# Kickstart config file generated by Spacewalk Config Management # Profile Label : scc-centos-5-x86-64-vm-base-build # Date Created : 2011-05-12 09:43:01.0 install text network --bootproto static 80.86.39.120 --hostname vmbuild01 --device eth0 --gateway 80.86.39.1 --netmask 255.255.255.0 --nameserver 80.86.32.250 --onboot yes url --url http://spacewalk01.sccis.net/ks/dist/temp-ks-distro lang en_GB keyboard uk zerombr clearpart --all bootloader --location mbr timezone --utc Europe/London auth --enablemd5 --enableshadow rootpw --iscrypted $1$UuN2fpAq$NOSDl6IIE/yiizszBb9M31 selinux --enforcing reboot firewall --disabled skipx key --skip monitor repo --name=centos-5-x86-64-spacewalk-clients-channel --baseurl=http://spacewalk01.sccis.net/ks/dist/child/centos-5-x86-64-spacewalk-clients-channel/temp-ks-distro repo --name=epel-5-x86-64-channel --baseurl=http://spacewalk01.sccis.net/ks/dist/child/epel-5-x86-64-channel/temp-ks-distro repo --name=centos-5-x86-64-updates-channel --baseurl=http://spacewalk01.sccis.net/ks/dist/child/centos-5-x86-64-updates-channel/temp-ks-distro part /boot --fstype=ext3 --size=250 part / --fstype=ext3 --size=8192 part /home --fstype=ext3 --size=10240 part /var --fstype=ext3 --size=10240 part swap --fstype=swap --size=4096 %packages --nobase @core rhn-client-tools rhn-setup rhn-check yum-rhn-plugin python-dmidecode rhncfg-actions python-ethtool ethtool gpm -gtk2 -system-config-securitylevel-tui -system-config-firewall-base -iptables-ipv6 -xorg-x11-filesystem -xorg-x11-drv-ati-firmware -zd1211-firmware -iwl6050-firmware -iwl6000-firmware -iwl5150-firmware -iwl5000-firmware -iwl1000-firmware -iwl4965-firmware -iwl3945-firmware -b43-openfwwf -ipw2100-firmware -ipw2200-firmware -ivtv-firmware -bfa-firmware -dhclient -centos-release-notes -ed -rhpl -wireless-tools -dhcpv6 -ecryptfs-utils %pre wget "http://spacewalk01.sccis.net/cblr/svc/op/trig/mode/pre/profile/scc-centos-5-x86-64-vm-base-build:1:SpacewalkDefaultOrganization" -O /dev/null echo "Saving RHN keys..." > /dev/ttyS0 SYSTEM_ID=/etc/sysconfig/rhn/systemid rhn_keys_found=no mkdir -p /tmp/rhn drives=$(list-harddrives | awk '{print $1}') for disk in $drives; do DISKS="$DISKS $(fdisk -l /dev/$disk | grep -v "swap\|LVM\|Extended" | awk '/^\/dev/{print $1}')" done # Try to find the keys on ordinary partitions for disk in $DISKS; do name=test-$(basename $disk) mkdir -p /tmp/$name mount $disk /tmp/$name [ $? -eq 0 ] || continue # Skip to the next partition if the mount fails # Copy current RHN host keys out to be reused if [ -f /tmp/${name}$SYSTEM_ID ]; then cp -a /tmp/${name}$SYSTEM_ID /tmp/rhn rhn_keys_found="yes" umount /tmp/$name break fi umount /tmp/$name rm -r /tmp/$name done # Try LVM if that didn't work if [ "$rhn_keys_found" = "no" ]; then lvm lvmdiskscan vgs=$(lvm vgs | tail -n +2 | awk '{ print $1 }') for vg in $vgs; do # Activate any VG we found lvm vgchange -ay $vg done lvs=$(lvm lvs | tail -n +2 | awk '{ print "/dev/" $2 "/" $1 }') for lv in $lvs; do tmpdir=$(mktemp -d findkeys.XXXXXX) mkdir -p /tmp/${tmpdir} mount $lv /tmp/${tmpdir} || continue # Skip to next volume if this fails # Let's see if the keys are in there if [ -f /tmp/${tmpdir}$SYSTEM_ID ]; then cp -a /tmp/${tmpdir}$SYSTEM_ID /tmp/rhn/ rhn_keys_found="yes" umount /tmp/${tmpdir} break # We're done! fi umount /tmp/${tmpdir} rm -r /tmp/${tmpdir} done # And clean up.. for vg in $vgs; do lvm vgchange -an $vg done fi %post --nochroot mkdir /mnt/sysimage/tmp/ks-tree-copy if [ -d /oldtmp/ks-tree-shadow ]; then cp -fa /oldtmp/ks-tree-shadow/* /mnt/sysimage/tmp/ks-tree-copy elif [ -d /tmp/ks-tree-shadow ]; then cp -fa /tmp/ks-tree-shadow/* /mnt/sysimage/tmp/ks-tree-copy fi cp /etc/resolv.conf /mnt/sysimage/etc/resolv.conf cp -f /tmp/ks-pre.log* /mnt/sysimage/root/ %post --nochroot --interpreter /usr/bin/python import xmlrpclib import shutil import os import os.path old_system_id = "/tmp/rhn/systemid" new_system_id = "/mnt/sysimage/root/systemid.old" try: new_keys = "1-972a0b7ef4bc2703fab0b344d6fe26a4,1-dcs-centos-key" for key in new_keys.split(','): if key.startswith('re-'): os.exit(0) if os.path.exists(old_system_id): client = xmlrpclib.Server("http://spacewalk01/rpc/api") key = client.system.obtain_reactivation_key(open(old_system_id).read()) f = open("/mnt/sysimage/tmp/key","w") f.write(key) f.close() shutil.copy(old_system_id, new_system_id) except: # xml rpc due to a old/bad system id # we don't care about those # we'll register those as new. pass %post --logfile /root/ks-rhn-post.log # --Begin Spacewalk command section-- cat > /tmp/ssl-key-1 <<'EOF' Certificate: Data: Version: 3 (0x2) Serial Number: fa:bd:ed:8c:b6:d5:05:a3 Signature Algorithm: sha1WithRSAEncryption Issuer: C=GB, ST=West Midlands, L=Birmingham, O=SCC, OU=DCS, CN=spacewalk01 Validity Not Before: May 9 08:51:41 2011 GMT Not After : May 2 08:51:41 2036 GMT Subject: C=GB, ST=West Midlands, L=Birmingham, O=SCC, OU=DCS, CN=spacewalk01 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:a0:48:2a:66:e6:77:92:d3:b8:5a:6a:96:ca:a9: 6c:51:75:11:f4:92:0c:ff:27:d1:01:0c:33:0a:6d: d3:dc:2a:31:bd:72:bb:53:5e:70:2d:bc:12:50:8f: 99:b3:43:f0:96:df:d3:d3:ea:ad:91:57:b9:10:5b: 4b:2d:37:fb:8e:76:eb:9f:f2:eb:6a:09:8d:0a:63: 2e:53:51:fe:06:b6:bf:f5:9b:91:ff:a7:7a:b8:43: 72:c2:ad:d1:6d:44:d9:2a:bb:ee:a1:26:b5:49:f4: 9e:16:75:e1:6a:0b:0a:28:54:ba:1c:0c:2d:b9:a2: 6a:d9:1e:a6:b5:81:78:18:46:46:cd:5e:21:c2:a1: e2:40:5c:75:87:df:9f:f9:ec:55:e3:5b:33:1a:dd: d6:5c:f2:ef:4e:3e:db:3e:bf:19:86:f3:0b:06:b7: 7c:f2:9b:96:26:6d:ba:e3:65:a2:07:5f:b0:ca:c8: b0:5f:a0:37:b8:99:29:eb:de:f7:e0:d1:d0:22:ac: 2f:1b:c6:e5:2d:1e:bb:6b:61:d5:27:98:93:19:81: 2b:dd:ab:96:6f:a6:b6:37:26:1e:f1:90:18:ee:46: ba:af:94:f7:b4:a0:05:ae:ff:ac:44:5a:b3:fd:3f: 0c:28:24:51:9a:66:c9:a7:fc:91:39:3a:1e:bf:88: 4d:81 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:TRUE X509v3 Key Usage: Digital Signature, Key Encipherment, Certificate Sign X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Netscape Comment: RHN SSL Tool Generated Certificate X509v3 Subject Key Identifier: 6D:30:4B:40:34:93:A4:50:92:3D:D1:B1:0C:4B:90:D4:4E:7B:20:51 X509v3 Authority Key Identifier: keyid:6D:30:4B:40:34:93:A4:50:92:3D:D1:B1:0C:4B:90:D4:4E:7B:20:51 DirName:/C=GB/ST=West Midlands/L=Birmingham/O=SCC/OU=DCS/CN=spacewalk01 serial:FA:BD:ED:8C:B6:D5:05:A3 Signature Algorithm: sha1WithRSAEncryption 1b:a7:5f:b6:bb:c2:ab:2a:a9:6a:be:ca:e5:a5:cb:c9:34:b8: 9c:a4:96:1a:79:13:5b:8e:a9:d0:6d:8e:b7:4f:ab:d9:d9:92: da:38:4e:65:43:97:32:16:23:51:bd:27:03:1c:2c:45:ff:99: 70:ef:6a:a3:73:5e:cc:21:bd:a2:bf:0b:68:a2:a4:40:e6:0d: f5:11:ba:7c:2d:4e:21:f2:5e:5a:24:4b:8e:cb:1a:d5:4c:93: b3:1a:18:d5:7f:b4:bb:32:cb:22:16:c9:43:04:23:59:9a:62: 84:05:2b:95:b1:6f:ba:87:75:a1:01:3c:68:ff:90:48:9a:c9: 84:70:b2:f0:da:df:9d:d6:ec:26:6a:1a:42:ca:3d:8d:a5:bf: 2d:df:9e:bb:41:e5:4c:46:46:7f:94:48:e2:e6:83:a5:8a:1b: fa:7b:ed:3a:50:d3:67:5b:6d:0d:68:54:d9:0f:5e:ce:21:80: ea:c7:f2:e7:62:e7:b2:d0:70:88:9b:a8:9c:dd:2e:f0:e1:67: 1e:82:89:a8:5c:99:91:56:64:cc:b6:36:46:c2:b9:2c:86:38: 1c:04:5e:24:9e:6b:7d:00:00:57:b7:5a:92:0d:bd:f1:97:2d: a2:32:ab:53:9b:67:81:fe:30:c7:55:db:de:22:60:bc:31:34: 29:9f:bd:82 -----BEGIN CERTIFICATE----- MIIEjjCCA3agAwIBAgIJAPq97Yy21QWjMA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNV BAYTAkdCMRYwFAYDVQQIEw1XZXN0IE1pZGxhbmRzMRMwEQYDVQQHEwpCaXJtaW5n aGFtMQwwCgYDVQQKEwNTQ0MxDDAKBgNVBAsTA0RDUzEUMBIGA1UEAxMLc3BhY2V3 YWxrMDEwHhcNMTEwNTA5MDg1MTQxWhcNMzYwNTAyMDg1MTQxWjBsMQswCQYDVQQG EwJHQjEWMBQGA1UECBMNV2VzdCBNaWRsYW5kczETMBEGA1UEBxMKQmlybWluZ2hh bTEMMAoGA1UEChMDU0NDMQwwCgYDVQQLEwNEQ1MxFDASBgNVBAMTC3NwYWNld2Fs azAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoEgqZuZ3ktO4WmqW yqlsUXUR9JIM/yfRAQwzCm3T3CoxvXK7U15wLbwSUI+Zs0Pwlt/T0+qtkVe5EFtL LTf7jnbrn/LragmNCmMuU1H+Bra/9ZuR/6d6uENywq3RbUTZKrvuoSa1SfSeFnXh agsKKFS6HAwtuaJq2R6mtYF4GEZGzV4hwqHiQFx1h9+f+exV41szGt3WXPLvTj7b Pr8ZhvMLBrd88puWJm2642WiB1+wysiwX6A3uJkp69734NHQIqwvG8blLR67a2HV J5iTGYEr3auWb6a2NyYe8ZAY7ka6r5T3tKAFrv+sRFqz/T8MKCRRmmbJp/yROToe v4hNgQIDAQABo4IBMTCCAS0wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAqQwHQYD VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDEGCWCGSAGG+EIBDQQkFiJSSE4g U1NMIFRvb2wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRtMEtANJOk UJI90bEMS5DUTnsgUTCBngYDVR0jBIGWMIGTgBRtMEtANJOkUJI90bEMS5DUTnsg UaFwpG4wbDELMAkGA1UEBhMCR0IxFjAUBgNVBAgTDVdlc3QgTWlkbGFuZHMxEzAR BgNVBAcTCkJpcm1pbmdoYW0xDDAKBgNVBAoTA1NDQzEMMAoGA1UECxMDRENTMRQw EgYDVQQDEwtzcGFjZXdhbGswMYIJAPq97Yy21QWjMA0GCSqGSIb3DQEBBQUAA4IB AQAbp1+2u8KrKqlqvsrlpcvJNLicpJYaeRNbjqnQbY63T6vZ2ZLaOE5lQ5cyFiNR vScDHCxF/5lw72qjc17MIb2ivwtooqRA5g31Ebp8LU4h8l5aJEuOyxrVTJOzGhjV f7S7MssiFslDBCNZmmKEBSuVsW+6h3WhATxo/5BImsmEcLLw2t+d1uwmahpCyj2N pb8t3567QeVMRkZ/lEji5oOlihv6e+06UNNnW20NaFTZD17OIYDqx/LnYuey0HCI m6ic3S7w4WcegomoXJmRVmTMtjZGwrkshjgcBF4knmt9AABXt1qSDb3xly2iMqtT m2eB/jDHVdveImC8MTQpn72C -----END CERTIFICATE----- EOF # ssl-key1 cat /tmp/ssl-key-* > /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT perl -npe 's/RHNS-CA-CERT/RHN-ORG-TRUSTED-SSL-CERT/g' -i /etc/sysconfig/rhn/* mkdir -p /tmp/rhn_rpms/optional cd /tmp/rhn_rpms/optional wget -P /tmp/rhn_rpms/optional http://spacewalk01/download/package/e3b476d4adf06983096a4d7eebcc287d981ce809/0/1/3972/rhnlib-2.5.39-1.el5.noarch.rpm http://spacewalk01/download/package/2c2ac2bd4b1be4e10ae9de34bcc37b758d63af15/0/1/2740/pyOpenSSL-0.6-1.p24.7.2.2.x86_64.rpm http://spacewalk01/download/package/ee9a1bcd483b703a9a3bc26511bc5c342846c850/0/1/3439/libxml2-python-2.6.26-2.1.2.8.el5_5.1.x86_64.rpm rpm -Uvh --replacepkgs --replacefiles /tmp/rhn_rpms/optional/pyOpenSSL* /tmp/rhn_rpms/optional/rhnlib* /tmp/rhn_rpms/optional/libxml2-python* perl -npe 's|^(\s*serverURL\s*=\s*[^:]+://)[^/]*/|${1}spacewalk01/|' -i /etc/sysconfig/rhn/up2date mkdir -p /etc/sysconfig/rhn/allowed-actions/script touch /etc/sysconfig/rhn/allowed-actions/script/all mkdir -p /etc/sysconfig/rhn/allowed-actions/configfiles touch /etc/sysconfig/rhn/allowed-actions/configfiles/all # now copy from the ks-tree we saved in the non-chroot checkout cp -fav /tmp/ks-tree-copy/* / rm -Rf /tmp/ks-tree-copy # --End Spacewalk command section-- /etc/init.d/messagebus restart /etc/init.d/haldaemon restart # begin cobbler snippet # begin Red Hat management server registration mkdir -p /usr/share/rhn/ wget http://spacewalk01/pub/RHN-ORG-TRUSTED-SSL-CERT -O /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT perl -npe 's/RHNS-CA-CERT/RHN-ORG-TRUSTED-SSL-CERT/g' -i /etc/sysconfig/rhn/* key="" if [ -f /tmp/key ]; then key=`cat /tmp/key` fi if [ $key ]; then rhnreg_ks --serverUrl=https://spacewalk01/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=$key,1-972a0b7ef4bc2703fab0b344d6fe26a4,1-dcs-centos-key else rhnreg_ks --serverUrl=https://spacewalk01/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-972a0b7ef4bc2703fab0b344d6fe26a4,1-dcs-centos-key fi # end Red Hat management server registration # end cobbler snippet rhn_check # Start post_install_network_config generated code # End post_install_network_config generated code %post --interpreter /bin/bash # things to do once the build is complete # setup static groups for scc admin use groupadd -g 996 sccsec groupadd -g 997 sccsup groupadd -g 998 sccmon groupadd -g 999 sccadmin # setup static users for scc admin use useradd -g users -G sccsec -c "SCC Security User" -d /home/sccsecure -m -k /etc/skel -s /sbin/basj sccsecure useradd -g users -G sccsup -c "SCC Support User" -d /home/sccsupport -m -k /etc/skel -s /bin/bash sccsupport useradd -g users -G sccmon -c "SCC Monitor User" -d /home/sccmonitor -m -k /etc/skel -s /bin/bash sccmonitor useradd -g users -G sccadmin -c "SCC Admin User" -d /home/sccadmin -m -k /etc/skel -s /bin/bash sccadmin # generic house keeping and clean up script for EL builds # put anything that doesn't warrent it's own section in here # remove grub splash image, it makes using a network consle easier without re-draw sed -i '/splashimage/d' /boot/grub/menu.lst # clean up the redhat default users userdel games rm -rf /usr/games userdel operator userdel -r gopher userdel -r ftp # remove un-needed groups as part of default build groupdel news %post # Start koan environment setup echo "export COBBLER_SERVER=spacewalk01.sccis.net" > /etc/profile.d/cobbler.sh echo "setenv COBBLER_SERVER spacewalk01.sccis.net" > /etc/profile.d/cobbler.csh # End koan environment setup # MOTD echo >> /etc/motd echo "Spacewalk kickstart on $(date +'%Y-%m-%d')" >> /etc/motd echo >> /etc/motd # end of generated kickstart file wget "http://spacewalk01.sccis.net/cblr/svc/op/ks/profile/scc-centos-5-x86-64-vm-base-build:1:SpacewalkDefaultOrganization" -O /root/cobbler.ks wget "http://spacewalk01.sccis.net/cblr/svc/op/trig/mode/post/profile/scc-centos-5-x86-64-vm-base-build:1:SpacewalkDefaultOrganization