Created
October 14, 2015 20:45
-
-
Save israelshirk/adba8e777edbe27b098a to your computer and use it in GitHub Desktop.
Revisions
-
israelshirk created this gist
Oct 14, 2015 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,229 @@ # Base settings install # Zero everything out... zerombr clearpart --all --initlabel # Generic boot settings... cdrom lang en_US.UTF-8 keyboard 'us' # Root password - from dd if=/dev/random bs=1k count=1 | md5sum | python -c "import crypt, getpass, sys, pwd; print crypt.crypt(sys.stdin.read(), '\$6\$saltgoeshere\$')" # Crypting stuff is from http://unix.stackexchange.com/questions/52108/how-to-create-sha512-password-hashes-on-command-line - mileage may vary. rootpw --iscrypted * --lock # Network setup network --onboot yes --device eth0 --bootproto dhcp --noipv6 --hostname=localhost.localdomain timezone --utc UTC # Base settings firewall --enabled --trust eth0 --ssh authconfig --enableshadow --passalgo=sha512 selinux --permissive timezone --utc UTC # Install in text mode, no X11 skipx # Disk 1 # 256M -> /boot (NO LVM) # Disk 2 # 40G -> / # 4G -> /var # 8G -> /opt # 4G -> /home # 1G -> /root # Disk 2 # 20G -> /var/log # Disk 3 # 20G -> /tmp # Disk 4 # 256M -> /var/lib/elasticsearch (grows to max) # 256M -> /var/lib/influxdb (grows to max) part /boot --size=200 --grow --asprimary --ondrive=sda part swap --size=1000 --grow --asprimary part pv.0 --size=56000 --grow --asprimary --ondrive=sdb part pv.1 --size=20000 --grow --asprimary --ondrive=sdc part pv.2 --size=20000 --grow --asprimary --ondrive=sdd part pv.3 --size=500 --grow --asprimary --ondrive=sde volgroup vg.0 pv.0 volgroup vg.2 pv.2 volgroup vg.1 pv.1 volgroup vg.3 pv.3 logvol / --name=root --size=20000 --vgname vg.0 logvol /var --name=var --size=4000 --vgname vg.0 logvol /opt --name=opt --size=8000 --vgname vg.0 logvol /home --name=home --size=4000 --vgname vg.0 logvol /opt/ncprogs/backspools --name=backspools --size=20000 --vgname vg.0 logvol /tmp --name=tmp --size=10000 --vgname vg.2 logvol /var/spool --name=spool --size=10000 --vgname vg.2 logvol /var/log --name=varlog --size=20000 --vgname vg.1 logvol /var/lib/elasticsearch --name=elasticsearch --percent=60 --vgname vg.3 logvol /var/lib/influxdb --name=influxdb --percent=40 --vgname vg.3 # Install bootloader bootloader --location=mbr --append="norhgb net.ifnames=0 biosdevname=0" # Disable wonky stuff firstboot --disabled # Enable network and SSH services --enabled network,sshd # Reboot after setup reboot # Stuff in updates repos so we don't waste time there later... repo --name=rhel-7-server --baseurl=http://10.1.158.119:8080/repos/rhel-7-server repo --name=rhel-7-server-optional --baseurl=http://10.1.158.119:8080/repos/rhel-7-server-optional repo --name=rhel-7-server-extras --baseurl=http://10.1.158.119:8080/repos/rhel-7-server-extras # Install stuff %packages --excludedocs --nobase # Core group - we use all of it currently; this makes it a little easier to strip stuff out @core -ecryptfs-utils rsyslog # Tools you just need bzip2 curl gcc kernel-devel kernel-headers make net-tools nfs-utils openssh-clients patch perl sudo wget vim nano telnet # Unnecessary firmware (pulled from https://github.com/chef/bento/blob/master/http/centos-7.1) -aic94xx-firmware -atmel-firmware -b43-openfwwf -bfa-firmware -ipw2100-firmware -ipw2200-firmware -ivtv-firmware -iwl100-firmware -iwl105-firmware -iwl135-firmware -iwl1000-firmware -iwl2000-firmware -iwl2030-firmware -iwl3160-firmware -iwl3945-firmware -iwl4965-firmware -iwl5000-firmware -iwl5150-firmware -iwl6000-firmware -iwl6000g2a-firmware -iwl6000g2b-firmware -iwl6050-firmware -iwl7260-firmware -libertas-usb8388-firmware -libertas-sd8686-firmware -libertas-sd8787-firmware -ql2100-firmware -ql2200-firmware -ql23xx-firmware -ql2400-firmware -ql2500-firmware -rt61pci-firmware -rt73usb-firmware -xorg-x11-drv-ati-firmware -zd1211-firmware -fprintd-pam -intltool # Make sure Virtualbox Guest Extensions can build kernel-devel kernel-headers zlib-devel openssl-devel readline-devel sqlite-devel perl gcc ruby # Stuff for Puppet libselinux-ruby libX11 libXau libXdmcp tk augeas-libs # Base packages gcc gdb git iotop postfix python python-libs python-setuptools rpm-build screen strace # VMware tools (part 1 - part 2 comes from http://partnerweb.vmware.com/GOSIG/RHEL_7.html#Tools in virtualbox.sh) open-vm-tools %end %post # The request above to skip bluez-utils, dogtail, and systemtap is ignored due to something tweaky. So we compensate back to normal here. :/ yum -y erase gtk2 hicolor-icon-theme avahi freetype bitstream-vera-fonts gnome gnome-python2 libXt libXfixes libXxf86misc libXres libXft libXrender libXmu libXi libXcursor libXTrap libXxf86vm libXfontcache libXevie libXpm xorg-x11-server-Xvfb libXfont libXext libXrandr libXinerama libXtst libXaw gnome-mime-data # Add Vagrant user and group. 501/20 matches the default user on OS X (in case you're thinking of using NFS in that context) /usr/sbin/groupadd -g 501 vagrant /usr/sbin/useradd -u 501 -g 501 -m vagrant echo "vagrant"|passwd --stdin vagrant echo 'Defaults:vagrant !requiretty' >> /etc/sudoers.d/vagrant echo '%vagrant ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/vagrant mkdir /home/vagrant/.ssh cat <<THE_END > /home/vagrant/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key THE_END chown vagrant:vagrant -R /home/vagrant/.ssh chmod 700 /home/vagrant/.ssh chmod 600 /home/vagrant/.ssh/authorized_keys chcon -R unconfined_u:object_r:user_home_t:s0 /home/vagrant/.ssh # Disable 'consistent network device naming' and make things act more or less reasonable in a VM-oriented context. echo > /etc/udev/rules.d/70-persistent-net.rules echo > /etc/udev/rules.d/75-persistent-net-generator.rules sed -i'' -e '/UUID=/d' /etc/sysconfig/network-scripts/ifcfg-eth0 sed -i'' -e '/HWADDR=/d' /etc/sysconfig/network-scripts/ifcfg-eth0 sed -i'' -e '/DHCP_HOSTNAME=/d' /etc/sysconfig/network-scripts/ifcfg-eth0 sed -i'' -e 's/NM_CONTROLLED=.*/NM_CONTROLLED="no"/' /etc/sysconfig/network-scripts/ifcfg-eth0 # Disable rhnsd so we don't get automatic updates - needs discussion with The Operators. This is aimed at immutable stuff. YMMV. service rhnsd stop || echo "ignore" chkconfig rhnsd off %end This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,322 @@ { "variables": { "ip_address": "IP_ADDRESS", "netmask": "255.255.255.0", "gateway": "IP_ADDRESS", "nameserver1": "IP_ADDRESS", "nameserver2": "IP_ADDRESS", "headless": "true", "remote_type_info": "If you're building directly on ESX, set remote_type to 'esx'. Otherwise, leave it blank.", "remote_type": "", "exsi_info_1": "You only need to fill in the esxi_* variables if you're building on ESX. Otherwise, packer will build locally.", "esxi_username": "", "esxi_password": "", "esxi_host": "", "esxi_datastore": "", "yum_caching_proxy_url": "", "password": "vagrant", "redhat_repo_base_url": "http://IP_ADDRESS/yum", "iso_root": "http://IP_ADDRESS/yum/iso", "role": "base", "hiera": "hiera/null.yaml", "post_command": " || [[ \"$?\" == \"2\" || \"$?\" == \"0\" ]] || (echo \"sleeping 90000 seconds due to failure; ctrl-Z to pause indefinitely\"; sleep 90000; exit 1)", "memory": "4096", "final_memory": "8192", "cpu_count": "2", "disk_boot": "4000", "disk_common": "57000", "disk_log": "21000", "disk_tmp": "21000", "disk_search": "100000", "build_ip_info_1": "See https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/chap-anaconda-boot-options.html#tabl-boot-options-network-formats", "build_ip_info_2": "Use 'dhcp' to set DHCP", "build_ip_info_3": "Static configuration comes in the format ip=ip::gateway:netmask:hostname:interface:none", "build_ip_info_4": "where the 'none' is the literal string 'none', indicating the configuration