-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathc7-server.cfg
70 lines (49 loc) · 2.33 KB
/
c7-server.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# Use network installation
url --url="http://mirror.centos.org/centos-7/7/os/x86_64"
# Clear all partitioning information
clearpart --all
# Default partitioning
autopart --fstype=ext4 --type=lvm
# Use text install
text
# Keyboard layouts
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_US.UTF-8
# System timezone
timezone Europe/Prague --isUtc
# Default initial password for root
rootpw --iscrypted $6$JZC1wzFRhb1hxl16$41jR/jjOcNXtPB/7vTWh9DxXx.6bRg3R6.JtEX8HJB4xyAexH.MkdR.JBAzz6zvQOIG3f5FeBAiGSEhLKXQvG0
# Run the Setup Agent on first boot
firstboot --disable
# System services
services --enabled="sshd"
# Action once the installation's finished
reboot
%packages
git
@^compute-node-environment
%end
%post
# Create ansible system user.
# We're doing it here rather than using the kickstart 'user' command, because
# 'user' forces explicit usage of the UID in order to create a system user
# which may be hard to guarantee across all services, whereas 'useradd -r'
# picks the first available system UID automatically.
useradd -r -g wheel -m ansible
#
# Disable requiretty for the ansible user (SSH 'pipelining' in Ansible)
echo "Defaults:ansible !requiretty" >> /etc/sudoers.d/ansible
# Enable passwordless sudo for the ansible user
echo "ansible ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/ansible
# Create /home/ansible/.ssh
mkdir -m 0700 /home/ansible/.ssh
# Install SSH key for the Ansible user
cat <<EOF >/home/ansible/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDa5pl2sL4uyRFE5tk306ayYZp9h+2RkL5Stx4zzLJROBcJMeonqSidNd6nZLMdfHdfs8BBtZ+8PPLxKVxeJxh85ciTen78nwF+BMIjrIjhd00ypivgdojzbxjE5dkOr4Zj4tkvp2rBft+3vLlUV+wFGD5ZG2qCdYth9GENxAITEzvjoJowtg6TJV6MAonR5V07CYWngj6HQHsvm7M013zRE32bvG2CmamGy/Tgth6HXAWJ6fzTynGcio5/Eg0ZlImvHrCeynOW2dq8XKRQTj89TOHiYklgvOiDrg9xl13u7UUHxK4uTOQzWFwvX0S3O+Bno5tSPJG1wKUDbblJoW/wT8ru/TxTdNW+DXdkg6bzDeMohtYMrk2VxRjqby6317d+Kb9/AoZl8XsLKKT8fdOL3Hk5peieNFiWwGDfAxI8JMijtEt6Ksm0NkDHzZkCK6ZIksiTrTQOdFnV2JxNqeYnjk1QE09XIRp2F8ks44ii1krTYM8viRNKjJRJbCvpXSkAu7k3WxUWoLskSOdgPUa95xkSJO2c2xJzVtV3LK698zsTETN6rDXNY5+8jt7CkTbkrdyYzJKgnI1z/tKPUJ75dIlSV06LT6cwgUiNbh/mWhKcYRkxhjiHlIZFYY1qsKoN3dyeiKqHvvdMxFvk8EUGWlMRAraAL3ulTJqx6OX7vQ== ansible
EOF
# Apply the correct ownership and SELinux context
chmod 0600 /home/ansible/.ssh/authorized_keys
chown -R ansible /home/ansible/.ssh
restorecon -R /home/ansible/.ssh
%end