Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
centos:ansible:pxe [21.06.2020 09:03. ] – [Ansible-Orchestrator-Management-Host] django | centos:ansible:pxe [14.09.2022 16:52. ] (aktuell) – Seite umgezogen django | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
- | ====== Installation eines Ansible-Orchestrator-Management-Hosts mit Hilfe eines Kickstartfiles für CentOS 8.x (PXE-Server) ====== | ||
- | <WRAP center round todo 55%> | ||
- | **Seite in der Entstehung, noch nicht aktuell! Wird laufend aktualisiert!** | ||
- | </ | ||
- | |||
- | Kurz mal einen Rechner zu installieren, | ||
- | |||
- | <WRAP center round tip 80%> | ||
- | Wir wollen aber in folgendem Beispiel automatisiert unseren **AOMH**((**A**nsible-**O**rchestrator-**M**anagement-**H**osts)) reproduzierbar vie PXE installieren, | ||
- | </ | ||
- | |||
- | |||
- | ===== Voraussetzungen ===== | ||
- | ==== TFTP-/ | ||
- | Folgende Voraussetzungen müssen hierzu erfüllt werden: | ||
- | - Der [[centos: | ||
- | - Ein [[centos: | ||
- | - Eine Definition des [[centos: | ||
- | - Die Netzwerkkarte im Clientrechner __muss__ PXE unterstützen! | ||
- | |||
- | ==== SSH-Schlüsselmaterial ==== | ||
- | Der Grundgedanke bei dieser Vorhaben ist, im Zweifel immer wieder exakt den gleichen **Ansible-Ochestrator-Management-Host** reproduzierbar aufzusetzen, | ||
- | |||
- | Im Kapitel **[[centos: | ||
- | |||
- | Wir erstellen uns nun einen **ED25519**-Schlüssel (**'' | ||
- | $ ssh-keygen -t ed25519 -a 100 -C ' | ||
- | |||
- | < | ||
- | Enter passphrase (empty for no passphrase): | ||
- | Enter same passphrase again: | ||
- | Your identification has been saved in ~/ | ||
- | Your public key has been saved in ~/ | ||
- | The key fingerprint is: | ||
- | SHA256: | ||
- | The key's randomart image is: | ||
- | +--[ED25519 256]--+ | ||
- | | | ||
- | | .E+ +.+. | | ||
- | | ++.. = * | | ||
- | | +..+ + O . | | ||
- | | | ||
- | | ... o * . | | ||
- | | .oo o + + .| | ||
- | | .... o . = | | ||
- | | | ||
- | +----[SHA256]-----</ | ||
- | |||
- | Die beiden Key-Files kopieren wir dann auf ein vertrauenswürdiges Medium, auf welches wir jederzeit wiieder zurückgreifen können. | ||
- | $ ll .ssh/ | ||
- | < | ||
- | -rw-r--r--. 1 ansible ansible 100 Jun 20 13:08 id_ed25519_ansible.pub</ | ||
- | |||
- | <WRAP center round important 80%> | ||
- | Ob das nun ein sicherer USB-Speicherstick wie der **[[https:// | ||
- | </ | ||
- | |||
- | |||
- | |||
- | ===== Ansible-Orchestrator-Management-Host ===== | ||
- | ==== Aufgabenstellung ==== | ||
- | Wie Eingangs schon angesprochen, | ||
- | |||
- | Folgende Aufgaben wird unser Script für uns reproduzierbar künftig erledigen: | ||
- | - **[[centos: | ||
- | - **IP-Adresse und Hostname** Durch Angabe des Hostnamens beim Booten des Installationsimages wollen wir diesen setzen und auch die zugehörige IP-Adresse übernehmen lassen. (Der Hostname wir so z.B. auch bei der Definition der VolumeGroup eines LVMs verwendet.) | ||
- | - **Installations-Logfile** zum Nachvollziehen der erfolgten INstallation unter **''/ | ||
- | - **[[centos: | ||
- | - **[[centos: | ||
- | - **[[centos: | ||
- | - **[[centos: | ||
- | - **[[wiki: | ||
- | - Zusätzlich zum Standard soll auch noch das Repository **[[centos: | ||
- | - **Update** Zum Schluss stellen wir noch sicher dass alle installierten Pakete in der aktuellsten Version vorliegen und lassen dann das System neu starten. | ||
- | |||
- | FIXME **//do geds weida ...//** | ||
- | |||
- | ==== temporärer ÜBerschrift als Trenner ==== | ||
- | |||
- | Hierzu erweitern wir die zuvor angelegte Kickstartdatei // | ||
