# Developer CentOS 7 installation For all computers booting with USB ISO drives # #version=DEVEL # System authorization information auth --enableshadow --passalgo=sha512 # Use CDROM installation media cdrom # Use graphical install graphical # Run the Setup Agent on first boot firstboot --enable #Ignore the usb install drive from pre-install script %include /tmp/ignoredisk.line # Accept Eula eula --agreed # Reboot after installing reboot # Keyboard layouts keyboard --vckeymap=us --xlayouts='us' # System language lang en_AU.UTF-8 # firewall --enabled --ssh # Network information network --bootproto=dhcp --ipv6=auto --activate network --hostname=centosdev.localdomain.com # Root password # to create run openssl passwd -1 "password-here" rootpw --iscrypted $1$mlVobs7A$K9rWhltr8GHnfUXe5Y8R61 # System services services --enabled="chronyd" # System timezone timezone Australia/Perth --isUtc # Create local non-root admin user --groups=wheel --name=sadmin --password=$1$mlVobs7A$K9rWhltr8GHnfUXe5Y8R61 --iscrypted --gecos="sadmin" # X Window System configuration information xconfig --startxonboot # System bootloader configuration bootloader --append=" crashkernel=auto" --location=mbr # Partition clearing information clearpart --all --initlabel # Disk partitioning information # NOTE: encryption passphrase will prompt on install else add --passphrase=something after --encrypted # No swap partition because swapfile part /boot/efi --fstype="efi" --asprimary --size=200 --fsoptions="umask=0077,shortname=winnt" part /boot --fstype="xfs" --asprimary --size=2048 part pv.226 --fstype="lvmpv" --asprimary --grow --size=51205 --encrypted volgroup centos --pesize=4096 pv.226 logvol / --fstype="xfs" --grow --size=51200 --label="/" --name=root --vgname=centos %packages @^gnome-desktop-environment @base @core @desktop-debugging @dial-up @directory-client @fonts @gnome-desktop @guest-agents @guest-desktop-agents @hardware-monitoring @input-methods @internet-browser @java-platform @multimedia @network-file-system-client @networkmanager-submodules @print-client @x11 chrony kexec-tools %end %addon com_redhat_kdump --enable --reserve-mb='auto' %end ## pre-installation part to discover usb drives %pre USB=$(ls -l /dev/disk/by-id/ | grep usb | grep -v part | awk '{ print $NF }' | sed -r 's/..\/..\///g' | sed 'N;s/\n/,/') echo "ignoredisk --drives=$USB" > /tmp/ignoredisk.line %end # Post install package and set up %post --interpreter=/bin/bash --log=/tmp/ks-post.log # add DNS server because dhcp does not at this stage echo "nameserver 1.1.1.1" >> /etc/resolv.conf # allow wheel group sudo without entering password sudo sed -i 's/^#\s*\(%wheel\s\+ALL=(ALL)\s\+NOPASSWD:\s\+ALL\)/\1/' /etc/sudoers sudo sed -i 's/^\(%wheel\s\+ALL=(ALL)\s\+ALL\)/#\1/' /etc/sudoers sed -i 's/GRUB_TIMEOUT=5/GRUB_TIMEOUT=0/g' /etc/default/grub grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg # Install custom sshd_config root ssh echo "PermitRootLogin no" >> /etc/ssh/sshd_config # disable root account (cant sudo su) # sed -i '/^root/ s/\/bin\/bash/\/sbin\/nologin/' /etc/passwd # add a 8GB swapfile dd if=/dev/zero of=/swapfile bs=1M count=8000 chmod 600 /swapfile mkswap /swapfile echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab # import internal CA cert placeholder #touch /etc/pki/ca-trust/source/anchors/juc-noc1-prd-ca.crt #echo "-----BEGIN CERTIFICATE----- #-----END CERTIFICATE----- #" > /etc/pki/ca-trust/source/anchors/juc-noc1-prd-ca.crt #update-ca-trust yum install epel-release -y yum groupinstall xfce -y yum remove firefox -y # install networkmanager library.so to resolve CentOS7/RHEL7 bug with VPN gui yum install NetworkManager-openconnect-gnome -y # Save post boot script in /opt #wget -O /opt/post-boot.sh http://1.1.1.1/tony/post-boot.sh #chmod +x /opt/post-boot.sh # Save some desktop shortcuts for users mkdir /etc/skel/Desktop touch /etc/skel/Desktop/WebexTeams.desktop echo "[Desktop Entry] Encoding=UTF-8 Name=Webex Teams Type=Link URL=https://teams.webex.com/ Icon=text-html" > /etc/skel/Desktop/WebexTeams.desktop %end %anaconda pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty %end