ClusterAPI.imageBuilder/packer/ova/linux/centos/http/7/ks.cfg

# Copyright 2019 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Perform a fresh install, not an upgrade
install
cdrom

# Perform a text installation
text

# Do not install an X server
skipx

# Configure the locale/keyboard
lang en_US.UTF-8
keyboard us

# Configure networking
network --onboot yes --bootproto dhcp --hostname capv.vm
firewall --disabled
selinux --permissive
timezone UTC

# Don't flip out if unsupported hardware is detected
unsupported_hardware

# Configure the user(s)
auth --enableshadow --passalgo=sha512 --kickstart
user --name=builder --plaintext --password builder --groups=builder,wheel

# Disable general install minutia
firstboot --disabled
eula --agreed

# Create a single partition with no swap space
bootloader --location=mbr
zerombr
clearpart --all --initlabel
part / --grow --asprimary --fstype=ext4 --label=slash

%packages --ignoremissing --excludedocs
openssh-server
sed
sudo

# Remove unnecessary firmware
-*-firmware

# Remove other unnecessary packages
-postfix
%end

# Enable/disable the following services
services --enabled=sshd

# Perform a reboot once the installation has completed
reboot

# The %post section is essentially a shell script
%post --erroronfail

# Update the root certificates
update-ca-trust force-enable

# Ensure that the "builder" user doesn't require a password to use sudo,
# or else Ansible will fail
echo 'builder ALL=(ALL) NOPASSWD: ALL' >/etc/sudoers.d/builder
chmod 440 /etc/sudoers.d/builder

# Install open-vm-tools
yum install -y open-vm-tools

# Remove the package cache
yum -y clean all

# Disable swap
swapoff -a
rm -f /swapfile
sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab

# Ensure on next boot that network devices get assigned unique IDs.
sed -i '/^\(HWADDR\|UUID\)=/d' /etc/sysconfig/network-scripts/ifcfg-*

%end
Test dependencies 2023-02-22 20:24:42 +00:00			`# Copyright 2019 The Kubernetes Authors.`
			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`

			`# Perform a fresh install, not an upgrade`
			`install`
			`cdrom`

			`# Perform a text installation`
			`text`

			`# Do not install an X server`
			`skipx`

			`# Configure the locale/keyboard`
			`lang en_US.UTF-8`
			`keyboard us`

			`# Configure networking`
			`network --onboot yes --bootproto dhcp --hostname capv.vm`
			`firewall --disabled`
			`selinux --permissive`
			`timezone UTC`

			`# Don't flip out if unsupported hardware is detected`
			`unsupported_hardware`

			`# Configure the user(s)`
			`auth --enableshadow --passalgo=sha512 --kickstart`
			`user --name=builder --plaintext --password builder --groups=builder,wheel`

			`# Disable general install minutia`
			`firstboot --disabled`
			`eula --agreed`

			`# Create a single partition with no swap space`
			`bootloader --location=mbr`
			`zerombr`
			`clearpart --all --initlabel`
			`part / --grow --asprimary --fstype=ext4 --label=slash`

			`%packages --ignoremissing --excludedocs`
			`openssh-server`
			`sed`
			`sudo`

			`# Remove unnecessary firmware`
			`-*-firmware`

			`# Remove other unnecessary packages`
			`-postfix`
			`%end`

			`# Enable/disable the following services`
			`services --enabled=sshd`

			`# Perform a reboot once the installation has completed`
			`reboot`

			`# The %post section is essentially a shell script`
			`%post --erroronfail`

			`# Update the root certificates`
			`update-ca-trust force-enable`

			`# Ensure that the "builder" user doesn't require a password to use sudo,`
			`# or else Ansible will fail`
			`echo 'builder ALL=(ALL) NOPASSWD: ALL' >/etc/sudoers.d/builder`
			`chmod 440 /etc/sudoers.d/builder`

			`# Install open-vm-tools`
			`yum install -y open-vm-tools`

			`# Remove the package cache`
			`yum -y clean all`

			`# Disable swap`
			`swapoff -a`
			`rm -f /swapfile`
			`sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab`

			`# Ensure on next boot that network devices get assigned unique IDs.`
			`sed -i '/^\(HWADDR\\|UUID\)=/d' /etc/sysconfig/network-scripts/ifcfg-*`

			`%end`