Kickstart-list Digest, Vol 149, Issue 2

Matthew simontek at gmail.com
Fri Jun 2 17:59:05 UTC 2017 

Option Z.
Rpm2cpio package| cpio -idv
Make changes to config file
Repackage the RPM,
Etc. Etc.

Matthew Conley
912-398-6704

On Jun 2, 2017 7:50 AM, <kickstart-list-request at redhat.com> wrote:

> Send Kickstart-list mailing list submissions to
>         kickstart-list at redhat.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://www.redhat.com/mailman/listinfo/kickstart-list
> or, via email, send a message with subject or body 'help' to
>         kickstart-list-request at redhat.com
>
> You can reach the person managing the list at
>         kickstart-list-owner at redhat.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Kickstart-list digest..."
>
> Today's Topics:
>
>    1. Re: Kickstart-list Digest, Vol 149, Issue 1 (Matthew)
>    2. Re: Addon Order (Kyle Powell)
>    3. Re: Addon Order (bishop)
>    4. Re: Addon Order (Alex Martin)
>
>
> ---------- Forwarded message ----------
> From: Matthew <simontek at gmail.com>
> To: kickstart-list at redhat.com
> Cc:
> Bcc:
> Date: Thu, 1 Jun 2017 12:15:15 -0400
> Subject: Re: Kickstart-list Digest, Vol 149, Issue 1
> Would either creating an etc/hosts file with the proper settings or a
> proxy config work?
>
> Matthew Conley
> 912-398-6704 <(912)%20398-6704>
>
> On Jun 1, 2017 12:00 PM, <kickstart-list-request at redhat.com> wrote:
>
>> Send Kickstart-list mailing list submissions to
>>         kickstart-list at redhat.com
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>         https://www.redhat.com/mailman/listinfo/kickstart-list
>> or, via email, send a message with subject or body 'help' to
>>         kickstart-list-request at redhat.com
>>
>> You can reach the person managing the list at
>>         kickstart-list-owner at redhat.com
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of Kickstart-list digest..."
>>
>> Today's Topics:
>>
>>    1. Addon Order (Alex Martin)
>>
>>
>> ---------- Forwarded message ----------
>> From: Alex Martin <alexmartin.bu at gmail.com>
>> To: kickstart-list at redhat.com
>> Cc:
>> Bcc:
>> Date: Thu, 1 Jun 2017 12:29:49 +0100
>> Subject: Addon Order
>> Hello,
>>
>> I have a bit of an odd use-case. Part of our environment is isolated off
>> from the internet, so to get around this, I have mirrored the CentOS and
>> Epel repos locally and running the installer against those.
>>
>> The environment is isolated off due to PCI compliance, so I'm trying to
>> configure kickstart to select this profile at install.
>>
>> %addon org_fedora_oscap
>>     content-type = scap-security-guide
>>     profile = pci-dss
>> %end
>>
>> The problem is, once the centos-release package is installed, it replaces
>> or updates the /etc/yum.repos.d/CentOS-Base.repo files back to their
>> defaults.
>>
>> This causes the installer to hang trying to download required scap files
>> for that profile from the internet.
>>
>> I have attempted to create an addon which runs just after the packages
>> install, but before the org_fedora_oscap addon, this new addon updates the
>> repo URLs back to the mirrored location.
>> /mnt/sysimage/etc/yum.repos.d/CentOS-Base.repo.
>>
>> However, despite the addon running fine, it seems to run AFTER the
>> org_fedora_oscap addon.
>>
>> So basically, am I going around this the wrong way, or is there some
>> logic behind which addons are executed in which order?
>>
>> The relevant part of the kickstart file looks roughly like this:
>>
>> %packages
>> @^minimal
>> @core
>> chrony
>> kexec-tools
>> #Additional
>> <list of more packages>
>>
>> %end
>>
>> %addon org_update_repo
>> %end
>>
>>
>> %addon org_fedora_oscap
>>     content-type = scap-security-guide
>>     profile = pci-dss
>> %end
>>
>> I can post the full sanitised file if requested.
>>
>> My next option is to update the org_fedora_oscap addon to replace the
>> paths, but I think I might be going around this all the wrong way.
>>
>> Would really appreciate any advice!
>> Cheers.
>> Alex
>>
>>
>>
>> _______________________________________________
>> Kickstart-list mailing list
>> Kickstart-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/kickstart-list
>>
>
>
> ---------- Forwarded message ----------
> From: Kyle Powell <kpowell at redhat.com>
> To: Discussion list about Kickstart <kickstart-list at redhat.com>
> Cc:
> Bcc:
> Date: Thu, 1 Jun 2017 15:51:59 -0400
> Subject: Re: Addon Order
> On Thu, Jun 1, 2017 at 7:29 AM, Alex Martin <alexmartin.bu at gmail.com>
> wrote:
>
>> The problem is, once the centos-release package is installed, it replaces
>> or updates the /etc/yum.repos.d/CentOS-Base.repo files back to their
>> defaults.
>>
