[CentOS] PXE boot, Kickstart NFS install and %include...

Tue Mar 14 15:17:08 UTC 2006
Will McDonald <wmcdonald at gmail.com>

I was just wondering how (or indeed if) people use the %include
directive in Kickstart configuration files when building systems via
NFS. I've been trying to modularise our Kickstart files a little to
make things more readable, having generic defaults and role specific
stuff split out into separate configs.

I've tried this configuration...

[root at archive kickstart]# cat centos4-install-ks.cfg
# Kickstart to build default CentOS system
#
# $Id: centos4-install-ks.cfg,v 1.2 2006/03/13 14:21:32 root Exp root $
#

# Setup kickstart defaults (keyboard, NFS server etc.)
%include /opt/kickstart/include/kickstart.cfg

# Setup partitions (mailstore specific)
%include /opt/kickstart/include/disk.cfg

# Package list to install
%packages
%include /opt/kickstart/include/packages.cfg

%post

# Setup /etc/hosts with required ip/name mappings (mailstore specific)
%include /opt/kickstart/include/hosts.cfg

# Setup CentOS Yum repository
%include /opt/kickstart/include/centos4-yum.cfg

# Add CentOS GPG key used to sign their RPM packages
rpm --import /usr/share/doc/centos-release-4/RPM-GPG-KEY-centos4

# Setup Dag repository
%include /opt/kickstart/include/dag4-yum.cfg

# Setup users and their authorized_keys
%include /opt/kickstart/include/users-and-keys.cfg

# Setup secure SSHD configuration
%include /opt/kickstart/include/secure-sshd.cfg

# Setup Sudo
%include /opt/kickstart/include/sudo.cfg

# Setup Nagios Remote Plugin Execution
%include /opt/kickstart/include/nagios-nrpe.cfg

# Setup Bacula, /etc/bacula/bacula-fd.conf still needs to have the finalised
# hostname entered manually :( (for now)
%include /opt/kickstart/include/bacula.cfg

# Install "standard" additional components
yum -y install keychain bash-completion multitail webmin

And a sample of one of the modular configs...

[root at archive kickstart]# cat include/secure-sshd.cfg
# Lock down sshd_config to only accept SSH2 keybased auth
mkdir -p /etc/ssh/RCS
ci -t-"Main SSHD configuration file." -u /etc/ssh/sshd_config
co -l /etc/ssh/sshd_config
cat <<EOF > /etc/ssh/sshd_config
#
# Main SSHD configuration file.
#
# \$Id\$
#
# FILE UNDER RCS, DO NOT EDIT WITHOUT CHECKING OUT!!!

Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
SyslogFacility AUTHPRIV
PermitRootLogin without-password
StrictModes yes
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys
IgnoreRhosts yes
PasswordAuthentication no
X11Forwarding yes

EOF

ci -m"Kickstart: Secured SSH configuration, locked down to keys-only
config." -u /etc/ssh/sshd_config


Which doesn't work, Anaconda runs and starting prompting for input as
it would for a manual install. If I include everything pre-%post
(IYSWIM) in the main Kickstart file then everything works as expected
up till the %post %includes when Anaconda complains it can't find
blah.cfg, presumably because it's not local.

I could live with the body of Kickstart config in the main file and
then manually NFS mount and reference the modular configs, if I have
to, but I wondered is there a better method?

I've Googled around a bit and found these threads from '02...

https://www.redhat.com/archives/kickstart-list/2002-May/msg00184.html

https://www.redhat.com/archives/anaconda-devel-list/2005-October/msg00080.html

Which clarify what's going on but not really how people deal with
%include and NFS.

Will.