nicolas
/
podman-rpm-mirror
mirror of https://github.com/nmasse-itix/podman-rpm-mirror.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

add kickstart + doc

main
Nicolas Massé 2 weeks ago
parent
12c4382ec2
commit
9f1da8f0cd
2 changed files with 140 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 34
      README.md
  2. 116
      kickstart.cfg

34
README.md
View File

@ -7,18 +7,33 @@ Creates local mirrors of the CentOS Stream & EPEL repositories and stores them a
Create & serve the mirror. Create & serve the mirror.
```sh ```sh
# Pre-requisites
sudo dnf install -y podman buildah skopeo curl lorax
# Create a local mirror of CentOS Stream 10 # Create a local mirror of CentOS Stream 10
./build.sh sudo ./build.sh
# Serve the mirror on port 8080 # Serve the mirror on port 8080
podman run --rm --name mirror-centos-stream-10-$(date -I) -p 8080:8080 localhost/mirrors/centos-stream-10:$(date -I) sudo podman run -d --rm --name mirror-centos-stream-10-$(date -I) -p 8080:8080 localhost/mirrors/centos-stream-10:$(date -I)
# Mirror is alive! # Mirror is alive!
curl http://localhost:8080/centos/10-stream/BaseOS/x86_64/iso/SHA256SUM curl http://localhost:8080/centos/10-stream/BaseOS/x86_64/iso/SHA256SUM
# Archive the mirror for posterity # Archive the mirror for posterity
podman tag localhost/mirrors/centos-stream-10:$(date -I) quay.io/nmasse-redhat/centos-stream-10:$(date -I) sudo podman save --output centos-stream-10-$(date -I) --format oci-dir --uncompressed localhost/mirrors/centos-stream-10:$(date -I)
podman push --compression-format=none quay.io/nmasse-redhat/centos-stream-10:$(date -I) sudo podman tag localhost/mirrors/centos-stream-10:$(date -I) quay.io/nmasse-redhat/centos-stream-10:$(date -I)
sudo buildah push --disable-compression quay.io/nmasse-redhat/centos-stream-10:$(date -I)
# Install a VM from this mirror using Kickstart
sudo mkdir -p /var/lib/libvirt/images/test-centos10
sudo curl -sSfL -o /var/lib/libvirt/images/test-centos10/CentOS-Stream-10-latest-x86_64-boot.iso http://dev-aarch64.itix.fr/centos/10-stream/BaseOS/x86_64/iso/CentOS-Stream-10-latest-x86_64-boot.iso
sudo mkksiso -R 'set timeout=60' 'set timeout=5' -R 'set default="1"' 'set default="0"' -r console -c console=ttyS0 --ks "kickstart.cfg" /var/lib/libvirt/images/test-centos10/CentOS-Stream-10-latest-x86_64-boot.iso /var/lib/libvirt/images/test-centos10/install.iso
sudo virt-install --name test-centos10 --memory 4096 --vcpus 2 --disk path=/var/lib/libvirt/images/test-centos10/root.qcow2,format=qcow2,bus=virtio,size=100 --cdrom /var/lib/libvirt/images/test-centos10/install.iso --network network=default --console pty,target_type=virtio --serial pty --graphics none --os-variant rhel10-unknown --boot uefi
# Cleanup the VM
sudo virsh destroy test-centos10
sudo virsh undefine test-centos10 --nvram
sudo rm -f /var/lib/libvirt/images/test-centos10/root.qcow2 /var/lib/libvirt/images/test-centos10/install.iso
``` ```
To use it in a working system, create `/etc/yum.repos.d/local-mirror.repo` with the following content: To use it in a working system, create `/etc/yum.repos.d/local-mirror.repo` with the following content:
@ -29,7 +44,7 @@ name=Local CentOS Stream $releasever
baseurl=http://local.mirror.tld:8080/centos/10-stream/BaseOS/$basearch/os/ baseurl=http://local.mirror.tld:8080/centos/10-stream/BaseOS/$basearch/os/
enabled=1 enabled=1
gpgcheck=1 gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-Official gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
