dnsdomain}x" == "x" ]; then
	se_dnsdomain="example.com"
fi

# set default fqdn of system if necessary
if [ "${se_fqdn}x" == "x" ]; then
    se_fqdn="puppetmaster.${se_dnsdomain}";
fi

# set default location of web server if none identified.
if [ "${se_www}x" == "x" ]; then
	se_www=172.16.148.10
fi

############### NETWORK FILE TRANSFERS #######################
# do initial update, this should just get the repository info
/usr/bin/yum -y update | /usr/bin/tee -a /root/yumup.log
echo | /usr/bin/tee -a /root/yumup.log

#########################################
# install custom selinux policy packages

rpm -e selinux-policy-targeted selinux-policy

# packages have the same version number, so just update
# here if newer packages are made 
pv=3.6.12-78.fc11

rpm -U --force http://${se_www}/packages/selinux-policy-${pv}.noarch.rpm http://${se_www}/packages/selinux-policy-doc-${pv}.noarch.rpm http://${se_www}/packages/selinux-policy-targeted-${pv}.noarch.rpm 

## install puppet server
/usr/bin/yum -y install puppet-server ruby-rdoc | /usr/bin/tee -a /root/yumup.log

## download and untar puppet policy to /etc/puppet
/usr/bin/curl http://${se_www}/packages/puppet-policy.tar.gz -o /tmp/puppet-policy.tar.gz
if [ -d /etc/puppet ]; then
	cd /etc/puppet && tar -xzf /tmp/puppet-policy.tar.gz
	chown -R root:root /etc/puppet
else 
	echo "/etc/puppet doesn't exist, unable to extract /tmp/puppet-policy.tar.gz"
fi

## relabel the file system to ensure all puppet files are appropriately 
## labeled
touch /.autorelabel

################# FILE CONFIGURATION ################
# switch to enforcing mode
/usr/bin/perl -p -i.sefback -e "s/=disabled/=enforcing/" /etc/selinux/config

# set hostname
/usr/bin/perl -p -i.sefback -e "s/HOSTNAME=localhost.localdomain/HOSTNAME=${se_fqdn}/g" /etc/sysconfig/network  2>&1

# set default DNS search domain
echo "SEARCH=${se_dnsdomain}" >> /etc/sysconfig/network-scripts/ifcfg-eth0

# for some reason the network service isn't on by default, so when using
# static addressing the interfaces never come up

/sbin/chkconfig network on
/sbin/chkconfig puppetmaster on

%end