forked from minishift/minishift-centos-iso
-
Notifications
You must be signed in to change notification settings - Fork 1
/
rhel-7.template
206 lines (179 loc) · 5.28 KB
/
rhel-7.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
sshpw --username=root --plaintext redhat
# Firewall configuration
firewall --disabled
selinux --enforcing
# Use network installation
url --url=${rhel_tree_url}
network --bootproto=dhcp --device=eth0 --activate --onboot=on
network --bootproto=dhcp --device=eth1 --activate --onboot=on
skipx
rootpw --plaintext centos
auth --useshadow --passalgo=sha512
timezone --utc America/New_York
bootloader --location=mbr --append="no_timer_check console=ttyS0 console=tty0 net.ifnames=0 biosdevname=0"
clearpart --all
part / --fstype="ext4" --size=10240
#Repos
repo --name=base --baseurl=${base_repo_url}
repo --name=updates --baseurl=${updates_repo_url}
repo --name=cdk --baseurl=${cdk_repo_url}
shutdown
%packages --excludedocs --instLangs=en
@core
openssl
bash
docker
dracut
e4fsprogs
efibootmgr
grub2
grub2-efi
kernel
net-tools
parted
shadow-utils
shim
syslinux
hyperv-daemons
cifs-utils
cdk-entitlements
fuse-sshfs
nfs-utils
#Packages to be removed
-aic94xx-firmware
-alsa-firmware
-iprutils
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-iwl7265-firmware
-postfix
-rsyslog
%end
%post
# Setting a global Locale for the server
echo "LANG=\"C\"" > /etc/locale.conf
# Add docker user with 'tcuser' password
/usr/sbin/useradd -p '$1$AhiE7wa5$d8puTTTSvN7Hq3JgUvfLV/' docker
/usr/sbin/usermod -a -G docker docker
# sudo permission for docker user
echo "%docker ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/docker
sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers
# Network configuration to make sure eth0 works to connect with outer world
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
PERSISTENT_DHCLIENT="yes"
EOF
# Network configuration to make sure eth1 works for machine
cat > /etc/sysconfig/network-scripts/ifcfg-eth1 << EOF
DEVICE="eth1"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
PERSISTENT_DHCLIENT="yes"
EOF
# Place holder for base64 encode handle-user-data script
cat > handle-user-data.base64 << EOF
${handle_user_data}
EOF
# minishift as variant for custom provisioner
echo "VARIANT=\"minishift\"" >> /etc/os-release
echo "VARIANT_VERSION=\"${version}\"" >> /etc/os-release
echo "BUILD_ID=\"${build_id}\"" >> /etc/os-release
base64 -d < handle-user-data.base64 > handle-user-data
rm -f handle-user-data.base64
mv handle-user-data /etc/rc.d/init.d/
chmod +x /etc/rc.d/init.d/handle-user-data
/sbin/restorecon /etc/rc.d/init.d/handle-user-data
chmod +x /etc/rc.d/rc.local
echo "/etc/rc.d/init.d/handle-user-data" >> /etc/rc.d/rc.local
# Remove redhat-logo and firmware package to help with reduce box size
yum remove -y redhat-logos linux-firmware
# Clear yum package and metadata cache
yum clean all
# Place holder cert generation script. This is needed to create certs when system
# boots first time to make sure docker daemon running with cert enabled. On restart
# this script will first check cert is already available or not.
cat > cert-gen.sh.base64 << EOF
${cert_gen}
EOF
base64 -d < cert-gen.sh.base64 > minishift-cert-gen
rm -f cert-gen.sh.base64
chmod +x minishift-cert-gen
mv minishift-cert-gen /usr/local/bin
# This unit file will take precedence over unit file which present /usr location
# and it have daemon running using cert so when restart happen then also docker
# daemon works as expected.
cat << EOF > /etc/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target rc-local.service
Requires=rhel-push-plugin.socket
Requires=docker-cleanup.timer
[Service]
Type=notify
NotifyAccess=all
Environment=GOTRACEBACK=crash
Environment=DOCKER_HTTP_HOST_COMPAT=1
Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
ExecStartPre=/usr/local/bin/minishift-cert-gen
ExecStart=/usr/bin/dockerd-current -H tcp://0.0.0.0:2376 \
-H unix:///var/run/docker.sock \
--authorization-plugin=rhel-push-plugin \
--selinux-enabled \
--log-driver=journald \
--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
--default-runtime=docker-runc \
--exec-opt native.cgroupdriver=systemd \
--userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
--add-registry=registry.access.redhat.com \
--storage-driver devicemapper \
--tlsverify --tlscacert /etc/docker/ca.pem \
--tlscert /etc/docker/server.pem \
--tlskey /etc/docker/server-key.pem
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
MountFlags=slave
Environment=
[Install]
WantedBy=multi-user.target
EOF
systemctl enable docker
systemctl enable rhel-push-plugin
# Show a warning banner when using yum to install software
mv /usr/bin/yum /usr/bin/yum-unsupported
# Place holder for base64 encode yum-wrapper script
cat > yum-wrapper.base64 << EOF
${yum_wrapper}
EOF
base64 -d < yum-wrapper.base64 > yum-wrapper
rm -f yum-wrapper.base64
mv yum-wrapper /usr/bin/yum
chmod +x /usr/bin/yum
rm -f /etc/resolv.conf
rm -rf /usr/lib/locale/locale-archive
rm -rf /var/cache/yum/*
%end