firewall --disabled cdrom lang en_US.UTF-8 keyboard us timezone UTC {% if template.networks is defined and template.networks[0].ip is defined and template.networks[0].gateway is defined and template.networks[0].netmask is defined %} network --bootproto=static --ip={{ template.networks[0].ip }} --netmask={{ template.networks[0].netmask }} --gateway={{ template.networks[0].gateway }}{% if template.networks[0].dns_servers is defined %} --nameserver={{ template.networks[0].dns_servers|join(',') }}{% endif %} {% else %} network --bootproto=dhcp {% endif %} network --hostname=localhost.localdomain rootpw {{ local_administrator_password }} authselect --enableshadow --passalgo=sha512 {% if template_selinux_enabled is undefined or not template_selinux_enabled %} selinux --disabled {% endif %} text skipx eula --agreed bootloader --append="no_timer_check" clearpart --all --initlabel part /boot/efi --fstype="efi" --size=200 --fsoptions="umask=0077,shortname=winnt" --asprimary part /boot --fstype="xfs" --size=1024 --asprimary part pv.00 --fstype="lvmpv" --size=1 --grow --asprimary volgroup vg00 --pesize=4096 pv.00 logvol swap --fstype="swap" --size=4096 --name=swap --vgname=vg00 logvol / --fstype="xfs" --size=1 --grow --name=root --vgname=vg00 authselect --useshadow --enablemd5 firstboot --disabled services --enabled=NetworkManager,sshd reboot # this doesn't seem to work in RHEL 8.0 #user --name={{ local_account_username }} --plaintext --password {{ local_account_password }} --groups={{ local_account_username }},wheel %packages --ignoremissing --excludedocs @Base @Core openssh-clients sudo openssl-devel readline-devel zlib-devel kernel-headers kernel-devel gcc make perl curl wget ntp nfs-utils net-tools vim curl unbound-libs bzip2 sshpass openssl # unnecessary firmware -aic94xx-firmware -atmel-firmware -b43-openfwwf -bfa-firmware -ipw2100-firmware -ipw2200-firmware -ivtv-firmware -iwl100-firmware -iwl1000-firmware -iwl3945-firmware -iwl4965-firmware -iwl5000-firmware -iwl5150-firmware -iwl6000-firmware -iwl6000g2a-firmware -iwl6050-firmware -libertas-usb8388-firmware -ql2100-firmware -ql2200-firmware -ql23xx-firmware -ql2400-firmware -ql2500-firmware -rt61pci-firmware -rt73usb-firmware -xorg-x11-drv-ati-firmware -zd1211-firmware %end %post # update root certs # wget -O/etc/pki/tls/certs/ca-bundle.crt https://curl.haxx.se/ca/cacert.pem --no-check-certificate # yum reinstall ca-certificates {% if permit_root_login_with_password %} sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config {% endif %} # sudo groupadd {{ local_account_username }} useradd -g {{ local_account_username }} -G {{ local_account_username }},wheel -d /home/{{ local_account_username }} -m -p $(openssl passwd -1 {{ local_account_password }}) {{ local_account_username }} yum install -y sudo echo "{{ local_account_username }} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/{{ local_account_username }} sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers {% if template_selinux_enabled is undefined or not template_selinux_enabled %} sed -i s'/SELINUX=enforcing/SELINUX=disabled'/g /etc/selinux/config {% endif %} yum clean all %end