My kickstart for Rocky Linux 9 VMs
With all of the recent hullabaloo about IBM's Red Hat's destruction of their community goodwill, and more specifically AlmaLinux's plans, I have reconsidered my position for SELinux-based GNU/Linux.
Plus it has been a while since I've published my CentOS-based kickstart file. I had written one for AlmaLinux 9 but hadn't published it yet.
# File: /mnt/public/Support/Platforms/Rocky/a9-ks.cfg # Locations: # /mnt/public/Support/Platforms/Rocky/a9-ks.cfg # Author: bgstack15 # Startdate: 2017-06-02 # Title: Kickstart for Rocky Linux 9 for ipa.internal.com # Purpose: To provide an easy installation for VMs and other systems in the Internal network # History: # 2017-06 I learned how to use kickstart files for the RHCSA EX-200 exam # 2017-08-08 Added notifyemail to --extra-args # 2017-10-29 major revision to use local repository # # # # # 2019-09-24 fork for CentOS 8 # 2020-11-08 update for 2004 iso # # # # # 2022-03-18 change to AlmaLinux 8 # 2022-12-09 update to AlmaLinux 8.7, now required 3GB RAM for installation # 2023-03-10 update to AlmaLinux 9 # 2023-07-17 update to Rocky Linux 9 # Usage with virt-install: # vm=r9-01a ; time sudo virt-install -n "${vm}" --memory 3072 --vcpus=1 --os-variant=centos8 --accelerate -v --disk path=/var/lib/libvirt/images/"${vm}".qcow2,size=30 -l /mnt/public/Support/SetupsBig/Linux/Rocky-9.2-x86_64-minimal.iso --initrd-inject=/mnt/public/Support/Platforms/Rocky/r9-ks.cfg --extra-args "inst.ks=file:/r9-ks.cfg SERVERNAME=${vm} NOTIFYEMAIL=bgstack15@gmail.com net.ifnames=0 biosdevname=0 inst.txt" --debug --network type=bridge,source=br0 --noautoconsole # vm=r9-01a; sudo virsh destroy "${vm}"; sudo virsh undefine --remove-all-storage "${vm}"; # Reference: # https://sysadmin.compxtreme.ro/automatically-set-the-hostname-during-kickstart-installation/ # /mnt/public/Support/Platforms/CentOS7/install-vm.txt #platform=x86, AMD64, or Intel EM64T #version=DEVEL # Keyboard layouts keyboard 'us' # Root password rootpw --plaintext plaintextexamplepw # my user user --groups=wheel --name=bgstack15-local --password=$6$.gh9u7vg2HDJPPX/scrubbedpasswdentrygoeshere --iscrypted --gecos="bgstack15-local" # System language lang en_US.UTF-8 # Firewall configuration firewall --enabled --ssh # Reboot after installation reboot # Network information %include /tmp/network.ks # System timezone timezone America/New_York --utc # System authorization information, sha512 is now default in authselect in RHEL >= 8 #auth --useshadow --passalgo=sha512 # Use network installation instead of CDROM installation media #url --url="https://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os" url --url="http://server3/mirror/rocky/9/BaseOS/x86_64/os" # Use text mode install text # SELinux configuration selinux --enforcing # Do not configure the X Window System skipx # Use all local repositories repo --name=internalrpm --baseurl=http://server3/internal/repo/rpm/ repo --name=copr-bgstack15-stackrpms --baseurl=http://server3/mirror/copr-bgstack15-stackrpms/epel-9-$basearch/ repo --name=base --baseurl=http://server3/mirror/rocky/$releasever/BaseOS/$basearch/os/ repo --name=appstream --baseurl=http://server3/mirror/rocky/$releasever/AppStream/$basearch/os/ repo --name=extras --baseurl=http://server3/mirror/rocky/$releasever/extras/$basearch/os/ repo --name=epel --baseurl=http://server3/mirror/fedora/epel/9/Everything/$basearch firstboot --disabled # System bootloader configuration bootloader --location=mbr # Partition clearing information clearpart --all --initlabel # Disk partitioning information autopart --type=lvm %pre echo "network --bootproto=dhcp --device=eth0 --ipv6=auto --activate --hostname renameme.ipa.internal.com" > /tmp/network.ks