packer/rocky-linux-9-test/files/inst.ks

#version=RHEL8
ignoredisk --only-use=sda
# Partition clearing information
clearpart --none --initlabel
# Use graphical install
# graphical
# Use CDROM installation media
cdrom
text
# Keyboard layouts
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_US.UTF-8

# Network information
network  --bootproto=dhcp --ipv6=auto --activate
network  --hostname=localhost.localdomain
repo --name="AppStream" --baseurl=file:///run/install/repo/AppStream
# Root password
rootpw Packer
# Run the Setup Agent on first boot
firstboot --disabled
# Do not configure the X Window System
skipx
# System services
services --disabled="kdump" --enabled="sshd,rsyslog,chronyd"
# System timezone
timezone Etc/UTC --isUtc
# Disk partitioning information
part / --fstype="xfs" --grow --size=6144
part swap --fstype="swap" --size=512
reboot


%packages
@^minimal-environment
openssh-server
openssh-clients
sudo
kexec-tools
curl
# allow for ansible
python3
python3-libselinux

# unnecessary firmware
-aic94xx-firmware
-atmel-firmware
-b43-openfwwf
-bfa-firmware
-ipw2100-firmware
-ipw2200-firmware
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6050-firmware
-libertas-usb8388-firmware
-ql2100-firmware
-ql2200-firmware
-ql23xx-firmware
-ql2400-firmware
-ql2500-firmware
-rt61pci-firmware
-rt73usb-firmware
-xorg-x11-drv-ati-firmware
-zd1211-firmware
%end

%addon com_redhat_kdump --enable --reserve-mb='auto'

%end

%post


# this is installed by default but we don't need it in virt
echo "Removing linux-firmware package."
yum -C -y remove linux-firmware

# Remove firewalld; it is required to be present for install/image building.
echo "Removing firewalld."
yum -C -y remove firewalld --setopt="clean_requirements_on_remove=1"

# remove avahi and networkmanager
echo "Removing avahi/zeroconf and NetworkManager"
yum -C -y remove avahi\*

echo -n "Getty fixes"
# although we want console output going to the serial console, we don't
# actually have the opportunity to login there. FIX.
# we don't really need to auto-spawn _any_ gettys.
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf

# set virtual-guest as default profile for tuned
echo "virtual-guest" > /etc/tuned/active_profile

# Because memory is scarce resource in most cloud/virt environments,
# and because this impedes forensics, we are differing from the Fedora
# default of having /tmp on tmpfs.
echo "Disabling tmpfs for /tmp."
systemctl mask tmp.mount

cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes

# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL

# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot

echo "Fixing SELinux contexts."
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore

# reorder console entries
sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg

#echo "Zeroing out empty space."
# This forces the filesystem to reclaim space from deleted files
# dd bs=1M if=/dev/zero of=/var/tmp/zeros || :
# rm -f /var/tmp/zeros
# echo "(Don't worry -- that out-of-space error was expected.)"

yum update -y

sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers
echo "PermitRootLogin yes" > /etc/ssh/sshd_config.d/allow-root-ssh.conf

yum clean all
%end

%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end
Adding rl9 and kickstart configs 2023-10-30 15:28:12 -04:00			`#version=RHEL8`
			`ignoredisk --only-use=sda`
			`# Partition clearing information`
			`clearpart --none --initlabel`
			`# Use graphical install`
			`# graphical`
			`# Use CDROM installation media`
			`cdrom`
			`text`
			`# Keyboard layouts`
			`keyboard --vckeymap=us --xlayouts='us'`
			`# System language`
			`lang en_US.UTF-8`

			`# Network information`
			`network --bootproto=dhcp --ipv6=auto --activate`
			`network --hostname=localhost.localdomain`
			`repo --name="AppStream" --baseurl=file:///run/install/repo/AppStream`
			`# Root password`
			`rootpw Packer`
			`# Run the Setup Agent on first boot`
			`firstboot --disabled`
			`# Do not configure the X Window System`
			`skipx`
			`# System services`
			`services --disabled="kdump" --enabled="sshd,rsyslog,chronyd"`
			`# System timezone`
			`timezone Etc/UTC --isUtc`
			`# Disk partitioning information`
			`part / --fstype="xfs" --grow --size=6144`
			`part swap --fstype="swap" --size=512`
			`reboot`


