[CentOS] Graphical net install

Sun Sep 28 19:01:37 UTC 2008
Ross S. W. Walker <RWalker at medallion.com>

Test wrote:
> 
> Is it at all possible to do a graphical netinstall ?
> 
> I am using centos 5.2, and i have been doing net installs (pxe) for a
> while in console mode...

The pxeboot initrd and vmlinuz are in the boot directory on CD 1.

Copy those to the tftpboot directory, along with your pxelinux.0, and
put the syslinux config in the pxelinux.cfg/default file, mine looks
like so:

default server
prompt 1
timeout 100
display pxeboot.msg

label server
	kernel vmlinuz
	append initrd=initrd.img ramdisk_size=8192 root=/dev/ram0 ip=dhcp lang=us expert ksdevice=eth0 ks=http://10.1.1.60/CentOS/5/server.cfg method=http://10.1.1.60/CentOS/5/os/i386 noipv6 quiet
label desktop
	kernel vmlinuz
	append initrd=initrd.img ramdisk_size=8192 root=/dev/ram0 ip=dhcp lang=us ksdevice=eth0 ks=http://10.1.1.60/CentOS/5/desktop.cfg method=http://10.1.1.60/CentOS/5/os/i386 noipv6 quiet

I setup the packages on a web server along with my kickstart that looks
like so for desktops:

install
reboot
lang en_US.UTF-8
keyboard us
firewall --disabled
selinux --disabled
firstboot --disabled
timezone --utc America/New_York
network --device=eth0 --bootproto=dhcp
authconfig --enableshadow --enablemd5 --enablecache
rootpw --iscrypted <passwd hash>
monitor --noprobe --monitor="LCD Panel 1280x1024"
xconfig --driver "vesa" --resolution="1280x1024" --depth=24 --startxonboot --defaultdesktop=kde
bootloader --location=mbr
zerombr
clearpart --linux --initlabel --drives=sda
part /boot --fstype ext3 --size=128 --ondisk=sda --asprimary
part pv.0 --size=0 --grow --ondisk=sda
volgroup vg0 --pesize=32768 pv.0
logvol / --fstype ext3 --name=root --vgname=vg0 --size=4096 --grow --maxsize=16384
logvol swap --fstype swap --name=swap --vgname=vg0 --size=1024 --grow --maxsize=2048

%packages
@base
@core
@base-x
@kde-desktop
-NetworkManager
-desktop-printing
-firstboot
-gdm
-im-chooser
-kdeaccessibility
-kdeaddons
-kdepim
-pirut
-pup
-system-config-date
-system-config-display
-system-config-keyboard
-system-config-language
ImageMagick
compat-libstdc++-33
cyrus-sasl-gssapi
cyrus-sasl-md5
cyrus-sasl-ntlm
firefox
hplip
k3b
ntp
openldap-clients
openmotif
openoffice.org-base
openoffice.org-calc
openoffice.org-draw
openoffice.org-emailmerge
openoffice.org-graphicfilter
openoffice.org-math
openoffice.org-impress
openoffice.org-writer
openoffice.org-xsltfilter
openoffice.org-javafilter
openoffice.org-pyuno
rdesktop
samba-client
sendmail-cf
telnet-server
usermode-gtk
vnc

%post
export ARCH="`uname -i`"

