Addon Order

[Alex Martin]

Hello,

I have a bit of an odd use-case. Part of our environment is isolated off
from the internet, so to get around this, I have mirrored the CentOS and
Epel repos locally and running the installer against those.

The environment is isolated off due to PCI compliance, so I'm trying to
configure kickstart to select this profile at install.

%addon org_fedora_oscap
    content-type = scap-security-guide
    profile = pci-dss
%end

The problem is, once the centos-release package is installed, it replaces
or updates the /etc/yum.repos.d/CentOS-Base.repo files back to their
defaults.

This causes the installer to hang trying to download required scap files
for that profile from the internet.

I have attempted to create an addon which runs just after the packages
install, but before the org_fedora_oscap addon, this new addon updates the
repo URLs back to the mirrored location.
/mnt/sysimage/etc/yum.repos.d/CentOS-Base.repo.

However, despite the addon running fine, it seems to run AFTER the
org_fedora_oscap addon.

So basically, am I going around this the wrong way, or is there some logic
behind which addons are executed in which order?

The relevant part of the kickstart file looks roughly like this:

%packages
@^minimal
@core
chrony
kexec-tools
#Additional
<list of more packages>

%end

%addon org_update_repo
%end


%addon org_fedora_oscap
    content-type = scap-security-guide
    profile = pci-dss
%end

I can post the full sanitised file if requested.

My next option is to update the org_fedora_oscap addon to replace the
paths, but I think I might be going around this all the wrong way.

Would really appreciate any advice!
Cheers.
Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/kickstart-list/attachments/20170601/2e784ee2/attachment.htm>