			`%packages`
			`@^minimal-environment`
			`openssh-server`
			`openssh-clients`
			`sudo`
			`kexec-tools`
			`curl`
			`# allow for ansible`
			`python3`
			`python3-libselinux`

			`# unnecessary firmware`
			`-aic94xx-firmware`
			`-atmel-firmware`
			`-b43-openfwwf`
			`-bfa-firmware`
			`-ipw2100-firmware`
			`-ipw2200-firmware`
			`-ivtv-firmware`
			`-iwl100-firmware`
			`-iwl1000-firmware`
			`-iwl3945-firmware`
			`-iwl4965-firmware`
			`-iwl5000-firmware`
			`-iwl5150-firmware`
			`-iwl6000-firmware`
			`-iwl6000g2a-firmware`
			`-iwl6050-firmware`
			`-libertas-usb8388-firmware`
			`-ql2100-firmware`
			`-ql2200-firmware`
			`-ql23xx-firmware`
			`-ql2400-firmware`
			`-ql2500-firmware`
			`-rt61pci-firmware`
			`-rt73usb-firmware`
			`-xorg-x11-drv-ati-firmware`
			`-zd1211-firmware`
			`%end`

			`%addon com_redhat_kdump --enable --reserve-mb='auto'`

			`%end`

			`%post`


			`# this is installed by default but we don't need it in virt`
			`echo "Removing linux-firmware package."`
			`yum -C -y remove linux-firmware`

			`# Remove firewalld; it is required to be present for install/image building.`
			`echo "Removing firewalld."`
			`yum -C -y remove firewalld --setopt="clean_requirements_on_remove=1"`

			`# remove avahi and networkmanager`
			`echo "Removing avahi/zeroconf and NetworkManager"`
			`yum -C -y remove avahi\*`

			`echo -n "Getty fixes"`
			`# although we want console output going to the serial console, we don't`
			`# actually have the opportunity to login there. FIX.`
			`# we don't really need to auto-spawn _any_ gettys.`
			`sed -i '/^#NAutoVTs=.*/ a\`
			`NAutoVTs=0' /etc/systemd/logind.conf`

			`# set virtual-guest as default profile for tuned`
			`echo "virtual-guest" > /etc/tuned/active_profile`

			`# Because memory is scarce resource in most cloud/virt environments,`
			`# and because this impedes forensics, we are differing from the Fedora`
			`# default of having /tmp on tmpfs.`
			`echo "Disabling tmpfs for /tmp."`
			`systemctl mask tmp.mount`

			`cat <<EOL > /etc/sysconfig/kernel`
			`# UPDATEDEFAULT specifies if new-kernel-pkg should make`
			`# new kernels the default`
			`UPDATEDEFAULT=yes`

			`# DEFAULTKERNEL specifies the default kernel package type`
			`DEFAULTKERNEL=kernel`
			`EOL`

			`# make sure firstboot doesn't start`
			`echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot`

			`echo "Fixing SELinux contexts."`
			`touch /var/log/cron`
			`touch /var/log/boot.log`
			`mkdir -p /var/cache/yum`
			`/usr/sbin/fixfiles -R -a restore`

			`# reorder console entries`
			`sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg`

			`#echo "Zeroing out empty space."`
			`# This forces the filesystem to reclaim space from deleted files`
			`# dd bs=1M if=/dev/zero of=/var/tmp/zeros \|\| :`
			`# rm -f /var/tmp/zeros`
			`# echo "(Don't worry -- that out-of-space error was expected.)"`

			`yum update -y`

			`sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers`
			`echo "PermitRootLogin yes" > /etc/ssh/sshd_config.d/allow-root-ssh.conf`

			`yum clean all`
			`%end`

			`%anaconda`
			`pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty`
			`pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok`
			`pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty`
			`%end`