Build a CentOS7 server for: pxe boot, kickstart, reposync, repotrack, nfs, https (STEP 11)

STEP 11 – create the kickstart files referenced by the PXE Boot menu:
Here is one of my files. Use it as a template. Copy/paste/edit as needed.
# file = lab1x64.ks

# version=DEVEL
# ###############################################
# 2019-03-22: Kickstart script for client “c7lab1.lab.domain.net c7lab1.local c7lab1”.
#             Serve “lab1x64.ks” at ks=http://10.0.0.11/repos/lab1x64.ks
#             Client VM uses DISK TYPE = NVMe.
#             This ks successfully omits “dracut rescue images” from “/boot”.
#             Also omits a lot of other package bloat that a Virtual Server doesn’t need.
#
# If you want a different kickstart config, you’ll need to research the options.
# One way to get a good example config is to manually do an install with the
# options you want.  Then, on the resulting system, look in “/root/anaconda-ks.cfg”
# and use that as your kickstart template.
# ###############################################
firewall –enabled –service=ssh –service=mdns
selinux –permissive
# System authorization information
auth –enableshadow –passalgo=sha512
# ###############################################
repo –name=updates –baseurl=http://10.0.0.11/repos/c7x64/updates/
repo –name=epel –baseurl=http://10.0.0.11/repos/c7x64/epel/
repo –name=extras –baseurl=http://10.0.0.11/repos/c7x64/extras/
# ###############################################
# Use text mode install
text
# Do not configure the X Window System
skipx
# ###############################################
# Run the Setup Agent on first boot
firstboot –enable
# Keyboard layouts
keyboard –vckeymap=us –xlayouts=’us’
# System language
lang en_US.UTF-8
#
# NETWORK information
network  –bootproto=dhcp –device=ens33 –noipv6 –activate –hostname=c7lab1.lab.domain.net
# Root password
rootpw –iscrypted $6$iBFA4yWORTlm1Dnt$zPYZ.ArpJiPQQ8DKrtx8J.kaiIUHpCXxhPBN85smQBHwCtLr8u2tQEa3P.fXrKHiWRZ6qnTseZNDsi78Sk/0H1
# note: the plaintext of this password is “elmer”.
# DONT USE THAT.
# Choose your own password, use this terminal command to hash it, and paste output back here.
# python -c ‘import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass(“Confirm: “)) else exit())’
#
# System services
services –enabled=sshd
#
# System timezone
timezone America/Chicago –isUtc
#
user –groups=wheel –name=elmer –password=$6$iBFA4yWORTlm1Dnt$zPYZ.ArpJiPQQ8DKrtx8J.kaiIUHpCXxhPBN85smQBHwCtLr8u2tQEa3P.fXrKHiWRZ6qnTseZNDsi78Sk/0H1 –iscrypted –gecos=”elmer”
#
# ###############################################
ignoredisk –only-use=nvme0n1   # use this if VM DISK TYPE = NVMe
# System bootloader configuration
bootloader –location=mbr –boot-drive=nvme0n1  # use this if VM DISK TYPE = NVMe
#
# Partition clearing information
clearpart –none –initlabel
#
# I’ve chosen to allocate 512 MiB to “/boot”, and automatically allocate all remaining space to “/”.
# Disk partitioning information:
part /boot –fstype=”xfs” –ondisk=nvme0n1 –size=512 # if VM DISK TYPE = NVMe
part pv.252 –fstype=”lvmpv” –ondisk=nvme0n1 –size 1 –grow # if VM DISK TYPE = NVMe
#
volgroup centos –pesize=4096 pv.252
logvol /  –fstype=”xfs” –name=root –vgname=centos –percent=100      # auto allocate remaining space to “/”
# ###############################################
# Selecting and excluding packages is often a “trial and error” endeavor.
# If you haven’t been down this rabbit hole before, you’ll be surprised by
# some of the unexpected dependencies between packages,
# that usually should not have any interdependencies at all.
#
%packages –instLangs=en_US.utf8 –ignoremissing –excludedocs
@core –nodefaults
# ###############################################
# my list of frequently used packages:
epel-release   # extras#
yum-utils        # base  # installs 337k
deltarpm        # base  # installs 209k
nano               # base # downloads 440k, installs 1.6M
nss-mdns       # EPEL  # installs 131K
htop               # EPEL # installs 281K
rng-tools       # base # downloads 49k, installs 102k
