Commit 6270b28d authored by Tru  HUYNH's avatar Tru HUYNH
Browse files

Initial commit

parents
#sshpw --username=root centos7 --plaintext
# remote ssh during installation:
# enable by commenting out the 1st line and add to the install command line:
# inst.sshd=1
# this file: https://gitlab.pasteur.fr/tru/ISB2017/raw/master/C7.x86_64.ISB2017-http.cfg
#
#version=RHEL7
# reboot after installation: don't wait for ever for someone to press [reboot]
reboot
# Use CDROM installation media
#cdrom
# pasteur local mirror:
#url --url=http://ftp.pasteur.fr/mirrors/CentOS/7/os/x86_64
#repo --name="updates" --baseurl=http://ftp.pasteur.fr/mirrors/CentOS/7/updates/x86_64/ --cost=500
#repo --name="extras" --baseurl=http://ftp.pasteur.fr/mirrors/CentOS/7/extras/x86_64/ --cost=1000
#repo --name="EPEL" --baseurl=http://dl.fedoraproject.org/pub/epel/7/x86_64/ --cost=1000
url --url=http://192.168.56.1/pub/centos/7/os/x86_64
repo --name="updates" --baseurl=http://192.168.56.1/pub/centos/7/updates/x86_64/ --cost=500
repo --name="extras" --baseurl=http://192.168.56.1/pub/centos/7/extras/x86_64/ --cost=1000
repo --name="EPEL" --baseurl=http://192.168.56.1/pub/epel/7/x86_64/ --cost=1000
# Use graphical install
graphical
eula --agreed
# DONT Run the Setup Agent on first boot
firstboot --disable
# Keyboard layouts
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_US.UTF-8
# Network information
network --bootproto=dhcp --device=eth0 --onboot=on --ipv6=auto --activate
network --hostname=localhost.localdomain
rootpw --plaintext isb2017
# System services
services --enabled="chronyd"
# System timezone
timezone Europe/Athens --isUtc --ntpservers=0.centos.pool.ntp.org,1.centos.pool.ntp.org,2.centos.pool.ntp.org,3.centos.pool.ntp.org
authconfig --enableshadow --passalgo=sha512
selinux --enforcing
# X Window System configuration information
xconfig --startxonboot
# System bootloader configuration
bootloader --append=" crashkernel=auto" --location=mbr --boot-drive=sda
# Partition clearing information
clearpart --all --initlabel --drives=sda
# Disk partitioning information
#part /boot --fstype="ext4" --ondisk=sda --size=500
#part /boot/efi --fstype="efi" --ondisk=sda --size=200 --fsoptions="umask=0077,shortname=winnt"
#part / --fstype="ext4" --ondisk=sda --size=102400
#part swap --fstype="swap" --ondisk=sda --size=8000
#part /opt --fstype="ext4" --ondisk=sda --size=1796628
part /boot --fstype=ext3 --ondisk=sda --size 1000 --asprimary
part / --fstype=xfs --ondisk=sda --size 40000 --grow --asprimary
user --groups=centos --homedir=/home/centos --name=centos --password=isb2017
# centos is the admin user with sudo access and remote ssh access
user --groups=isb2017 --homedir=/home/isb2017 --name=isb2017 --password=changemenow
# student account
%packages
@base
@compat-libraries
@core
#@desktop-debugging
@development
#@dial-up
#@directory-client
@fonts
@guest-agents
@guest-desktop-agents
@input-methods
@internet-browser
@java-platform
#@kde-apps
#@kde-desktop
@legacy-x
#@multimedia
#@network-file-system-client
#@networkmanager-submodules
#@office-suite
@print-client
@x11
chrony
#kexec-tools
#@gnome-apps
#@gnome-desktop
#@additional-devel
#@platform-devel
#@technical-writing
#
-initial-setup
-gnome-initial-setup
# minimal
wget
sudo
lftp
curl
screen
rsync
sysstat
yum-utils
-libvirt-client
-libvirt-docs
# added Tru
epel-release
environment-modules
elinks
atlas-static
atlas-devel
fftw
fftw-devel
fftw-static
