forked from katzj/ami-creator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ks-centos5.cfg
107 lines (94 loc) · 2.26 KB
/
ks-centos5.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# Build a basic CentOS 5 AMI
lang en_US.UTF-8
keyboard us
timezone US/Eastern
auth --useshadow --enablemd5
selinux --disabled
firewall --disabled
bootloader --timeout=1
network --bootproto=dhcp --device=eth0 --onboot=on
services --enabled=network
# Uncomment the next line
# to make the root password be password
# By default the root password is emptied
#rootpw password
#
# Define how large you want your rootfs to be
# NOTE: S3-backed AMIs have a limit of 10G
#
part / --size 512 --fstype ext3
#
# Repositories
repo --name=CentOS5-Base --mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=os
repo --name=CentOS5-Updates --mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=updates
repo --name=CentOS5-Addons --mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=extras
repo --name=EPEL --baseurl=http://download.fedora.redhat.com/pub/epel/5/$basearch/
#
#
# Add all the packages after the base packages
#
%packages --excludedocs --nobase --instLangs=en
@core
system-config-securitylevel-tui
audit
pciutils
bash
coreutils
kernel-xen
grub
e2fsprogs
passwd
policycoreutils
chkconfig
rootfiles
yum
vim-minimal
acpid
openssh-clients
openssh-server
curl
#Allow for dhcp access
dhclient
iputils
%end
#
# Add custom post scripts after the base post.
#
%post
%end
%post --nochroot --erroronfail
# bleah. fedora 14 has a newer version of bdb for rpm
# migrate from bdb47 to bdb45 with db_dump + db_load if needed
if [ $(file $INSTALL_ROOT/var/lib/rpm/Packages | grep -c "version 9") -ne 0 ]; then
pushd $INSTALL_ROOT/var/lib/rpm 2>/dev/null || exit 1
rm -f __db*
for f in * ; do
db_dump $f | db45_load $f.45 || exit 1
mv $f.45 $f
done
popd 2>/dev/null
fi
%end
# more ec2-ify
%post --erroronfail
# disable root password based login
cat >> /etc/ssh/sshd_config << EOF
PermitRootLogin without-password
UseDNS no
EOF
# set up ssh key fetching
cat >> /etc/rc.local << EOF
if [ ! -d /root/.ssh ]; then
mkdir -p /root/.ssh
chmod 700 /root/.ssh
fi
# Fetch public key using HTTP
KEY_FILE=$(mktemp)
curl http://169.254.169.254/2009-04-04/meta-data/public-keys/0/openssh-key 2>/dev/null > \$KEY_FILE
if [ \$? -eq 0 ]; then
cat \$KEY_FILE >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
fi
rm -f \$KEY_FILE
EOF
%end