method", "build_ip": "dhcp", "post_info_1": "All of the post variables below set the final state of the machine up so that it it's just a single-button action to turn on and attach.", "post_info_2": "When the box is booted, the settings below will take effect - so be careful to isolate your nets if you're swapping out VMs or anything like that.", "post_hostname": "", "post_domain": "", "post_dns_1": "", "post_dns_2": "", "post_dns_3": "", "post_ip_address_1": "", "post_ip_address_2": "", "post_netmask_1": "", "post_netmask_2": "", "post_gateway": "" }, "builders": [ { "name": "rhel7-vmware-base", "type": "vmware-iso", "vmdk_name": "disk", "headless": "{{ user `headless` }}", "remote_type": "{{ user `remote_type` }}", "remote_username": "{{ user `esxi_username` }}", "remote_password": "{{ user `esxi_password` }}", "remote_host": "{{user `esxi_host` }}", "remote_datastore": "{{ user `esxi_datastore` }}", "remote_cache_directory": "/packer", "vmx_data": { "config.version": "8", "ctkEnabled": "true", "ethernet0.displayName": "Ethernet", "ethernet0.virtualDev": "e1000", "mem.hotadd": "true", "memSize": "8192", "numvcpus": "2", "sched.cpu.shares": "normal", "sched.mem.shares": "normal", "softPowerOff": "false", "svga.present": "true", "svga.vramSize": "8388608", "tools.upgrade.policy": "manual", "virtualHW.version": "8" }, "vmx_data_post": { "numvcpus": "{{ user `cpu_count` }}", "ethernet0.connectionType": "bridged", "ethernet0.virtualdev": "vmxnet3", "ethernet1.virtualdev": "vmxnet3", "memsize": "{{ user `final_memory` }}", "ide1:0.present": "false", "tools.synctime": "false", "toolscripts.afterpoweron": "true", "toolscripts.afterresume": "true", "toolscripts.beforesuspend": "true", "toolscripts.beforepoweroff": "true", "remotedisplay.vnc.enabled": "FALSE" }, "guest_os_type": "rhel6-64", "tools_upload_flavor": "linux", "tools_upload_path": "/home/vagrant/linux.iso", "disk_size": "{{ user `disk_boot` }}", "disk_type_id": "0", "disk_additional_size": [ "{{ user `disk_common` }}", "{{ user `disk_log` }}", "{{ user `disk_tmp` }}", "{{ user `disk_search` }}" ], "vmx_template_path": "templates/vmx/vmx-template-linux.vmx", "vmx_disk_template_path": "templates/vmx/vmx-disk-template-linux.vmx", "iso_url": "{{ user `iso_root` }}/rhel-server-7.1-x86_64-dvd.iso", "iso_checksum": "2f44295b1b40b98d2ef694cc111dbb34f46151f38f60bd1db951d142a9d417b414e80b5981ca53e8f32e198ec264120b2b626ea86e2a5793a682d536ce78b1e0", "iso_checksum_type": "sha512", "http_directory": "kickstarts/rhel-7.1", "output_directory": "rhel7-vmware-base", "boot_command": "<up><tab> text net.ifnames=0 inst.ks=http://IP_ADDRESS/ks.cfg ip={{ user `build_ip` }}<enter><wait><enter><wait>", "boot_wait": "5s", "shutdown_command": "echo 'vagrant' | sudo -S /sbin/shutdown -h now", "ssh_username": "vagrant", "ssh_password": "vagrant", "ssh_wait_timeout": "1000s", "vm_name": "rhel7-vmware-base" }, { "name": "rhel7-virtualbox-base", "type": "virtualbox-iso", "headless": "{{ user `headless` }}", "guest_os_type": "RedHat_64", "guest_additions_mode": "upload", "guest_additions_path": "VBoxGuestAdditions.iso", "virtualbox_version_file": ".vbox_version", "disk_size": "{{ user `disk_boot` }}", "hard_drive_interface": "sata", "vboxmanage": [ [ "modifyvm", "{{.Name}}", "--cpus", "{{ user `cpu_count` }}" ], [ "modifyvm", "{{.Name}}", "--memory", "{{ user `final_memory` }}" ], [ "createhd", "--format", "VDI", "--filename", "disk2.vdi", "--size", "{{ user `disk_common` }}" ], [ "storageattach", "{{.Name}}", "--storagectl", "SATA Controller", "--port", "1", "--type", "hdd", "--medium", "disk2.vdi" ], [ "createhd", "--format", "VDI", "--filename", "disk3.vdi", "--size", "{{ user `disk_log` }}" ], [ "storageattach", "{{.Name}}", "--storagectl", "SATA Controller", "--port", "2", "--type", "hdd", "--medium", "disk3.vdi" ], [ "createhd", "--format", "VDI", "--filename", "disk4.vdi", "--size", "{{ user `disk_tmp` }}" ], [ "storageattach", "{{.Name}}", "--storagectl", "SATA Controller", "--port", "3", "--type", "hdd", "--medium", "disk4.vdi" ], [ "createhd", "--format", "VDI", "--filename", "disk5.vdi", "--size", "{{ user `disk_search` }}" ], [ "storageattach", "{{.Name}}", "--storagectl", "SATA Controller", "--port", "4", "--type", "hdd", "--medium", "disk5.vdi" ] ], "iso_url": "{{ user `iso_root` }}/rhel-server-7.1-x86_64-dvd.iso", "iso_checksum": "2f44295b1b40b98d2ef694cc111dbb34f46151f38f60bd1db951d142a9d417b414e80b5981ca53e8f32e198ec264120b2b626ea86e2a5793a682d536ce78b1e0", "iso_checksum_type": "sha512", "http_directory": "kickstarts/rhel-7.1", "output_directory": "rhel7-virtualbox-base", "boot_command": "<up><tab> text net.ifnames=0 inst.ks=http://IP_ADDRESS/ks.cfg ip={{ user `build_ip` }}<enter><wait><enter><wait>", "boot_wait": "5s", "shutdown_command": "echo 'vagrant' | sudo -S /sbin/shutdown -h now", "ssh_username": "vagrant", "ssh_password": "vagrant", "ssh_wait_timeout": "1000s", "vm_name": "rhel7-virtualbox-base" } ], "provisioners": [ { "type": "shell", "execute_command": "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}' {{ user `post_command` }}", "environment_vars": [ "REDHAT_REPO_BASE_URL={{ user `redhat_repo_base_url` }}", "YUM_CACHING_PROXY_URL={{ user `yum_caching_proxy_url` }}", "POST_DOMAIN={{ user `post_domain` }}", "POST_HOSTNAME={{ user `post_hostname` }}", "POST_IP_ADDRESS_1={{ user `post_ip_address_1` }}", "POST_IP_ADDRESS_2={{ user `post_ip_address_2` }}", "POST_NETMASK_1={{ user `post_netmask_1` }}", "POST_NETMASK_2={{ user `post_netmask_2` }}", "POST_DNS1={{ user `post_dns1` }}", "POST_DNS2={{ user `post_dns2` }}", "POST_DNS3={{ user `post_dns3` }}", "POST_GATEWAY={{ user `post_gateway` }}", "PASSWORD={{ user `password` }}" ], "scripts": [ "scripts/linux/bare.sh", "scripts/linux/virtualbox.sh", "scripts/linux/facter.sh", "scripts/linux/sanity_check.sh" ] }, { "type": "file", "source": "provisioners/puppeteer/puppet", "destination": "/tmp/puppet" }, { "type": "shell", "inline": "sudo cp -a /tmp/puppet/* /etc/puppet/; rm -rf /tmp/puppet" }, { "type": "puppet-masterless", "execute_command": "{{.FacterVars}}{{if .Sudo}} sudo -E {{end}}puppet apply --verbose --debug --parser future --modulepath='/etc/puppet/modules' --hiera_config='/etc/puppet/{{ user `hiera` }}' --manifestdir='/etc/puppet/manifests' --detailed-exitcodes /etc/puppet/manifests/site.pp {{ user `post_command` }}", "facter": { "server_tags": "role:{{ user `role` }}=true", "redhat_repo_base_url": "{{ user `redhat_repo_base_url` }}" }, "hiera_config_path": "provisioners/puppeteer/puppet/{{ user `hiera` }}", "manifest_file": "provisioners/puppeteer/puppet/manifests/site.pp", "module_paths": [ "provisioners/puppeteer/puppet/modules/" ], "staging_directory": "/tmp/packer-puppet-masterless/puppet" }, { "type": "shell", "execute_command": "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}' {{ user `post_command` }}", "environment_vars": [ "REDHAT_REPO_BASE_URL={{ user `redhat_repo_base_url` }}", "YUM_CACHING_PROXY_URL={{ user `yum_caching_proxy_url` }}", "POST_DOMAIN={{ user `post_domain` }}", "POST_HOSTNAME={{ user `post_hostname` }}", "POST_IP_ADDRESS_1={{ user `post_ip_address_1` }}", "POST_IP_ADDRESS_2={{ user `post_ip_address_2` }}", "POST_NETMASK_1={{ user `post_netmask_1` }}", "POST_NETMASK_2={{ user `post_netmask_2` }}", "POST_DNS1={{ user `post_dns1` }}", "POST_DNS2={{ user `post_dns2` }}", "POST_DNS3={{ user `post_dns3` }}", "POST_GATEWAY={{ user `post_gateway` }}", "PASSWORD={{ user `password` }}" ], "scripts": [ "scripts/linux/sensus-harden.sh", "scripts/linux/ipaddress.sh", "scripts/linux/password.sh", "scripts/linux/cleanup.sh" ] }, { "type": "shell", "inline": [ "echo Sleeping 90 so you can interrupt - run pkill -f sleep to continue.", "sleep 90 || true" ] } ], "post-processors": [] }