-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrk8+ice
110 lines (88 loc) · 2.35 KB
/
rk8+ice
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
grub.cfg
menuentry 'Install Rocky Linux 8.10 Kickstart(ICE)' --class fedora --class gnu-linux --class gnu --class os {
linuxefi /images/pxeboot/vmlinuz inst.repo=hd:LABEL=ROCKY-8-10- inst.ks=hd:sda1:/ks.cfg quiet
initrdefi /images/pxeboot/initrd.img
}
ks.cfg
# text mode install
text
skipx
# install packages
%packages
@^minimal-environment
#@^server-product-environment
kexec-tools
langpacks-ja
tuned
git
-cockpit
%end
# settings
keyboard jp106
lang en_US.UTF-8
network --bootproto=dhcp --device=link --activate --onboot=on
harddrive --dir= --partition=LABEL=ROCKY-8-10-
firstboot --disable
eula --agreed
timezone --utc Asia/Tokyo
rootpw changeme!
# storage settings
ignoredisk --only-use=mmcblk0
clearpart --drives=mmcblk0 --all
autopart --type=lvm --nohome
%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end
reboot
%post --log=/root/post.log
# DNF
echo 'fastestmirror=true' >> /etc/dnf/dnf.conf
# hostname
sudo tee /etc/hostname <<EOF
`date '+%Y-%m-%d-%H-%M-%S'`.ntt
EOF
# yum update
dnf -y clean all
#dnf -y update
# Add elrepo&epel Repository
dnf -y install epel-release
# fail2ban
dnf -y install fail2ban --enablerepo=epel
systemctl enable fail2ban
touch /var/log/fail2ban.log
sed -i -E 's/^(logtarget =).*/\1 \/var\/log\/fail2ban.log/' /etc/fail2ban/fail2ban.conf
# fail2ban local.conf
sudo tee /etc/fail2ban/jail.d/local.conf <<EOF
[sshd]
enabled = true
EOF
# ntp
sed -i 's/^pool.*iburst$/server ntp.nict.jp iburst/' /etc/chrony.conf
systemctl enable chronyd
# remove machine-id
cat /dev/null > /etc/machine-id
cat /dev/null > /var/lib/dbus/machine-id
# ICE Setup
dnf -y install sshpass
sshpass -p 'changeme!' scp -o "StrictHostKeyChecking=no" root@changeme!:~/pelinux_amd64_100.rpm ./
dnf -y install ./pelinux_amd64_100.rpm
sudo sed -i "s/;REGISTRATION_SERVER_ADDRESS rs_address/REGISTRATION_SERVER_ADDRESS changeme!/" /usr/local/Ixia/endpoint.ini
# ICE Service Setup
sudo tee /etc/systemd/system/ICEndpoint.service <<EOF
[Unit]
Description=IxChariotEndpoint
After=network.target
[Service]
Type=simple
User=root
Group=root
ExecStart=/usr/local/Ixia/endpoint -n
WorkingDirectory=/usr/local/Ixia
Restart=always
[Install]
WantedBy=multi-user.target
EOF
sudo systemctl enable ICEndpoint
%end