- | # vim / | ||
- | |||
- | <file bash / | ||
- | # Version=CentOS 8 (RHEL 8) | ||
- | |||
- | # Tastaturlayout definieren | ||
- | keyboard --vckeymap=de-nodeadkeys --xlayouts=' | ||
- | |||
- | # Systemsprache setzen | ||
- | lang en_US.UTF-8 | ||
- | |||
- | # Definition der Netzwerkeinstellungeni - setzen der Netzwerk-Adresse und Hostname | ||
- | # die aus dem Preinstall-Script beim PXE-Boot übernommen wurden. | ||
- | %include / | ||
- | |||
- | # Zeitzone setzen | ||
- | timezone Europe/ | ||
- | services --enabled=" | ||
- | |||
- | # Netzwerkinstallation aus dem eigenen Repository mit den aktuellen Paketen | ||
- | url --url=" | ||
- | repo --name=" | ||
- | |||
- | # Root-Passwort verschlüsselt vorgeben | ||
- | rootpw --iscrypted $6$Z46HtZ/ | ||
- | |||
- | # Default-Benutzerkonto anlegen | ||
- | user --name=django --password=$6$2.fGKBeQa18GE6XwDMXG6$QX/ | ||
- | |||
- | # vorhandene Partitionen löschen | ||
- | ignoredisk --only-use=vda | ||
- | clearpart --all --initlabel --drives=vda | ||
- | # autopart --type=lvm | ||
- | |||
- | # GUI für Installation verwenden | ||
- | graphical | ||
- | |||
- | # Kein X Window System konfigurieren, | ||
- | skipx | ||
- | |||
- | # Reboot nach der Installation ausführen | ||
- | reboot | ||
- | |||
- | # Paketauswahl definieren (Minimalinstallation mit zusätzlichen Paketen | ||
- | %packages | ||
- | @^minimal-environment | ||
- | -iwl*firmware | ||
- | vim | ||
- | bash-completion | ||
- | bind-utils | ||
- | wget | ||
- | telnet | ||
- | net-tools | ||
- | lsof | ||
- | %end | ||
- | |||
- | %addon com_redhat_kdump --disable --reserve-mb=' | ||
- | %end | ||
- | |||
- | %anaconda | ||
- | pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty | ||
- | pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok | ||
- | pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty | ||
- | %end | ||
- | |||
- | #%end | ||
- | |||
- | %addon com_redhat_kdump --disable --reserve-mb=' | ||
- | |||
- | %end | ||
- | |||
- | # Preinstall-Anweisungen Netzwerk-Adresse und Hostname ermitteln und setzen | ||
- | %pre | ||
- | #!/bin/bash | ||
- | echo " | ||
- | for x in `cat / | ||
- | case $x in SERVERNAME*) | ||
- | eval $x | ||
- | NULL=${SERVERNAME: | ||
- | if [ " | ||
- | echo " | ||
- | else | ||
- | if [ " | ||
- | OCTET=${SERVERNAME: | ||
- | else | ||
- | OCTET=${SERVERNAME: | ||
- | fi | ||
- | echo " | ||
- | fi | ||
- | ;; | ||
- | esac; | ||
- | done | ||
- | %end | ||
- | |||
- | # Postinstall-Anweisungen | ||
- | %post --log=/ | ||
- | #!/bin/bash | ||
- | DATUM=$(date +" | ||
- | for x in `cat / | ||
- | case $x in SERVERNAME*) | ||
- | eval $x | ||
- | |||
- | ############ | ||
- | sed -i ' | ||
- | grub2-mkconfig -o / | ||
- | ################################################################################# | ||
- | |||
- | ######################## | ||
- | # / | ||
- | cat << | ||
- | ############################################################################## | ||
- | # # | ||
- | # This is a private home server. | ||
- | # # | ||
- | # | ||
- | # # | ||
- | # This system is actively monitored and all connections may be logged. | ||
- | # By accessing this system, you consent to this monitoring. | ||
- | # # | ||
- | ############################################################################## | ||
- | ISSUE.NET | ||
- | |||
- | chown root:root / | ||
- | chmod 644 / | ||
- | |||
- | # /etc/motd anlegen | ||
- | cat << | ||
- | ############################################################################## | ||
- | # # | ||
- | # This is the home server of Michael Nausch. | ||