for x in $( cat /proc/cmdline ); do case $x in SERVERNAME*) eval $x echo "network --bootproto=dhcp --device=eth0 --ipv6=auto --activate --hostname ${SERVERNAME}.ipa.internal.com" > /tmp/network.ks ;; NOTIFYEMAIL*) eval $x echo "${NOTIFYEMAIL}" > /mnt/sysroot/root/notifyemail.txt ;; esac done cp -p /run/install/repo/ca-ipa.internal.com.crt /etc/pki/ca-trust/source/anchors/ 2>/dev/null || : wget http://server3/internal/certs/ca-ipa.internal.com.crt -O /etc/pki/ca-trust/source/anchors/ca-ipa.internal-wget.com.crt || : update-ca-trust || : %end %post ( # Set temporary hostname #hostnamectl set-hostname renameme.ipa.internal.com; # Get local mirror root ca certificate wget http://server3/internal/certs/ca-ipa.internal.com.crt -O /etc/pki/ca-trust/source/anchors/ca-ipa.internal.com.crt && update-ca-trust # Get local mirror repositories wget http://server3/internal/repo/rpm/set-my-repos.sh --output-document /usr/local/sbin/set-my-repos.sh ; chmod +x /usr/local/sbin/set-my-repos.sh ; sh -x /usr/local/sbin/set-my-repos.sh # NONE TO REMOVE dnf -y remove dnfdragora ; yum clean all ; yum update -y ; # Remove graphical boot and add serial console sed -i -r -e '/^GRUB_CMDLINE_LINUX=/{s/(\s*)(rhgb|quiet)\s*/\1/g;};' -e '/^GRUB_CMDLINE_LINUX=/{s/(\s*)\"$/ console=ttyS0 console=tty1\"/;}' /etc/default/grub grub2-mkconfig > /boot/grub2/grub.cfg # No changes to graphical boot # # fix the mkhomedir problem systemctl enable oddjobd.service && systemctl start oddjobd.service # Personal customizations mkdir -p /mnt/bgstack15 /mnt/public su bgstack15-local -c "sudo /usr/bin/bgconf.py" echo ". bp" >> /home/bgstack15-local/.bashrc # this has to happen after a glibc update yum -y reinstall locale-en_BS || : for x in $( cat /proc/cmdline ) ; do case $x in SERVERNAME*|NOTIFYEMAIL*) eval $x ;; esac done # Send IP address to myself thisip="$( ifconfig 2>/dev/null | awk '/Bcast|broadcast/{print $2}' | tr -cd '[^0-9\.\n]' | head -n1 )" { echo "${SERVERNAME} has IP ${thisip}." echo "system finished kickstart at $( date "+%Y-%m-%d %T" )"; } | s-nail -S "mta=smtp://server2.ipa.internal.com:25" -S from="root@$( hostname --fqdn ) <root@$( hostname --fqdn )>" \ -s "${SERVERNAME} is ${thisip}" "${NOTIFYEMAIL}" ) >> /root/install.log 2>&1 %end %packages @core @^minimal install bc bgconf bgscripts-core bind-utils cifs-utils cryptsetup curl dosfstools epel-release expect firewalld git iotop ipa-client -iwl*-firmware locale-en_BS man mlocate net-tools nfs-utils p7zip parted postfix python3-policycoreutils rpm-build rsync s-nail screen strace sysstat tcpdump telnet vim wget yum-utils %end
What's new
I switched to all Rocky Linux mirror! An interesting note is that anaconda for Rocky netinstalls use a $releasever of 9.2 and not 9, which broke epel and baseos repositories when trying to use an AlmaLinux mirror.
I finally bothered to read the man page about authselect something or other (which replaced authconfig), and the old --useshadow and --pasalgo=sha512 are defaults now and not required.
I decided to bother to add my main personal profile (stored in an rpm as a generlaly available shell command) command to my local user's bashrc so I get my preferred prompt.
I enforce reinstalling locale-en_BS which failed to exist correctly, which happens after a glibc update. I guess the netinst somehow already gets an out-of-date glibc. Not a big deal.
I learned that the population of file /mnt/sysroot/root/notifyemail.txt in the %pre section failed, so I just reevaluate /proc/cmdline and get the variables I want.
I also bothered to deal with whatever first mailx replacement I found that I could get working, and send my notification email through my local smtp server.
Comments