# Install EPEL Repository
rpm -ivh http://software.mfg.prv/Software/Redhat/EPEL/5/epel-release-5-2.noarch.rpm

# Set yum repos to baseurl from mirrorlist and set their priorities
for repo in `ls /etc/yum.repos.d/*.repo`; do
	sed -i -e 's/^#baseurl=/baseurl=/' $repo
	sed -i -e 's/^mirrorlist=/#mirrorlist=/' $repo
	sed -i -e 's/^baseurl=\(.*\)\(\/os\/\$basearch\/\)$/#baseurl=\1\2\nbaseurl=http:\/\/centos.mfg.prv\/centos\/\$releasever\2/' $repo
	sed -i -e 's/^baseurl=\(.*\)\(\/updates\/\$basearch\/\)$/#baseurl=\1\2\nbaseurl=http:\/\/centos.mfg.prv\/centos\/\$releasever\2/' $repo
	sed -i -e 's/\(^name=CentOS.*Media$\)/\1\npriority=1/' $repo
	sed -i -e 's/\(^name=CentOS.*Base$\)/\1\npriority=1/' $repo
	sed -i -e 's/\(^name=CentOS.*Updates$\)/\1\npriority=1/' $repo
	sed -i -e 's/\(^name=CentOS.*Addons$\)/\1\npriority=2/' $repo
	sed -i -e 's/\(^name=CentOS.*Extras$\)/\1\npriority=2/' $repo
	sed -i -e 's/\(^name=CentOS.*Plus$\)/\1\npriority=2/' $repo
	sed -i -e 's/\(^name=CentOS.*Contrib$\)/\1\npriority=2/' $repo
done

# Load default package signing keys
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-beta
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL

# Install Yum Priorities
yum -y install yum-priorities

# Config Priority Obsoletes
echo "check_obsoletes = 1" >>/etc/yum/pluginconf.d/priorities.conf

# Update distribution
yum -y update

# Microsoft core TT fonts
rpm -ivh http://software.mfg.prv/Software/Linux/msttcorefonts/msttcorefonts-2.0-1.noarch.rpm

# Adobe Reader
rpm -ivh http://software.mfg.prv/Software/Adobe/Reader/Linux/AdobeReader_enu-8.1.2-1.i486.rpm

# Adobe Flash Plugin
rpm -ivh http://software.mfg.prv/Software/Adobe/Flash/Linux/flash-plugin-9.0.124.0-release.i386.rpm

# Sun Java Runtime Environment
rpm -ivh http://software.mfg.prv/Software/Sun/Java/JRE/Linux/jre-6u2-linux-i586.rpm

# Set Sun Java as default
rm -f /usr/bin/javaws
rm -f /usr/bin/jcontrol

alternatives --install /usr/bin/java java /usr/java/default/bin/java 1000 --slave /usr/lib/jvm/jre jre /usr/java/default --slave /usr/bin/javaws javaws /usr/java/default/bin/javaws --slave /usr/bin/jcontrol jcontrol /usr/java/default/bin/jcontrol --slave /usr/bin/rmiregistry rmiregistry /usr/java/default/bin/rmiregistry

alternatives --set java /usr/java/default/bin/java

# Add local admin user account (failsafe)
useradd -p '<passwd hash>' admin

# Configure services
chkconfig lisa on
chkconfig ntpd on
chkconfig telnet on

# Default LISA configuration
mv /etc/lisarc /etc/lisarc.orig

cat >/etc/lisarc <<EOF
PingAddresses = 127.0.0.1/255.255.255.255;
PingNames =
AllowedAddresses = 127.0.0.1/255.255.255.255;
BroadcastNetwork = 127.0.0.1/255.255.255.255;
SearchUsingNmblookup = 1
FirstWait = 30
SecondWait = -1
UpdatePeriod = 150
DeliverUnnamedHosts = 1
MaxPingsAtOnce = 256
EOF

# Default Kerberos configuration
mv /etc/krb5.conf /etc/krb5.conf.orig

cat >/etc/krb5.conf <<EOF
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = EXAMPLE.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = yes

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 24h
   renew_lifetime = 7d
   forwardable = true
   krb4_convert = false
 }

EOF

authconfig --kickstart --enablekrb5 --krb5realm=MFG.PRV --krb5kdc=mfg.prv --krb5adminserver=mfg.prv --enablekrb5kdcdns --enablekrb5realmdns

# Default Samba configuration
mv /etc/samba/smb.conf /etc/samba/smb.conf.orig

cat >/etc/samba/smb.conf <<EOF
[global]
   workgroup = EXAMPLE
   realm = EXAMPLE.COM
   security = ads
   password server = *
   use kerberos keytab = yes
   passdb backend = tdbsam
   allow trusted domains = no
   idmap domains = default
   idmap config default:default = yes
   idmap config default:backend = rid
   idmap uid = 100000 - 999999
   idmap gid = 100000 - 999999
   template homedir = /home/%U
   template shell = /bin/bash
   winbind use default domain = true
   winbind enum groups = yes
   winbind enum users = yes
   name resolve order = wins bcast host