- | # # | ||
- | # $SERVERNAME.nausch.org | ||
- | # # | ||
- | # | ||
- | # # | ||
- | # This system is actively monitored and all connections may be logged. | ||
- | # By accessing this system, you consent to this monitoring. | ||
- | # # | ||
- | ############################################################################## | ||
- | MOTD | ||
- | |||
- | chown root:root /etc/motd | ||
- | chmod 644 /etc/motd | ||
- | ################################################################################# | ||
- | |||
- | ########################### | ||
- | cp -a / | ||
- | cat << | ||
- | # $OpenBSD: sshd_config, | ||
- | |||
- | # This is the sshd server system-wide configuration file. See | ||
- | # sshd_config(5) for more information. | ||
- | |||
- | # This sshd was compiled with PATH=/ | ||
- | |||
- | # The strategy used for options in the default sshd_config shipped with | ||
- | # OpenSSH is to specify options with their default value where | ||
- | # possible, but leave them commented. | ||
- | # default value. | ||
- | |||
- | # If you want to change the port on a SELinux system, you have to tell | ||
- | # SELinux about this change. | ||
- | # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER | ||
- | # | ||
- | # Specifies which address family should be used by sshd(8). Valid arguments | ||
- | # are '' | ||
- | # | ||
- | |||
- | # Specifies the local addresses sshd(8) should listen on. The following | ||
- | # forms may be used: | ||
- | # | ||
- | # | ||
- | # | ||
- | # If port is not specified, sshd will listen on the address and all prior | ||
- | # Port options specified. The default is to listen on all local addresses. | ||
- | # Multiple ListenAddress options are permitted. Additionally, | ||
- | # options must precede this option for non-port qualified addresses. | ||
- | #Port 22 | ||
- | # | ||
- | # | ||
- | |||
- | # Specifies a file containing a private host key used by SSH. The default | ||
- | # is / | ||
- | # / | ||
- | # version 2. Note that sshd(8) will refuse to use a file if it is | ||
- | # group/ | ||
- | # '' | ||
- | # version 2 of the SSH protocol. | ||
- | HostKey / | ||
- | |||
- | # Specifies the ciphers allowed for protocol version 2. Multiple ciphers | ||
- | # must be comma-separated. The supported ciphers are '' | ||
- | # '' | ||
- | # '' | ||
- | # '' | ||
- | Ciphers chacha20-poly1305@openssh.com, | ||
- | |||
- | # MACs' Specifies the available MAC (message authentication code) | ||
- | # algorithms. The MAC algorithm is used in protocol version 2 for data | ||
- | # integrity protection. Multiple algorithms must be comma-separated. | ||
- | MACs hmac-sha2-512-etm@openssh.com, | ||
- | |||
- | # Specifies the available KEX (Key Exchange) algorithms. Multiple | ||
- | # algorithms must be comma-separated. For ineroperability with Eclipse | ||
- | # and WinSCP): | ||
- | # KexAlgorithms curve25519-sha256@libssh.org, | ||
- | # If needed, open / | ||
- | # 5th column is less than 2000. | ||
- | # awk '$5 > 2000' / | ||
- | # wc -l " | ||
- | # make sure there is something left | ||
- | # mv " | ||
- | # | ||
- | KexAlgorithms curve25519-sha256@libssh.org | ||
- | |||
- | # Ciphers and keying | ||
- | #RekeyLimit default none | ||
- | |||
- | # System-wide Crypto policy: | ||
- | # This system is following system-wide crypto policy. The changes to | ||
- | # Ciphers, MACs, KexAlgoritms and GSSAPIKexAlgorithsm will not have any | ||
- | # effect here. They will be overridden by command-line options passed on | ||
- | # the server start up. | ||
- | # To opt out, uncomment a line with redefinition of CRYPTO_POLICY= | ||