[local-epel] [local-epel]
name=Local EPEL $releasever name=Local EPEL $releasever
@ -39,12 +54,11 @@ gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-10 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-10
``` ```
To perform an unattended install, add the following lines in your kickstart file: To perform an unattended install, see the supplied [kickstart script](kickstart.cfg).
``` ## Numbers
url --url=http://local.mirror.tld/centos/10-stream/BaseOS/$basearch/os/
repo --name=epel --baseurl=http://local.mirror.tld:8080/epel/10/Everything/$basearch/ CentOS 10 BaseOS + EPEL 10, x86_64 only, no source, no debug RPM, takes about 32 minutes to synchronize and uses 44 GB on disk.
```
## Authors ## Authors

116
kickstart.cfg
View File

@ -0,0 +1,116 @@
##
## Environment setup
##
# Where to fetch the installation tree
url --url=http://192.168.122.1:8080/centos/10-stream/BaseOS/$basearch/os/
# Add the local mirrors as repositories
repo --name=epel --baseurl=http://192.168.122.1:8080:8080/epel/10/Everything/$basearch/
repo --name=baseos --baseurl=http://192.168.122.1:8080:8080/centos/10-stream/BaseOS/$basearch/os/
# Install mode: text (interactive installs) or cmdline (unattended installs)
text
# Hash password with SHA-512
authselect --enableshadow --passalgo=sha512
# French keyboard layout
keyboard --vckeymap=fr --xlayouts='fr'
# English i18n
lang en_US.UTF-8
# Accept the EULA
eula --agreed
# Which action to perform after install: poweroff or reboot
poweroff
##
## network configuration
##
# Configure the network
network --bootproto=dhcp --device=enp1s0 --noipv6 --activate
# Set the hostname
network --hostname=localhost.localdomain
# Timezone is GMT
timezone Etc/GMT --utc
##
## partitioning
##
# Install on /dev/vda
ignoredisk --only-use=vda
# Install Grub in the MBR of /dev/vda
bootloader --location=mbr --boot-drive=vda
# Clear the target disk
zerombr
# Remove existing partitions
clearpart --all --initlabel
# Automatically create partitions required by hardware platform
reqpart
# Create the root partition
part / --fstype xfs --size=1 --grow --asprimary --label=root
##
## User Accounts
##
# Generate an encrypted password with "openssl passwd -6"
# The default one is "redhat".
rootpw --lock
user --groups=wheel --name=admin --iscrypted --password=$6$REDACTED --gecos="Administrator"
# Inject the SSH key of the admin
sshkey --username admin "ssh-ed25519 REDACTED user@host"
##
## SELinux and Firewalld
##
selinux --enforcing
firewall --enabled --ssh
##
## Software Packages
##
%packages --ignoremissing
epel-release
htop
%end
##
## Install scripts
##
%post --interpreter=/bin/bash
# Remove all metalink to prevent all repositories from using on-line mirrors
sed -i 's/^metalink=.*//; T; d' /etc/yum.repos.d/*.repo
# Disable all repositories
dnf config-manager --setopt=*.enabled=0 --save
# Fix the base URL of the repositories for which we have a local mirror and enable them.
dnf config-manager --setopt=epel.baseurl=http://192.168.122.1:8080/epel/10/Everything/\$basearch/ --setopt=epel.enabled=1 --save
dnf config-manager --setopt=baseos.baseurl=http://192.168.122.1:8080/centos/10-stream/BaseOS/\$basearch/os/ --setopt=baseos.enabled=1 --save
# Disable password authentication over SSH
sed -i.post-install -e "s/PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config
service sshd restart
# Do not ask password for sudo
sed -i.post-install -e "s/^%wheel\tALL=(ALL)\tALL/%wheel ALL=(ALL) NOPASSWD: ALL/" /etc/sudoers
%end
Write Preview
Loading…
Cancel
Save