>> This causes the installer to hang trying to download required scap files
>> for that profile from the internet.
>>
>
> If this is your problem, would using alternate yum repos for installation
> instead of trying to redefine the base repos in CentOS-Base.repo correct
> the issue? Something like:
>
> repo --name=CentOS-Local --baseurl=/whatever/is/in/
> modified/CentOS-Base.repo
>
> in your kickstart cfg (I'd put it before %packages) would define an
> alternate repo to use for installation and prevent the installation of the
> centos-release package from breaking the installation.
>
> --
> Kyle Powell | Red Hat | Senior Consultant, RHCA
>
>
> ---------- Forwarded message ----------
> From: bishop <bishop at platypus.bc.ca>
> To: Discussion list about Kickstart <kickstart-list at redhat.com>
> Cc:
> Bcc:
> Date: Thu, 1 Jun 2017 18:48:34 -0400
> Subject: Re: Addon Order
>
> Alex,
>
> /etc/yum.repos.d/CentOS-Base.repo isn't replaced or updated:  it's a
> config file, and appears to be config(noreplace).  If you >it then your
> troubles with that one should be over.
>
> I had to wait until I could check, but I was sure of it.  And my own
> cobbler-installed systems have relied on this since at least centos4,
> despite many, many updates of the centos-release.
>
> (I use a modified %yum_repos macro in the kickstart to write a cron job
> that creates a new repo file, so the repos in my profiles always launder
> out into the subscribed hosts.  Works well)
>
> If you *delete* that repo file, though, yes, of course, it's going to be
> restored with a new copy.  Maybe don't do that.
>
>  - bish
>
>
> > On Thu, Jun 1, 2017 at 7:29 AM, Alex Martin <alexmartin.bu at gmail.com
> > <mailto:alexmartin.bu at gmail.com>> wrote:
> >
> >     The problem is, once the centos-release package is installed, it
> >     replaces or updates the /etc/yum.repos.d/CentOS-Base.repo files back
> >     to their defaults.
> >
> >     This causes the installer to hang trying to download required scap
> >     files for that profile from the internet.
> >
>
>
>
>
> ---------- Forwarded message ----------
> From: Alex Martin <alexmartin.bu at gmail.com>
> To: Discussion list about Kickstart <kickstart-list at redhat.com>
> Cc:
> Bcc:
> Date: Fri, 2 Jun 2017 12:50:06 +0100
> Subject: Re: Addon Order
> The org_fedora_oscap addon which does the remediation bits runs in the
> /mnt/sysimage chroot environment and accesses the files in /etc/yum.repos.d
> (looking at strace)
> Because of this, I don't think it respects the repo or proxy lines in the
> kickstart file, hence my attempt to edit the repo files directly before the
> addon executing.
>
> Just to check, the %pre section of the kickstart runs before the disk is
> partitioned, is the correct?
> And the %post sections run after the packages have been installed?
>
> So is there anyway to get files onto the target system before the packages
> are installed?
>
> Thanks
> Alex
>
>
>
> On 1 June 2017 at 23:48, bishop <bishop at platypus.bc.ca> wrote:
>
>>
>> Alex,
>>
>> /etc/yum.repos.d/CentOS-Base.repo isn't replaced or updated:  it's a
>> config file, and appears to be config(noreplace).  If you >it then your
>> troubles with that one should be over.
>>
>> I had to wait until I could check, but I was sure of it.  And my own
>> cobbler-installed systems have relied on this since at least centos4,
>> despite many, many updates of the centos-release.
>>
>> (I use a modified %yum_repos macro in the kickstart to write a cron job
>> that creates a new repo file, so the repos in my profiles always launder
>> out into the subscribed hosts.  Works well)
>>
>> If you *delete* that repo file, though, yes, of course, it's going to be
>> restored with a new copy.  Maybe don't do that.
>>
>>  - bish
>>
>>
>> > On Thu, Jun 1, 2017 at 7:29 AM, Alex Martin <alexmartin.bu at gmail.com
>> > <mailto:alexmartin.bu at gmail.com>> wrote:
>> >
>> >     The problem is, once the centos-release package is installed, it
>> >     replaces or updates the /etc/yum.repos.d/CentOS-Base.repo files
>> back
>> >     to their defaults.
>> >
>> >     This causes the installer to hang trying to download required scap
>> >     files for that profile from the internet.
>> >
>>
>> _______________________________________________
>> Kickstart-list mailing list
>> Kickstart-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/kickstart-list
>>
>
>
> _______________________________________________
> Kickstart-list mailing list
> Kickstart-list at redhat.com
> https://www.redhat.com/mailman/listinfo/kickstart-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/kickstart-list/attachments/20170602/2f859bed/attachment.htm>

More information about the Kickstart-list mailing list