#version=RHEL7

# System authorization information
auth --enableshadow --passalgo=sha512

# Install OS instead of upgrade
install

# Shutdown after installation
shutdown

# Use network installation
url --url="http://webserver.corp.com/depot/CentOS/7.0/install/"

# Use text mode install instead of graphical (the default)
text

# Firewall configuration
firewall --enabled --service=ssh

# Don't run the Setup Agent on first boot
firstboot --disabled

# Keyboard layouts
# old format: keyboard us
# new format:
keyboard --vckeymap=us --xlayouts='us'

# System language
lang en_US.UTF-8

# Installation logging level
logging --level=info

# Network information
network  --bootproto=dhcp --device=eth0 --ipv6=auto
network  --hostname=localhost.localdomain

# Root password
rootpw --iscrypted yaright.asif

# SELinux configuration
selinux --disabled

# System services
services --disabled="avahi-daemon,iscsi,iscsid,firstboot,kdump" --enabled="network,sshd,rsyslog,tuned"

# Do not configure the X Window System
skipx

# System timezone
timezone America/Chicago --isUtc --ntpservers=ns1.sldc.sbc.com,ns2.sldc.sbc.com,ns3.sldc.sbc.com

# System bootloader configuration
bootloader --append="console=tty0 console=ttyS0,115200n8" --location=mbr --driveorder="vda" --timeout=1 --boot-drive=vda

ignoredisk --only-use=vda
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all  
# Disk partitioning information
part /boot --asprimary --size=250          --fstype="ext4" --fsoptions="defaults,noatime"
part pv.10 --asprimary --size=15500 --grow --fstype="lvmpv"
volgroup vg00 pv.10
logvol /               --size=5000         --fstype="xfs"  --vgname=vg00 --name=root_lv        
logvol swap            --size=4000         --fstype="swap" --vgname=vg00 --name=swap01_lv      
logvol /tmp            --size=2000         --fstype="xfs"  --vgname=vg00 --name=tmp_lv         
logvol /var            --size=2000         --fstype="xfs"  --vgname=vg00 --name=var_lv         
logvol /var/log        --size=1000         --fstype="xfs"  --vgname=vg00 --name=varlog_lv      
logvol /var/log/audit  --size=500          --fstype="xfs"  --vgname=vg00 --name=varlogaudit_lv 
logvol /opt            --size=500          --fstype="xfs"  --vgname=vg00 --name=opt_lv         
logvol /home           --size=500          --fstype="xfs"  --vgname=vg00 --name=home_lv        

%post --logfile /root/ks-post.log
#!/bin/sh

logit() {
	echo "`date '+%Y/%m/%d %H:%M:%S'` - $*"
}

logit "Set virtual-guest as default profile for tuned."
if [ -d /etc/tune-profiles ]; then
	if [ -f /etc/tune-profiles/active-profile ]; then
		cp -p /etc/tune-profiles/active-profile /etc/tune-profiles/.active-profile.000
	fi
	echo "virtual-guest" >/etc/tune-profiles/active-profile
fi

logit "Set eth0 to recover from dhcp errors."
if [ -f /etc/sysconfig/network-scripts/ifcfg-eth0 ]; then
	cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/.ifcfg-eth0.000
fi
cat >/etc/sysconfig/network-scripts/ifcfg-eth0 <<'_EOT'
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
PERSISTENT_DHCLIENT=yes
DEFROUTE=yes
NM_CONTROLLED=no
_EOT

logit "Setup NTP."
if [ -f /etc/ntp.conf ]; then
	cp -p /etc/ntp.conf /etc/.ntp.conf.000
fi
cat >/etc/ntp.conf <<'_EOT'
server ntpserver1.corp.com
server ntpserver2.corp.com
server ntpserver3.corp.com

restrict default notrust nomodify
restrict 127.0.0.1          mask 255.255.255.255

restrict ntpserver1.corp.com  mask 255.255.255.255 nomodify 
restrict ntpserver2.corp.com  mask 255.255.255.255 nomodify
restrict ntpserver3.corp.com  mask 255.255.255.255 nomodify

enable monitor
driftfile /var/lib/ntp/ntp.drift
_EOT
chkconfig ntpd on

logit "Set up the yum http proxy."
if [ -f /etc/yum.conf ]; then
	cp -p /etc/yum.conf /etc/.yum.conf.000
fi
sed -i '/^\[main\]/a proxy=http:\/\/proxy.corp.com:8080\/' /etc/yum.conf

logit "Set SSHD parameters."
if [ -f /etc/ssh/sshd_config ]; then
	cp -p /etc/ssh/sshd_config /etc/ssh/.sshd_config.000
fi
sed -i '/^PermitRootLogin /s/^/#/Ig' /etc/ssh/sshd_config
# Make sure there's an empty line at the end of sshd_config because
# OpenStack's cloud-init strips off the last one for some reason.
cat >>/etc/ssh/sshd_config <<'_EOT'
PermitRootLogin no

_EOT

logit "Lock and remove the root password."
passwd -l root
passwd -d root

logit "Make sure all packages are up to date."
yum -y update

# (OpenStack's virt-sysprep also does this.)
#logit "Clean up installation logs."
#yum clean all
#rm -fr /var/lib/yum/*
#rm -fr /var/log/yum.log
#rm -fr /root/install.log
#rm -fr /root/install.log.syslog
#rm -fr /root/anaconda-ks.cfg
#rm -fr /var/log/anaconda*

%end

%packages
@core
@base
@compat-libraries
@console-internet
@debugging
@hardware-monitoring
@java-platform
@large-systems
@network-file-system-client
@performance
@perl-runtime
chrony
ethtool
ntp
oddjob
tuned
-dhcp
-ipa-client
-ModemManager
-NetworkManager
-wireless-tools
%end