# ISB2017
#@mate-desktop-environment
tree
vim-enhanced
tmux
java-1.8.0-openjdk.x86_64
environment-modules
x2goserver.x86_64
zlib-devel
ncurses-devel
bzip2-devel
xz-devel
curl-devel
openssl-devel
bash-completion
emacs
gedit
nedit
gd-devel
libreoffice
evince
xpdf
eog
elinks
cmake
parallel
hdf5-static.x86_64
hdf5-devel.x86_64
glibc-static
libstdc++-static
# muscle build for micca
atlas-devel
blas-devel
lapack-devel
# R
readline-devel
libXt-devel.x86_64
# R
libtiff-devel
cairo-devel
libicu-devel
libxml2-devel # R/tidyverse
vim-X11
pdsh-rcmd-ssh.x86_64
perl-Digest-MD5
bind-utils
perl-Digest
nano
zsh
%end
%post --nochroot
cp /etc/resolv.conf /mnt/sysimage/etc/resolv.conf
%end
%post
# ssh with keys only:
curl https://gitlab.pasteur.fr/tru/ISB2017/raw/master/c7-sshd_config.sh | sh
# centos ssh-keys
curl https://gitlab.pasteur.fr/tru/ISB2017/raw/master/centos-autorized_keys.sh| sh
# isb2017 ssh-keys
curl https://gitlab.pasteur.fr/tru/ISB2017/raw/master/isb2017-autorized_keys.sh | sh
yum -y groupinstall mate-desktop-environment
# missing systemctl disable initial-setup.service
# https://bugzilla.redhat.com/show_bug.cgi?id=1213114
# https://bugzilla.redhat.com/show_bug.cgi?id=968582
systemctl disable initial-setup-graphical.service
#
# cuda installation
# curl http:// | sh
%end
%addon com_redhat_kdump --disable
# instead of --enable --reserve-mb='auto'
%end
%pre
# workaround clearpart initlabel not able to initialise sda
parted -s /dev/sda mklabel msdos
%end
# Pasteur Course on Integrative Structural Biology
- https://www.pasteur.fr/en/integrative-structural-biology
- Institu Pasteur, July 17th-22nd 2017, Paris - France
#!/bin/sh
# curl https://gitlab.pasteur.fr/tru/ISB2017/raw/master/c7-sshd_config.sh | sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin
export PATH
# sshd
/usr/bin/sed -i -e 's/^PermitRootLogin.*/PermitRootLogin no/g' /etc/ssh/sshd_config
/usr/bin/sed -i -e 's/^PasswordAuthentication.*/PasswordAuthentication no/g' /etc/ssh/sshd_config
#
# fix selinux permissions
/sbin/restorecon -rv /home /etc/ssh
mkdir -p /home/centos/.ssh
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChyr2SuPSTR18ExCCDHdrn5K+7OHBkHzCNPWYF5rdmaGgsflysqcWcyqeGQu6WPmcJkQQ76n1qjB+4eVzfoB3iINjBcak071M6j+kK8NmIPdgZWm5VtZmODa9DFsByT1tFp1uprgqDP/8LD83hZXuWsAf6P2YDN5xNdQayuy372QuSo5XwY6BdwO+aAOxfPn6UqoEI6yal9wX+CVfjy1jrq1L8pJABMel7wLeK/Qms5d2+SkOu6bh6P3MAwmd5XBbqXhacdonCD/8eM01OS3gEZW/fEBiWMj4dri9+fT1ZQxi9QkaMpeTELqX3uf6aAT5a9VoCgCURZ0ELt2oIEvSD isb2017-centos' > /home/centos/.ssh/authorized_keys
chmod 0700 /home/centos/.ssh
chmod 0600 /home/centos/.ssh/authorized_keys
chown -R centos:centos /home/centos/.ssh
restorecon -rv /home/centos
echo 'centos ALL=(ALL) ALL' >> /etc/sudoers
restorecon -rv /etc/sudoers
mkdir -p /home/isb2017/.ssh
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJS7wW19JQ6l7p4W4CwfNvWT8MmwFwneH5/c+uI5w48DzypdrBHBYwEBu10UrlYbgTjQX5rU67Wu/yYXnLPOjowex/j2ie3TY5wTuEnuJuU8YphPbZaGP4RyU0rAeS51iH0FoTmEcsSbpQPLPt/nGNuPdtZhMsnpdboKY7aZcWLGarIaS50WnrQgQMZ49m7y06Sf+rze8dJBO8w6rVDIoWqveuRqjggI2HjMmH3atJH9QKSrQPlOeV4XAkAiSj1JyQBTCOIGjg18jK7bIQnbGmF/hZdm6jZxmiz+jaGj77e8oJtMhi9bL0uEyOfnqcINsU18rqlqIOLJUJN6Gj1AQh isb2017-student' >/home/isb2017/.ssh/authorized_keys
chmod 0700 /home/isb2017/.ssh
chmod 0600 /home/isb2017/.ssh/authorized_keys
chown -R isb2017:isb2017 /home/isb2017/.ssh
restorecon -rv /home/isb2017
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment