#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'dk'
# Root password
rootpw --plaintext MonkeyPoo
# System language
lang en_US
# Network Information
#
# IMPORTANT CHANGE DEVICE TO MATCH INTERFACE NAME I.E CHANGE TO eth0
#
network --onboot yes --device ens33 --bootproto dhcp
# License agreement
eula --agreed
# System authorization information
auth --useshadow --passalgo=sha512
# Use CDROM installation media
cdrom
# Use text mode install
text
# SELinux configuration
selinux --enforcing
# Do not configure the X Window System
skipx
# Disabled System Services
services --disabled="kdump"
# Enabled System Services
services --enabled=sshd
# Firewall configuration
firewall --disabled
# Reboot after installation
reboot
# System timezone
timezone Europe/Copenhagen --isUtc
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all
# Disk partitioning information
part /boot --fstype="ext4" --size=1024
part / --asprimary --fstype="ext4" --grow --size=1
%post --nochroot --log=/mnt/sysimage/root/ks.post01.log
mkdir -p /tmp/files
mount /dev/sr0 /tmp/files
cp -af /tmp/files/postinstall /mnt/sysimage/
umount /dev/sr0
%end
%post --log=/root/ks.post02.log
# SSH Configuration Disable Passwd Enable Public Key Disable Root Login Start
#
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.orig
sed s/#PermitRootLogin\ yes/PermitRootLogin\ no/ -i /etc/ssh/sshd_config
sed s/#PubkeyAuthentication\ yes/PubkeyAuthentication\ yes/ -i /etc/ssh/sshd_config
sed '/PermitEmptyPasswords/{n;d}' -i /etc/ssh/sshd_config
sed s/#PasswordAuthentication\ yes/PasswordAuthentication\ no/ -i /etc/ssh/sshd_config
#
# SSH Configuration Disable Passwd Enable Public Key Disable Root Login Stop
# Adding Ansible User And Public Key Start
#
useradd ansible -d /home/ansible
mkdir -m 0700 /home/ansible/.ssh
echo "ssh-rsa AAAAB3NzaX1yc2EAAAADAQABAAABAQNY9F7/3JoJKzyA84V+9WVRDLgMqrIuOclRKj4XP+VqeTuHshZG1W5W3FavQ9DEkWK1/TDJeQ935yHX41ZwqUmaiIl9yEb6n4q7XJFS3Nw6QDZQAfkh2NwND+alk3DnDh0STnrMJrqzWSCTNevK6p/fBVAq8u2H5Hu4g1ua1Z/JjPZxbx/+AfQDhG1jcPbX6yeMzlc4G9BRk26uQHYw8QRXEQmfQPT/SVjH/Ti2ouMucJ2EHS0SjYcx8G0S98DV7ydm+ie8pY3gRfYlX8NvfnKG1SmusSIkNh1cCkxucN4Yr5dgwUXOPbeIqhIXQpTQph7TUu3gu8JO6KoJ ansible" > /home/ansible/.ssh/authorized_keys
chmod 0644 /home/ansible/.ssh/authorized_keys
chown -R ansible: /home/ansible/.ssh
usermod -aG wheel ansible
#
# Adding Ansible User And Public Key Stop
# Modify Sudoer File For Ansible Enabling The No Password Directive Start
cp /etc/sudoers /etc/sudoers.orig
sed '0,/%wheel/s//# %wheel/' -i /etc/sudoers
sed '/NOPASSWD/s/# %wheel/%wheel/' -i /etc/sudoers
# Modify Sudoer File For Ansible Enabling The No Password Directive Stop
# Add Epel Repo Start
cd /postinstall
rpm -ivh epel-release-latest-7.noarch.rpm
# Add Epel Repo Stop
%end
%packages
@base
net-tools
deltarpm
%end