[homes]
   comment = Home Directories
   read only = no
   browseable = no

[printers]
   comment = All Printers
   path = /var/spool/samba
   printable = yes
   browseable = no
EOF

authconfig --kickstart --smbworkgroup=MFG --smbservers=* --enablewinbind --smbsecurity=ads --smbrealm=MFG.PRV --smbidmapuid=100000-999999 --smbidmapgid=100000-999999 --winbindtemplatehomedir=/home/%U --winbindtemplateshell=/bin/bash --enablewinbindusedefaultdomain

# Default NSS_LDAP configuration
mv /etc/ldap.conf /etc/ldap.conf.orig

cat >/etc/ldap.conf <<EOF
uri ldap://example.com/
base dc=example,dc=com
timelimit 30
bind_timelimit 30
idle_timelimit 3600
ssl start_tls
tls_checkpeer no
use_sasl yes
sasl_secprops maxssf=0
krb5_ccname FILE:/tmp/krb5.ldap

pam_filter		objectClass=User
pam_password		crypt

nss_map_objectclass	posixAccount		User
nss_map_objectclass	shadowAccount		User
nss_map_objectclass	posixGroup		Group

nss_map_attribute	homeDirectory		unixHomeDirectory
nss_map_attribute	uniqueMember		msSFU30PosixMember
nss_map_attribute	userPassword		unixUserPassword

nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman
EOF

# Default OpenLDAP configuration
mv /etc/openldap/ldap.conf /etc/openldap/ldap.conf.orig

cat >/etc/openldap/ldap.conf <<EOF
URI            ldap://example.com
BASE           dc=example, dc=com
SASL_SECPROPS  maxssf=0
TLS_REQCERT    allow
EOF

authconfig --kickstart --ldapserver=mfg.prv --ldapbasedn="DC=mfg,DC=prv"

# Default Sendmail & Submission configuration
mv /etc/mail/sendmail.mc /etc/mail/sendmail.mc.orig

cat >/etc/mail/sendmail.mc <<EOF
divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl #     make -C /etc/mail
dnl #
include(\`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(\`setup for Red Hat Linux')dnl
OSTYPE(\`linux')dnl
DAEMON_OPTIONS(\`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
DOMAIN(\`generic')dnl
FEATURE(\`nocanonify')dnl
FEATURE(\`nullclient',\`mfg.prv')dnl
MASQUERADE_AS(\`mfg.prv')dnl
undefine(\`ALIAS_FILE')dnl
EOF

mv /etc/mail/submit.mc /etc/mail/submit.mc.orig

cat >/etc/mail/submit.mc <<EOF
divert(-1)
#
# Copyright (c) 2001-2003 Sendmail, Inc. and its suppliers.
#       All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#

#
#  This is the prototype file for a set-group-ID sm-msp sendmail that
#  acts as a initial mail submission program.
#

divert(0)dnl
include(\`/usr/share/sendmail-cf/m4/cf.m4')
VERSIONID(\`linux setup for Red Hat Linux')dnl
define(\`confCF_VERSION', \`Submit')dnl
define(\`__OSTYPE__',\`')dnl dirty hack to keep proto.m4 from complaining
define(\`_USE_DECNET_SYNTAX_', \`1')dnl support DECnet
define(\`confTIME_ZONE', \`USE_TZ')dnl
define(\`confDONT_INIT_GROUPS', \`True')dnl
define(\`confPID_FILE', \`/var/run/sm-client.pid')dnl
dnl define(\`confDIRECT_SUBMISSION_MODIFIERS',\`C')
FEATURE(\`use_ct_file')dnl
FEATURE(\`allmasquerade')dnl
FEATURE(\`masquerade_envelope')dnl
MASQUERADE_AS(\`mfg.prv')dnl
dnl
dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1]
FEATURE(\`msp', \`[127.0.0.1]')dnl
EOF