- | # variable in / | ||
- | # For more information, | ||
- | |||
- | # Logging | ||
- | # Gives the facility code that is used when logging messages from sshd(8). | ||
- | # The possible values are: DAEMON, USER, AUTH, AUTHPRIV, LOCAL0, LOCAL1, | ||
- | # LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. | ||
- | SyslogFacility AUTHPRIV | ||
- | |||
- | # Gives the verbosity level that is used when logging messages from sshd(8). | ||
- | # The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, | ||
- | # DEBUG1, DEBUG2, and DEBUG3. The default is INFO. DEBUG and DEBUG1 are | ||
- | # equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging | ||
- | # output. Logging with a DEBUG level violates the privacy of users and is | ||
- | # not recommended. | ||
- | # LogLevel VERBOSE logs user's key fingerprint on login. Needed to have a | ||
- | # clear audit track of which key was using to log in. | ||
- | LogLevel VERBOSE | ||
- | |||
- | # Authentication: | ||
- | # The server disconnects after this time if the user has not successfully | ||
- | # logged in. If the value is 0, there is no time limit. | ||
- | LoginGraceTime 0 | ||
- | |||
- | # Specifies whether root can log in using ssh(1). The argument must be | ||
- | # '' | ||
- | # The default is '' | ||
- | # password authentication is disabled for root. If this option is set to | ||
- | # '' | ||
- | # be allowed, but only if the command option has been specified (which | ||
- | # may be useful for taking remote backups even if root login is normally | ||
- | # not allowed). All other authentication methods are disabled for root. | ||
- | # If this option is set to '' | ||
- | PermitRootLogin no | ||
- | |||
- | # This keyword can be followed by a list of user name patterns, separated | ||
- | # by spaces. If specified, login is allowed only for user names that match | ||
- | # one of the patterns. Only user names are valid; a numerical user ID is | ||
- | # not recognized. By default, login is allowed for all users. If the pattern | ||
- | # takes the form USER@HOST then USER and HOST are separately checked, | ||
- | # restricting logins to particular users from particular hosts. The | ||
- | # allow/deny directives are processed in the following order: | ||
- | # DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. | ||
- | AllowUsers django | ||
- | |||
- | # Specifies whether sshd(8) should check file modes and ownership of the | ||
- | # user's files and home directory before accepting login. This is normally | ||
- | # desirable because novices sometimes accidentally leave their directory | ||
- | # or files world-writable. | ||
- | StrictModes yes | ||
- | |||
- | # Specifies the maximum number of authentication attempts permitted per | ||
- | # connection. Once the number of failures reaches half this value, | ||
- | # additional failures are logged. | ||
- | MaxAuthTries 10 | ||
- | |||
- | # Specifies the maximum number of open sessions permitted per network | ||
- | # connection. | ||
- | MaxSessions 10 | ||
- | |||
- | # Specifies the file that contains the public keys that can be used for | ||
- | # user authentication. AuthorizedKeysFile may contain tokens of the form | ||
- | # %T which are substituted during connection setup. The following tokens | ||
- | # are defined: %% is replaced by a literal ' | ||
- | # home directory of the user being authenticated, | ||
- | # the username of that user. After expansion, AuthorizedKeysFile is | ||
- | # taken to be an absolute path or one relative to the user's home directory. | ||
