|
| 1 | +# Kickstart file to build Fedora Amazon EC2 image |
| 2 | +# This is based of the AOS from the work at http://www.thincrust.net |
| 3 | + |
| 4 | +lang C |
| 5 | +keyboard us |
| 6 | +timezone US/Eastern |
| 7 | +auth --useshadow --enablemd5 |
| 8 | +#selinux --permissive |
| 9 | +firewall --enabled --service=ssh |
| 10 | +bootloader --timeout=1 --append="acpi=force" |
| 11 | +network --bootproto=dhcp --device=eth0 --onboot=on |
| 12 | +services --enabled=network,sshd |
| 13 | +# for Amazon ec2 |
| 14 | +device xennet |
| 15 | +device xenblk |
| 16 | + |
| 17 | +# |
| 18 | +# Uncomment the next line |
| 19 | +# to make the root password be thincrust |
| 20 | +# By default the root password is emptied |
| 21 | +#rootpw --iscrypted $1$uw6MV$m6VtUWPed4SqgoW6fKfTZ/ |
| 22 | + |
| 23 | +# |
| 24 | +# Partition Information. Change this as necessary |
| 25 | +# This information is used by appliance-tools but |
| 26 | +# not by the livecd tools. |
| 27 | +# |
| 28 | +part / --size 650 --fstype ext4 --ondisk sda |
| 29 | + |
| 30 | +# |
| 31 | +# Repositories |
| 32 | +# |
| 33 | +# To compose against the current release tree, use the following "repo" (enabled by default) |
| 34 | +repo --name=released --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-13&arch=$basearch |
| 35 | +# To include updates, use the following "repo" (enabled by default) |
| 36 | +repo --name=updates --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f13&arch=$basearch |
| 37 | + |
| 38 | +# To compose against rawhide, use the following "repo" (disabled by default) |
| 39 | +#repo --name=rawhide --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=$basearch |
| 40 | + |
| 41 | +# To compose against local trees, (edit and) use: |
| 42 | +#repo --name=f10 --baseurl=http://localrepo/fedora/releases/12/Everything/$basearch/os/ |
| 43 | +#repo --name=f10-updates --baseurl=http://localrepo/fedora/updates/12/$basearch/ |
| 44 | + |
| 45 | +# |
| 46 | +# Add all the packages after the base packages |
| 47 | +# |
| 48 | +%packages --excludedocs --nobase |
| 49 | +bash |
| 50 | +kernel |
| 51 | +#kernel-debug - needed for vmlinux? |
| 52 | +grub |
| 53 | +e2fsprogs |
| 54 | +passwd |
| 55 | +policycoreutils |
| 56 | +selinux-policy-* |
| 57 | +chkconfig |
| 58 | +rootfiles |
| 59 | +yum |
| 60 | +acpid |
| 61 | + |
| 62 | +#needed to disable selinux |
| 63 | +lokkit |
| 64 | + |
| 65 | +#Allow for dhcp access |
| 66 | +dhclient |
| 67 | +iputils |
| 68 | + |
| 69 | +#Needed for remote login |
| 70 | +openssh-server |
| 71 | + |
| 72 | +#Eucalyptus tools |
| 73 | +euca2ools |
| 74 | + |
| 75 | +# |
| 76 | +# Packages to Remove |
| 77 | +# |
| 78 | + |
| 79 | +# no need for kudzu if the hardware doesn't change |
| 80 | +-kudzu |
| 81 | +-prelink |
| 82 | +-setserial |
| 83 | +-ed |
| 84 | + |
| 85 | +# Remove the authconfig pieces |
| 86 | +-authconfig |
| 87 | +-wireless-tools |
| 88 | + |
| 89 | +# Remove the kbd bits |
| 90 | +-kbd |
| 91 | +-usermode |
| 92 | + |
| 93 | +# these are all kind of overkill but get pulled in by mkinitrd ordering |
| 94 | +# mkinitrd needed to build ec2 ramdisk removed in post |
| 95 | +#dracut |
| 96 | +-kpartx |
| 97 | +-dmraid |
| 98 | +-mdadm |
| 99 | +-lvm2 |
| 100 | +-tar |
| 101 | + |
| 102 | +# selinux toolchain of policycoreutils, libsemanage, ustr |
| 103 | +#-checkpolicy |
| 104 | +#-selinux-policy* |
| 105 | +#-libselinux-python |
| 106 | +#-libselinux |
| 107 | + |
| 108 | +# Things it would be nice to loose |
| 109 | + |
| 110 | +%end |
| 111 | + |
| 112 | +# |
| 113 | +# Add custom post scripts after the base post. |
| 114 | +# |
| 115 | +%post |
| 116 | +# Do Ec2 stuff |
| 117 | +cat <<EOL > /etc/fstab |
| 118 | +/dev/sda1 / ext3 defaults 1 1 |
| 119 | +/dev/sda2 /mnt ext3 defaults 1 2 |
| 120 | +/dev/sda3 swap swap defaults 0 0 |
| 121 | +none /dev/pts devpts gid=5,mode=620 0 0 |
| 122 | +none /dev/shm tmpfs defaults 0 0 |
| 123 | +none /proc proc defaults 0 0 |
| 124 | +none /sys sysfs defaults 0 0 |
| 125 | +EOL |
| 126 | +
|
| 127 | +if [ "$(uname -i)" = "x86_64" ]; then |
| 128 | +cat <<EOL > /etc/fstab |
| 129 | +/dev/sda1 / ext3 defaults 1 1 |
| 130 | +/dev/sdb /mnt ext3 defaults 0 0 |
| 131 | +none /proc proc defaults 0 0 |
| 132 | +none /sys sysfs defaults 0 0 |
| 133 | +none /dev/pts devpts gid=5,mode=620 0 0 |
| 134 | +EOL |
| 135 | +fi |
| 136 | +
|
| 137 | +cat <<EOL > /etc/sysconfig/network-scripts/ifcfg-eth0 |
| 138 | +ONBOOT=yes |
| 139 | +DEVICE=eth0 |
| 140 | +BOOTPROTO=dhcp |
| 141 | +EOL |
| 142 | +
|
| 143 | +cat <<EOL >> /etc/rc.local |
| 144 | +if [ ! -d /root/.ssh ] ; then |
| 145 | + mkdir -p /root/.ssh |
| 146 | + chmod 0700 /root/.ssh |
| 147 | +fi |
| 148 | +
|
| 149 | +# Fetch public key using HTTP |
| 150 | +curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/my-key |
| 151 | +if [ $? -eq 0 ] ; then |
| 152 | + cat /tmp/my-key >> /root/.ssh/authorized_keys |
| 153 | + chmod 0600 /root/.ssh/authorized_keys |
| 154 | + rm /tmp/my-key |
| 155 | +fi |
| 156 | +
|
| 157 | +# or fetch public key using the file in the ephemeral store: |
| 158 | +if [ -e /mnt/openssh_id.pub ] ; then |
| 159 | + cat /mnt/openssh_id.pub >> /root/.ssh/authorized_keys |
| 160 | + chmod 0600 /root/.ssh/authorized_keys |
| 161 | +fi |
| 162 | +EOL |
| 163 | +
|
| 164 | +cat <<EOL >> /etc/ssh/sshd_config |
| 165 | +UseDNS no |
| 166 | +PermitRootLogin without-password |
| 167 | +EOL |
| 168 | +
|
| 169 | +%end |
| 170 | + |
| 171 | +%post |
| 172 | +# pv-grub stuff |
| 173 | +sed -i 's/(hd0,0)/(hd0)/g' /boot/grub/grub.conf |
| 174 | +sed -i 's/root=/dev/sda1/root=LABEL=\//g' /boot/grub/grub.conf |
| 175 | +cp /boot/grub/grub.conf /boot/grub/menu.lst |
| 176 | +%end |
0 commit comments