# Default KDE-CUPS settings
mv /etc/cups/cupsd.conf /etc/cups/cupsd.conf.orig
mv /etc/cups/cupsd.conf.default /etc/cups/cupsd.conf.default.orig

cat >/etc/cups/cupsd.conf <<EOF
Classification none
DefaultCharset UTF-8
DefaultLanguage en
Printcap /etc/printcap
PrintcapFormat BSD
RemoteRoot remroot
SystemGroup sys root
ServerCertificate /etc/cups/ssl/server.crt
ServerKey /etc/cups/ssl/server.key
<Location />
  Encryption IfRequested
  Satisfy All
  Order allow,deny
  Allow @LOCAL
</Location>
<Location /admin>
  Encryption Required
  Satisfy All
  Order allow,deny
  Allow @LOCAL
</Location>
<Location /admin/conf>
  AuthType Basic
  Require user @SYSTEM
  Encryption IfRequested
  Satisfy All
  Order allow,deny
  Allow @LOCAL
</Location>
HostnameLookups Off
KeepAlive On
KeepAliveTimeout 60
MaxClients 100
MaxRequestSize 0
Timeout 300
Port 631
Listen /var/run/cups/cups.sock
AccessLog /var/log/cups/access_log
ErrorLog /var/log/cups/error_log
PageLog /var/log/cups/page_log
MaxLogSize 0
LogLevel info
PreserveJobHistory On
PreserveJobFiles Off
AutoPurgeJobs No
MaxJobs 0
MaxJobsPerPrinter 0
MaxJobsPerUser 0
User lp
Group lp
RIPCache 8m
FilterLimit 0
DataDir /usr/share/cups
DocumentRoot /usr/share/cups/doc
RequestRoot /var/spool/cups
ServerBin /usr/lib/cups
ServerRoot /etc/cups
TempDir /var/spool/cups/tmp
Browsing On
BrowseOrder allow,deny
BrowseAllow @LOCAL
BrowseAddress @LOCAL
BrowseProtocols CUPS
BrowsePort 631
BrowseInterval 30
BrowseTimeout 300
ImplicitClasses On
ImplicitAnyClasses On
HideImplicitMembers Off
BrowseShortNames Yes
EOF

cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.default

mv /etc/cups/snmp.conf /etc/cups/snmp.conf.orig

cat >/etc/cups/snmp.conf <<EOF
Address @LOCAL
Community medallion
DebugLevel 0
HostNameLookups on
EOF

# Make sure in the end, local accounts can always login
authconfig --kickstart --enablelocauthorize

# Disable IPv6
echo "alias net-pf-10 off" >>/etc/modprobe.conf

# Add an entry for pam_mkhomedir in system-auth
sed -i -e 's/\(session     required      pam_limits.so\)/session     required      pam_mkhomedir.so skel=\/etc\/skel umask=0077 silent\n\1/' /etc/pam.d/system-auth

# Set HOSTNAME to DHCP_HOSTNAME for DDNS in /etc/sysconfig/network
sed -i -e "s/^HOSTNAME=.*/DHCP_HOSTNAME=$(hostname -s)/" /etc/sysconfig/network

# Remove DHCP_HOSTNAME from ifcfg files if it exists
sed -i -e '/^DHCP_HOSTNAME=.*/d' /etc/sysconfig/network-scripts/ifcfg-*

# Clean up /etc/hosts, 127.0.0.1 is ALWAYS localhost
sed -i -e 's/^127.0.0.1\t\t.*localhost.localdomain localhost/127.0.0.1\t\tlocalhost.localdomain localhost/' /etc/hosts

sed -i -e 's/^::1\t\t.*localhost.localdomain localhost/::1\t\t\tlocalhost.localdomain localhost/' /etc/hosts

# Stop NTP daemon if it is running
service ntpd stop

# Sync clock to network time
ntpdate -b mfg.prv

______________________________________________________________________
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.