- | AuthorizedKeysFile | ||
- | |||
- | # Specifies whether public key authentication is allowed. The default is | ||
- | # '' | ||
- | PubkeyAuthentication yes | ||
- | |||
- | |||
- | # | ||
- | # | ||
- | # | ||
- | |||
- | # For this to work you will also need host keys in / | ||
- | # | ||
- | # Change to yes if you don't trust ~/ | ||
- | # HostbasedAuthentication | ||
- | # | ||
- | # Don't read the user's ~/.rhosts and ~/.shosts files | ||
- | # | ||
- | |||
- | # To disable tunneled clear text passwords, change to no here! | ||
- | # | ||
- | # | ||
- | |||
- | # Specifies whether password authentication is allowed. To disable tunneled | ||
- | # clear text passwords, change to no here! | ||
- | PasswordAuthentication no | ||
- | |||
- | # Specifies whether challenge-response authentication is allowed | ||
- | # (e.g. via PAM or though authentication styles supported in login.conf(5)) | ||
- | # Change to no to disable s/key passwords | ||
- | ChallengeResponseAuthentication no | ||
- | |||
- | # Kerberos options | ||
- | # | ||
- | # | ||
- | # | ||
- | # | ||
- | # | ||
- | |||
- | # Specifies whether user authentication based on GSSAPI is allowed. | ||
- | GSSAPIAuthentication yes | ||
- | |||
- | # Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key | ||
- | # exchange doesn' | ||
- | # | ||
- | |||
- | # Specifies whether to automatically destroy the user's credentials cache | ||
- | # on logout. | ||
- | GSSAPICleanupCredentials no | ||
- | |||
- | # Determines whether to be strict about the identity of the GSSAPI acceptor | ||
- | # a client authenticates against. If '' | ||
- | # against the host service on the current hostname. If '' | ||
- | # may authenticate against any service key stored in the machine' | ||
- | # store. This facility is provided to assist with operation on multi homed | ||
- | # machines. The default is '' | ||
- | # protocol version 2 GSSAPI connections, | ||
- | # work with recent Kerberos GSSAPI libraries. | ||
- | # | ||
- | |||
- | # | ||
- | |||
- | # Set this to ' | ||
- | # and session processing. If this is enabled, PAM authentication will | ||
- | # be allowed through the ChallengeResponseAuthentication and | ||
- | # PasswordAuthentication. | ||
- | # PAM authentication via ChallengeResponseAuthentication may bypass | ||
- | # the setting of " | ||
- | # If you just want the PAM account and session checks to run without | ||
- | # PAM authentication, | ||
- | # and ChallengeResponseAuthentication to ' | ||
- | # WARNING: ' | ||
- | # problems. | ||
- | UsePAM yes | ||
- | |||
- | # Specifies whether X11 forwarding is permitted. The argument must be | ||
- | # '' | ||
- | # When X11 forwarding is enabled, there may be additional exposure to the | ||
- | # server and to client displays if the sshd(8) proxy display is configured | ||
- | # to listen on the wildcard address (see X11UseLocalhost below), though this | ||
- | # is not the default. Additionally, | ||
- | # authentication data verification and substitution occur on the client side. | ||
- | # The security risk of using X11 forwarding is that the client' | ||
- | # server may be exposed to attack when the SSH client requests forwarding | ||
- | # (see the warnings for ForwardX11 in ssh_config(5)). A system administrator | ||
- | # may have a stance in which they want to protect clients that may expose | ||
- | # themselves to attack by unwittingly requesting X11 forwarding, which can | ||
- | # warrant a '' | ||
- | # prevent users from forwarding X11 traffic, as users can always install | ||