#
# ip address, nmtui, top       # base # included with @core.
# make, gzip, tar, curl           # base # included with @core.
# open-vm-tools                     # base # installed with @core, provides vmware-hgfsclient, vmhgfs-fuse, vmware-toolbox-cmd.
# ###############################################
# firmware packages to exclude:
-aic*-firmware
-alsa*
-atm*-firmware
-b43-openfwwf
-bfa-firmware
-fprintd-pam
-intltool
-ipw*-firmware
-ivtv* # skips a set of big video packages
-iwl*-firmware # skips a lot of unecessary firmware packages (mostly intel wifi).
-libertas* # skips a lot of unecessary firmware packages.
-linux-firmware # note: the installer will ignore this one; so remove it in POST.
-ql2100-firmware
-ql2200-firmware
-ql23xx-firmware
-ql2400-firmware
-ql2500-firmware
-rt61pci-firmware
-rt73usb-firmware
-xorg-x11-drv-ati-firmware
-zd1211-firmware
# ###############################################
# some more exclusions
-centos-logos           # try it… saves 22MB; unfortunately there are a lot of apps (like httpd that pull it in).
-crontabs
-dracut-config-rescue   # This saves a lot of space “/boot/”
# -GeoIP # looking up IP/Country isn’t something I need on these VMs, but “dhclient” requires it.
-iprutils
-kernel-tools
-libteam                # this is for “network interface teaming”, not something I need.
-man-db               # Useful, but I don’t need it on every VM in the fleet.
-mozjs17                # seems weird to have a javascript package on a baseline headless server.
-NetworkManager-team    # this is for “network interface teaming”, not something I need.
-newt-python                       # part of a set of packages that do GUI things.
-openssh-clients                 # these server VM instances do NOT need to make outbound SSH client connections.
-plymouth                            # this is the “pretty” boot screen, serves no purpose on a headless VM.
-plymouth-core-libs           #
-postfix                                # an email server.
-sg3_utils                   # related to SCSI devices, which this VM hardware profile does not have.
-sg3_utils-libs           #
-snappy                      # a compression utility, one of many, and not one of the best.
# -wpa_supplicant       # seems dumb to have this for a system that can’t do wifi; but NetworkManager and NMTUI require it.
# ###############################################
%end
# ###############################################
#
#
# ###############################################
# ADDON section of KICKSTART SCRIPT:
%addon com_redhat_kdump –disable –reserve-mb=’auto’
%end
# ###############################################
# “post” section of KICKSTART SCRIPT:
%post –log=/root/ks-post.log
#
# enable the vmware shared folders (makes them available on 1st boot):
mkdir /mnt/hgfs
echo “” >> /etc/fstab
echo “# enable vmware shared folders: ” >> /etc/fstab
echo “.host:/ /mnt/hgfs fuse.vmhgfs-fuse allow_other 0 0” >> /etc/fstab
echo ” ” >> /etc/fstab
# setup the c7pxe YUM REPO config:
rm -f /etc/yum.repos.d/*
curl -o /etc/yum.repos.d/c7x64.repo http://10.0.0.11/repos/client-files/c7x64.repo
# copy standard scripts into $HOME:
curl -o /home/elmer/shrink-disk.sh http://10.0.0.11/repos/client-files/shrink-disk.sh
curl -o /home/elmer/yum-clean.sh http://10.0.0.11/repos/client-files/yum-clean.sh
curl -o /home/elmer/backupConfigFiles.sh http://10.0.0.11/repos/client-files/backupConfigFiles.sh
chmod +x /home/elmer/shrink-disk.sh
chmod +x /home/elmer/yum-clean.sh
chmod +x /home/elmer/backupConfigFiles.sh
touch /home/elmer/.vm-installed-by-PXE-lab1x64.sh
# clean out the yum cache, and remove the unecessary “linux-firmare” package (it’s about 175 MB):
yum clean all
yum -y remove linux-firmware
yum clean all
%end
# ###############################################
#
#
# ###############################################
# ANACONDA section of KICKSTART SCRIPT:
%anaconda
pwpolicy root –minlen=6 –minquality=1 –notstrict –nochanges –notempty
pwpolicy user –minlen=6 –minquality=1 –notstrict –nochanges –emptyok
pwpolicy luks –minlen=6 –minquality=1 –notstrict –nochanges –notempty
%end
# ###############################################

One thought on “Build a CentOS7 server for: pxe boot, kickstart, reposync, repotrack, nfs, https (STEP 11)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s