From 9f1da8f0cde4102c9e1dfb09afa67be3dff9cfa8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= Date: Fri, 6 Mar 2026 17:49:21 +0100 Subject: [PATCH] add kickstart + doc --- README.md | 34 ++++++++++----- kickstart.cfg | 116 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 140 insertions(+), 10 deletions(-) create mode 100644 kickstart.cfg diff --git a/README.md b/README.md index 80ad29e..3901a99 100644 --- a/README.md +++ b/README.md @@ -7,18 +7,33 @@ Creates local mirrors of the CentOS Stream & EPEL repositories and stores them a Create & serve the mirror. ```sh +# Pre-requisites +sudo dnf install -y podman buildah skopeo curl lorax + # Create a local mirror of CentOS Stream 10 -./build.sh +sudo ./build.sh # Serve the mirror on port 8080 -podman run --rm --name mirror-centos-stream-10-$(date -I) -p 8080:8080 localhost/mirrors/centos-stream-10:$(date -I) +sudo podman run -d --rm --name mirror-centos-stream-10-$(date -I) -p 8080:8080 localhost/mirrors/centos-stream-10:$(date -I) # Mirror is alive! curl http://localhost:8080/centos/10-stream/BaseOS/x86_64/iso/SHA256SUM # Archive the mirror for posterity -podman tag localhost/mirrors/centos-stream-10:$(date -I) quay.io/nmasse-redhat/centos-stream-10:$(date -I) -podman push --compression-format=none quay.io/nmasse-redhat/centos-stream-10:$(date -I) +sudo podman save --output centos-stream-10-$(date -I) --format oci-dir --uncompressed localhost/mirrors/centos-stream-10:$(date -I) +sudo podman tag localhost/mirrors/centos-stream-10:$(date -I) quay.io/nmasse-redhat/centos-stream-10:$(date -I) +sudo buildah push --disable-compression quay.io/nmasse-redhat/centos-stream-10:$(date -I) + +# Install a VM from this mirror using Kickstart +sudo mkdir -p /var/lib/libvirt/images/test-centos10 +sudo curl -sSfL -o /var/lib/libvirt/images/test-centos10/CentOS-Stream-10-latest-x86_64-boot.iso http://dev-aarch64.itix.fr/centos/10-stream/BaseOS/x86_64/iso/CentOS-Stream-10-latest-x86_64-boot.iso +sudo mkksiso -R 'set timeout=60' 'set timeout=5' -R 'set default="1"' 'set default="0"' -r console -c console=ttyS0 --ks "kickstart.cfg" /var/lib/libvirt/images/test-centos10/CentOS-Stream-10-latest-x86_64-boot.iso /var/lib/libvirt/images/test-centos10/install.iso +sudo virt-install --name test-centos10 --memory 4096 --vcpus 2 --disk path=/var/lib/libvirt/images/test-centos10/root.qcow2,format=qcow2,bus=virtio,size=100 --cdrom /var/lib/libvirt/images/test-centos10/install.iso --network network=default --console pty,target_type=virtio --serial pty --graphics none --os-variant rhel10-unknown --boot uefi + +# Cleanup the VM +sudo virsh destroy test-centos10 +sudo virsh undefine test-centos10 --nvram +sudo rm -f /var/lib/libvirt/images/test-centos10/root.qcow2 /var/lib/libvirt/images/test-centos10/install.iso ``` To use it in a working system, create `/etc/yum.repos.d/local-mirror.repo` with the following content: @@ -29,7 +44,7 @@ name=Local CentOS Stream $releasever baseurl=http://local.mirror.tld:8080/centos/10-stream/BaseOS/$basearch/os/ enabled=1 gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-Official +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256 [local-epel] name=Local EPEL $releasever @@ -39,12 +54,11 @@ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-10 ``` -To perform an unattended install, add the following lines in your kickstart file: +To perform an unattended install, see the supplied [kickstart script](kickstart.cfg). -``` -url --url=http://local.mirror.tld/centos/10-stream/BaseOS/$basearch/os/ -repo --name=epel --baseurl=http://local.mirror.tld:8080/epel/10/Everything/$basearch/ -``` +## Numbers + +CentOS 10 BaseOS + EPEL 10, x86_64 only, no source, no debug RPM, takes about 32 minutes to synchronize and uses 44 GB on disk. ## Authors diff --git a/kickstart.cfg b/kickstart.cfg new file mode 100644 index 0000000..1e68ab5 --- /dev/null +++ b/kickstart.cfg @@ -0,0 +1,116 @@ +## +## Environment setup +## + +# Where to fetch the installation tree +url --url=http://192.168.122.1:8080/centos/10-stream/BaseOS/$basearch/os/ + +# Add the local mirrors as repositories +repo --name=epel --baseurl=http://192.168.122.1:8080:8080/epel/10/Everything/$basearch/ +repo --name=baseos --baseurl=http://192.168.122.1:8080:8080/centos/10-stream/BaseOS/$basearch/os/ + +# Install mode: text (interactive installs) or cmdline (unattended installs) +text + +# Hash password with SHA-512 +authselect --enableshadow --passalgo=sha512 + +# French keyboard layout +keyboard --vckeymap=fr --xlayouts='fr' + +# English i18n +lang en_US.UTF-8 + +# Accept the EULA +eula --agreed + +# Which action to perform after install: poweroff or reboot +poweroff + +## +## network configuration +## + +# Configure the network +network --bootproto=dhcp --device=enp1s0 --noipv6 --activate + +# Set the hostname +network --hostname=localhost.localdomain + +# Timezone is GMT +timezone Etc/GMT --utc + +## +## partitioning +## + +# Install on /dev/vda +ignoredisk --only-use=vda + +# Install Grub in the MBR of /dev/vda +bootloader --location=mbr --boot-drive=vda + +# Clear the target disk +zerombr + +# Remove existing partitions +clearpart --all --initlabel + +# Automatically create partitions required by hardware platform +reqpart + +# Create the root partition +part / --fstype xfs --size=1 --grow --asprimary --label=root + +## +## User Accounts +## + +# Generate an encrypted password with "openssl passwd -6" +# The default one is "redhat". +rootpw --lock +user --groups=wheel --name=admin --iscrypted --password=$6$REDACTED --gecos="Administrator" + +# Inject the SSH key of the admin +sshkey --username admin "ssh-ed25519 REDACTED user@host" + +## +## SELinux and Firewalld +## + +selinux --enforcing +firewall --enabled --ssh + +## +## Software Packages +## + +%packages --ignoremissing +epel-release +htop +%end + +## +## Install scripts +## + +%post --interpreter=/bin/bash + +# Remove all metalink to prevent all repositories from using on-line mirrors +sed -i 's/^metalink=.*//; T; d' /etc/yum.repos.d/*.repo + +# Disable all repositories +dnf config-manager --setopt=*.enabled=0 --save + +# Fix the base URL of the repositories for which we have a local mirror and enable them. +dnf config-manager --setopt=epel.baseurl=http://192.168.122.1:8080/epel/10/Everything/\$basearch/ --setopt=epel.enabled=1 --save +dnf config-manager --setopt=baseos.baseurl=http://192.168.122.1:8080/centos/10-stream/BaseOS/\$basearch/os/ --setopt=baseos.enabled=1 --save + +# Disable password authentication over SSH +sed -i.post-install -e "s/PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config +service sshd restart + +# Do not ask password for sudo +sed -i.post-install -e "s/^%wheel\tALL=(ALL)\tALL/%wheel ALL=(ALL) NOPASSWD: ALL/" /etc/sudoers + +%end