- | # their own forwarders. X11 forwarding is automatically disabled if UseLogin | ||
- | # is enabled. | ||
- | X11Forwarding yes | ||
- | |||
- | # Specifies the first display number available for sshd(8)' | ||
- | # This prevents sshd from interfering with real X11 servers. | ||
- | # The default is 10. | ||
- | # | ||
- | |||
- | # Specifies whether sshd(8) should bind the X11 forwarding server to the | ||
- | # loopback address or to the wildcard address. By default, sshd binds the | ||
- | # forwarding server to the loopback address and sets the hostname part of | ||
- | # the DISPLAY environment variable to '' | ||
- | # hosts from connecting to the proxy display. However, some older X11 clients | ||
- | # may not function with this configuration. X11UseLocalhost may be set to | ||
- | # '' | ||
- | # wildcard address. The argument must be '' | ||
- | # '' | ||
- | # | ||
- | |||
- | # Specifies whether ssh-agent(1) forwarding is permitted. The default is | ||
- | # '' | ||
- | # unless users are also denied shell access, as they can always install | ||
- | # their own forwarders. | ||
- | # | ||
- | |||
- | # Specifies whether TCP forwarding is permitted. The default is '' | ||
- | # Note that disabling TCP forwarding does not improve security unless users | ||
- | # are also denied shell access, as they can always install their own | ||
- | # forwarders. | ||
- | # | ||
- | |||
- | # Specifies whether remote hosts are allowed to connect to ports forwarded | ||
- | # for the client. By default, sshd(8) binds remote port forwardings to the | ||
- | # loopback address. This prevents other remote hosts from connecting to | ||
- | # forwarded ports. GatewayPorts can be used to specify that sshd should | ||
- | # allow remote port forwardings to bind to non-loopback addresses, thus | ||
- | # allowing other hosts to connect. The argument may be '' | ||
- | # remote port forwardings to be available to the local host only, '' | ||
- | # to force remote port forwardings to bind to the wildcard address, or | ||
- | # '' | ||
- | # the forwarding is bound. The default is '' | ||
- | # | ||
- | |||
- | #PermitTTY yes | ||
- | |||
- | # It is recommended to use pam_motd in / | ||
- | # as it is more configurable and versatile than the built-in version. | ||
- | PrintMotd no | ||
- | |||
- | # | ||
- | # | ||
- | # | ||
- | # | ||
- | # | ||
- | # | ||
- | # | ||
- | #UseDNS no | ||
- | #PidFile / | ||
- | # | ||
- | # | ||
- | # | ||
- | # | ||
- | |||
- | # The contents of the specified file are sent to the remote user before | ||
- | # authentication is allowed. | ||
- | Banner / | ||
- | |||
- | # Accept locale-related environment variables | ||
- | AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES | ||
- | AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT | ||
- | AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE | ||
- | AcceptEnv XMODIFIERS | ||
- | |||
- | # Configures an external subsystem (e.g. file transfer daemon). Arguments | ||
- | # should be a subsystem name and a command (with optional arguments) to | ||
- | # execute upon subsystem request. Log sftp level file access | ||
- | # (read/ | ||
- | Subsystem sftp / | ||
- | |||
- | # Example of overriding settings on a per-user basis | ||
- | #Match User anoncvs | ||
- | # | ||
- | # | ||
- | # PermitTTY no | ||
- | # | ||
- | SSHD_CONFIG | ||
- | chown root:root / | ||
- | chmod 600 / | ||
- | ################################################################################# | ||
- | |||
- | ####################### | ||
- | mkdir / | ||
- | chmod 700 / | ||
- | chown django: | ||
- | cat << | ||
- | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AA/ | ||
- | AUTHORIZED_KEYS | ||
- | chmod 644 / | ||
- | chown django: | ||
- | ################################################################################# | ||
- | |||
- | ############### | ||
- | cp -a / | ||
- | cat << | ||
- | # CentOS-AppStream.repo | ||
- | # | ||
- | # The mirror system uses the connecting IP address of the client and the | ||
- | # update status of each mirror to pick mirrors that are updated to and | ||
- | # geographically close to the client. | ||
- | # unless you are manually picking other mirrors. | ||
- | # | ||
- | # If the mirrorlist= does not work for you, as a fall back you can try the | ||
- | # remarked out baseurl= line instead. | ||
- | # | ||
- | # | ||
- | |||
- | [AppStream] | ||
- | name=CentOS-\$releasever - AppStream | ||
- | baseurl=http:// | ||
- | gpgcheck=1 | ||
- | enabled=1 | ||
- | gpgkey=file:/// | ||
- | CENTOS-APPSTREAM | ||
- | chown root:root / | ||
- | chmod 644 / | ||
- | |||
- | cp -a / | ||
- | cat << | ||
- | # CentOS-Base.repo | ||
- | # | ||
- | # The mirror system uses the connecting IP address of the client and the | ||
- | # update status of each mirror to pick mirrors that are updated to and | ||
- | # geographically close to the client. | ||
- | # unless you are manually picking other mirrors. | ||
- | # | ||
- | # If the mirrorlist= does not work for you, as a fall back you can try the | ||
- | # remarked out baseurl= line instead. | ||
- | # | ||
- | # | ||
- | |||
- | [BaseOS] | ||
- | name=CentOS-\$releasever - Base | ||
- | baseurl=http:// | ||
- | gpgcheck=1 | ||
- | enabled=1 | ||
- | gpgkey=file:/// | ||
- | CENTOS-BASE | ||
- | chown root:root / | ||
- | chmod 644 / | ||
- | |||
- | cp -a / | ||
- | cat << | ||
- | # CentOS-Extras.repo | ||
- | # | ||
- | # The mirror system uses the connecting IP address of the client and the | ||
- | # update status of each mirror to pick mirrors that are updated to and | ||
- | # geographically close to the client. | ||
- | # unless you are manually picking other mirrors. | ||
- | # | ||
- | # If the mirrorlist= does not work for you, as a fall back you can try the | ||
- | # remarked out baseurl= line instead. | ||
- | # | ||
- | # | ||
- | |||
- | #additional packages that may be useful | ||
- | [extras] | ||
- | name=CentOS-\$releasever - Extras | ||
- | baseurl=http:// | ||
- | gpgcheck=1 | ||
- | enabled=1 | ||
- | gpgkey=file:/// | ||
- | CENTOS-EXTRAS | ||
- | chown root:root / | ||
- | chmod 644 / | ||
- | ################################################################################# | ||
- | |||
- | ###### EPEL installieren und lokales gespiegeltes EPEL-Repository benutzen ###### | ||
- | dnf install epel-release -y | ||
- | rpm --import https:// | ||
- | |||
- | cp -a / | ||
- | cat << | ||
- | [epel-modular] | ||
- | name=Extra Packages for Enterprise Linux Modular \$releasever - \$basearch | ||
- | baseurl=http:// | ||
- | enabled=1 | ||
- | gpgcheck=1 | ||
- | gpgkey=file:/// | ||
- | |||
- | [epel-modular-debuginfo] | ||
- | name=Extra Packages for Enterprise Linux Modular \$releasever - \$basearch - Debug | ||
- | baseurl=http:// | ||
- | enabled=0 | ||
- | gpgkey=file:/// | ||
- | gpgcheck=1 | ||
- | |||
- | [epel-modular-source] | ||
- | name=Extra Packages for Enterprise Linux Modular \$releasever - \$basearch - Source | ||
- | baseurl=http:// | ||
- | enabled=0 | ||
- | gpgkey=file:/// | ||
- | gpgcheck=1 | ||
- | |||
- | EPEL-MODULAR | ||
- | chown root:root / | ||
- | chmod 644 / | ||
- | |||
- | cp -a / | ||
- | cat << | ||
- | [epel] | ||
