forked from minishift/minishift-centos-iso
-
Notifications
You must be signed in to change notification settings - Fork 1
/
centos-7.template
243 lines (208 loc) · 6.87 KB
/
centos-7.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
sshpw --username=root --plaintext centos
# Firewall configuration
firewall --disabled
selinux --enforcing
# Use network installation
url --url="http://mirror.centos.org/centos/7/os/x86_64/"
network --bootproto=dhcp --device=eth0 --activate --onboot=on
network --bootproto=dhcp --device=eth1 --activate --onboot=on
skipx
rootpw --plaintext centos
auth --useshadow --passalgo=sha512
timezone --utc America/New_York
bootloader --timeout=1 --location=mbr --append="no_timer_check console=ttyS0 console=tty0 net.ifnames=0 biosdevname=0"
clearpart --all
part / --fstype="ext4" --size=10240
#Repos
repo --name=base --baseurl=http://mirror.centos.org/centos/7/os/x86_64/
repo --name=updates --baseurl=http://mirror.centos.org/centos/7/updates/x86_64/
repo --name=extras --baseurl=http://mirror.centos.org/centos/7/extras/x86_64/
repo --name=atomic --baseurl=http://mirror.centos.org/centos/7/atomic/x86_64/adb/
repo --name=hvkvp --baseurl=http://files.gbraad.nl/hvkvp/
repo --name=epel --mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=x86_64
shutdown
%packages --excludedocs --instLangs=en
@core
openssl
bash
centos-logos
docker
dracut
e4fsprogs
efibootmgr
grub2
grub2-efi
kernel
net-tools
parted
shadow-utils
shim
syslinux
hyperv-daemons
cifs-utils
fuse-sshfs
nfs-utils
go-hvkvp
libvirt
qemu-system-x86
qemu-kvm
epel-release
#Packages to be removed
-aic94xx-firmware
-alsa-firmware
-iprutils
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-iwl7265-firmware
-postfix
-rsyslog
%end
%post
# Setting a global Locale for the server
echo "LANG=\"C\"" > /etc/locale.conf
# Add docker user with 'tcuser' password
/usr/sbin/useradd -p '$1$AhiE7wa5$d8puTTTSvN7Hq3JgUvfLV/' docker
/usr/sbin/usermod -a -G docker docker
# sudo permission for docker user
echo "%docker ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/docker
sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers
# minishift as variant for custom provisioner
echo "VARIANT=\"minishift\"" >> /etc/os-release
echo "VARIANT_VERSION=\"${version}\"" >> /etc/os-release
echo "BUILD_ID=\"${build_id}\"" >> /etc/os-release
# Remove redhat-logo and firmware package to help with reduce box size
yum remove -y redhat-logos linux-firmware
# Clear yum package and metadata cache
yum clean all
# Place holder cert generation script. This is needed to create certs when system
# boots first time to make sure docker daemon running with cert enabled. On restart
# this script will first check cert is already available or not.
cat > cert-gen.base64 << EOF
${cert_gen}
EOF
base64 -d < cert-gen.base64 > minishift-cert-gen
rm -f cert-gen.base64
chmod +x minishift-cert-gen
mv minishift-cert-gen /usr/local/bin/
# This unit file will take precedence over unit file which present /usr location
# and it have daemon running using cert so when restart happen then also docker
# daemon works as expected.
cat << EOF > /etc/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target rc-local.service
Requires=docker-cleanup.timer
[Service]
Type=notify
NotifyAccess=all
Environment=GOTRACEBACK=crash
Environment=DOCKER_HTTP_HOST_COMPAT=1
Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
ExecStartPre=/usr/local/bin/minishift-cert-gen
ExecStart=/usr/bin/dockerd-current -H tcp://0.0.0.0:2376 \
-H unix:///var/run/docker.sock \
--selinux-enabled \
--log-driver=journald \
--signature-verification=false \
--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
--default-runtime=docker-runc \
--exec-opt native.cgroupdriver=systemd \
--userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
--storage-driver devicemapper \
--tlsverify --tlscacert /etc/docker/ca.pem \
--tlscert /etc/docker/server.pem \
--tlskey /etc/docker/server-key.pem
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
MountFlags=slave
Environment=
[Install]
WantedBy=multi-user.target
EOF
# Show a warning banner when using yum to install software
mv /usr/bin/yum /usr/bin/yum-unsupported
# Place holder for base64 encode yum-wrapper script
cat > yum-wrapper.base64 << EOF
${yum_wrapper}
EOF
base64 -d < yum-wrapper.base64 > yum-wrapper
rm -f yum-wrapper.base64
chmod +x yum-wrapper
mv yum-wrapper /usr/bin/yum
# Place holder for base64 encode handle-user-data script
cat > handle-user-data.base64 << EOF
${handle_user_data}
EOF
base64 -d < handle-user-data.base64 > handle-user-data
rm -f handle-user-data.base64
chmod +x handle-user-data
mv handle-user-data /usr/local/bin/minishift-handle-user-data
# Handle user data (systemd service)
cat > handle-user-data-service.base64 << EOF
${handle_user_data_service}
EOF
base64 -d < handle-user-data-service.base64 > handle-user-data.service
rm handle-user-data-service.base64
mv handle-user-data.service /usr/lib/systemd/system/minishift-handle-user-data.service
# Set IP address based on settings or hvkvp (Hyper-V)
cat > set-ipaddress.base64 << EOF
${set_ipaddress}
EOF
base64 -d < set-ipaddress.base64 > set-ipaddress
rm set-ipaddress.base64
chmod +x set-ipaddress
mv set-ipaddress /usr/local/bin/minishift-set-ipaddress
# Set IP address (systemd service)
cat > set-ipaddress-service.base64 << EOF
${set_ipaddress_service}
EOF
base64 -d < set-ipaddress-service.base64 > set-ipaddress.service
rm set-ipaddress-service.base64
mv set-ipaddress.service /usr/lib/systemd/system/minishift-set-ipaddress.service
# Systemd configuration
systemctl disable kdump
systemctl disable rc-local
systemctl disable network
systemctl disable NetworkManager
systemctl disable NetworkManager-dispatcher
systemctl disable NetworkManager-wait-online
systemctl enable minishift-handle-user-data
systemctl enable minishift-set-ipaddress
systemctl enable docker
systemctl enable libvirtd
# Change the default libvirt network IP range to allow for nested libvirt
#!/usr/bin/env bash
UUID=`/usr/bin/uuidgen`
sed -e "s/192.168.122/192.168.199/g" \
-e "s,</name>,</name>\n <uuid>$UUID</uuid>," \
< /usr/share/libvirt/networks/default.xml \
> /etc/libvirt/qemu/networks/default.xml
# ln -s ../default.xml /etc/libvirt/qemu/networks/autostart/default.xml
# Make sure libvirt picks up the new network defininiton
/bin/systemctl try-restart libvirtd.service >/dev/null 2>&1 ||:
/bin/systemctl try-restart network.service >/dev/null 2>&1 ||:
# Clean
rm -rf /usr/lib/locale/locale-archive
rm -rf /var/cache/yum/*
%end