-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrhel54-x86-min-EC2.ks
188 lines (157 loc) · 4.61 KB
/
rhel54-x86-min-EC2.ks
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
# Kickstart file to build Fedora Amazon EC2 image
# This is based of the AOS from the work at http://www.thincrust.net
lang C
keyboard us
timezone US/Eastern
auth --useshadow --enablemd5
selinux --disabled
firewall --enabled --ssh
bootloader --timeout=1 --append="acpi=force"
network --bootproto=dhcp --device=eth0 --onboot=on
services --enabled=network,sshd
#
# Uncomment the next line
# to make the root password be thincrust
# By default the root password is emptied
#rootpw --iscrypted $1$uw6MV$m6VtUWPed4SqgoW6fKfTZ/
#
# Partition Information. Change this as necessary
# This information is used by appliance-tools but
# not by the livecd tools.
#
#part /boot --size 100 --fstype ext3 --ondisk hda
part / --size 650 --fstype ext3 --ondisk sda
#
# Repositories
#
# To compose against the current release tree, use the following "repo" (enabled by default)
#repo --name=released --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-12&arch=$basearch
# To include updates, use the following "repo" (enabled by default)
#repo --name=updates --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f12&arch=$basearch
repo --name="rhel54-x86_64" --baseurl=http://porkchop.devel.redhat.com/released/RHEL-5-Server/U4/x86_64/os/Server/
# To compose against rawhide, use the following "repo" (disabled by default)
#repo --name=rawhide --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=$basearch
# To compose against local trees, (edit and) use:
#repo --name=f10 --baseurl=http://localrepo/fedora/releases/12/Everything/$basearch/os/
#repo --name=f10-updates --baseurl=http://localrepo/fedora/updates/12/$basearch/
#
# Add all the packages after the base packages
#
%packages --excludedocs --nobase
bash
kernel-xen-2.6.18-164.el5
#kernel-debug - needed for vmlinux?
grub
e2fsprogs
passwd
policycoreutils
chkconfig
rootfiles
yum
acpid
/usr/sbin/lokkit
#needed to disable selinux
#rhel 5.4 complained this wasn't available
#lokkit
#Allow for dhcp access
dhclient
iputils
#Needed for remote login
openssh-server
#
# Packages to Remove
#
# no need for kudzu if the hardware doesn't change
-kudzu
-prelink
-setserial
-ed
# Remove the authconfig pieces
-authconfig
-rhpl
-wireless-tools
# Remove the kbd bits
-kbd
-usermode
# these are all kind of overkill but get pulled in by mkinitrd ordering
# mkinitrd needed to build ec2 ramdisk removed in post
mkinitrd
-kpartx
-dmraid
-mdadm
-lvm2
-tar
# selinux toolchain of policycoreutils, libsemanage, ustr
-policycoreutils
-checkpolicy
-selinux-policy*
-libselinux-python
-libselinux
# Things it would be nice to loose
%end
#
# Add custom post scripts after the base post.
#
%post
# Do Ec2 stuff
cat <<EOL > /etc/fstab
/dev/sda1 / ext3 defaults 1 1
/dev/sda2 /mnt ext3 defaults 1 2
/dev/sda3 swap swap defaults 0 0
none /dev/pts devpts gid=5,mode=620 0 0
none /dev/shm tmpfs defaults 0 0
none /proc proc defaults 0 0
none /sys sysfs defaults 0 0
EOL
if [ "$(uname -i)" = "x86_64" ]; then
cat <<EOL > /etc/fstab
/dev/sda1 / ext3 defaults 1 1
/dev/sdb /mnt ext3 defaults 0 0
none /proc proc defaults 0 0
none /sys sysfs defaults 0 0
none /dev/pts devpts gid=5,mode=620 0 0
EOL
fi
cat <<EOL > /etc/sysconfig/network-scripts/ifcfg-eth0
ONBOOT=yes
DEVICE=eth0
BOOTPROTO=dhcp
EOL
cat <<EOL >> /etc/rc.local
if [ ! -d /root/.ssh ] ; then
mkdir -p /root/.ssh
chmod 0700 /root/.ssh
fi
# Fetch public key using HTTP
curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/my-key
if [ $? -eq 0 ] ; then
cat /tmp/my-key >> /root/.ssh/authorized_keys
chmod 0600 /root/.ssh/authorized_keys
rm /tmp/my-key
fi
# or fetch public key using the file in the ephemeral store:
if [ -e /mnt/openssh_id.pub ] ; then
cat /mnt/openssh_id.pub >> /root/.ssh/authorized_keys
chmod 0600 /root/.ssh/authorized_keys
fi
EOL
cat <<EOL >> /etc/ssh/sshd_config
UseDNS no
PermitRootLogin without-password
EOL
%end
%post
## create ramdisk for ec2 images
#ver=$(rpm -q --qf '%{version}' kernel-xen)
#rel=$(rpm -q --qf '%{release}' kernel-xen)
#arch=$(rpm -q --qf '%{arch}' kernel-xen)
#/sbin/mkinitrd --fstab=/etc/fstab --preload=xenblk --preload=xennet --preload=raid1 initrd-$ver-$rel.img $ver-${rel}xen
#cp initrd-$ver-$rel.img /tmp/initrd.img
#cp /boot/vmlinuz-$ver-${rel}xen /tmp/vmlinuz
#rpm -e mkinitrd
#%end
#%post --nochroot
# Move ramdisk and kernel images outside of image
#mv $INSTALL_ROOT/tmp/vmlinuz ./include
#mv $INSTALL_ROOT/tmp/initrd.img ./include
%end