- | name=Extra Packages for Enterprise Linux \$releasever - \$basearch | ||
- | baseurl=http:// | ||
- | enabled=1 | ||
- | gpgcheck=1 | ||
- | gpgkey=file:/// | ||
- | |||
- | [epel-debuginfo] | ||
- | name=Extra Packages for Enterprise Linux \$releasever - \$basearch - Debug | ||
- | baseurl=http:// | ||
- | enabled=0 | ||
- | gpgkey=file:/// | ||
- | gpgcheck=1 | ||
- | |||
- | [epel-source] | ||
- | name=Extra Packages for Enterprise Linux \$releasever - \$basearch - Source | ||
- | baseurl=http:// | ||
- | enabled=0 | ||
- | gpgkey=file:/// | ||
- | gpgcheck=1 | ||
- | EPEL | ||
- | chown root:root / | ||
- | chmod 644 / | ||
- | ################################################################################# | ||
- | |||
- | ############################ | ||
- | dnf update -y | ||
- | ################################################################################# | ||
- | ;; | ||
- | esac; | ||
- | done | ||
- | %end | ||
- | |||
- | </ | ||
- | |||
- | Damit nun beim Laden der Menüdatei bei PXE-Boot die überarbeitete Kickstart-Datei geladen werden kann, erweitern wir nun die Menü-Datei unseres PXE-Bootservers. | ||
- | |||
- | # vim / | ||
- | Dort tragen wir beim betreffenden **LABEL** die Optionen **'' | ||
- | < | ||
- | MENU LABEL ^3) Installation von CentOS 8 (64 Bit) | ||
- | | ||
- | | ||
- | </ | ||
- | |||
- | Anschliessend starten wir wie gewohnt unsere virtuelle Maschine. | ||
- | |||
- | {{ : | ||
- | |||
- | <WRAP center round tip 80%> | ||
- | |||
- | Zum Setzen des Hostnamens wählen wir nun wie gewünscht den betreffenden Menüpunkt aus, drücken dann aber **__NICHT__** die **EINGABETASTE**, | ||
- | </ | ||
- | |||
- | {{ : | ||
- | |||
- | Am Ende des Installationsvorganges werden wir informiert, dass das postinstall-script, | ||
- | |||
- | {{ : | ||
- | |||
- | Nach kurzer Wartezeit haben wir ein neues, vorkonfiguriertes und vor allem aktuelles System, bei dem wir uns direkt per **'' | ||
- | $ ssh 10.0.0.50 | ||
- | |||
- | < | ||
- | ED25519 key fingerprint is SHA256: | ||
- | Are you sure you want to continue connecting (yes/ | ||
- | Warning: Permanently added ' | ||
- | ############################################################################## | ||
- | # # | ||
- | # This is a private home server. | ||
- | # # | ||
- | # | ||
- | # # | ||
- | # This system is actively monitored and all connections may be logged. | ||
- | # By accessing this system, you consent to this monitoring. | ||
- | # # | ||
- | ############################################################################## | ||
- | ############################################################################## | ||
- | # # | ||
- | # This is the home server of Michael Nausch. | ||
- | # # | ||
- | # vml000050.nausch.org | ||
- | # # | ||
- | # | ||
- | # # | ||
- | # This system is actively monitored and all connections may be logged. | ||
- | # By accessing this system, you consent to this monitoring. | ||
- | # # | ||
- | ##############################################################################</ | ||
- | |||
- | Die Netzwerkschnittstelle hat entsprechend die gewünschte Bezeichnung erhalten. | ||
- | # ip a | ||
- | |||
- | < | ||
- | link/ | ||
- | inet 127.0.0.1/8 scope host lo | ||
- | | ||
- | inet6 ::1/128 scope host | ||
- | | ||
- | 2: eth0: < | ||
- | link/ether 52: | ||
- | inet 10.0.0.50/ | ||
- | | ||
- | inet6 fe80:: | ||
- | | ||
- | |||
- | Das System ist auch mit den aktuellesten Programmpaketen bestückt. | ||
- | # dnf update | ||
- | |||
- | < | ||
- | Dependencies resolved. | ||
- | Nothing to do. | ||
- | Complete!</ | ||