rhel-7.template

sshpw --username=root --plaintext redhat
# Firewall configuration
firewall --disabled
selinux --enforcing

# Use network installation
url --url=${rhel_tree_url}
network --bootproto=dhcp --device=eth0 --activate --onboot=on
network --bootproto=dhcp --device=eth1 --activate --onboot=on
skipx
rootpw --plaintext centos
auth --useshadow --passalgo=sha512

timezone --utc Etc/UTC
bootloader --location=mbr --append="no_timer_check console=ttyS0 console=tty0 net.ifnames=0 biosdevname=0"
clearpart --all
part / --fstype="ext4" --size=10240

#Repos
repo --name=base --baseurl=${base_repo_url}
repo --name=updates --baseurl=${updates_repo_url}
repo --name=cdk --baseurl=${cdk_repo_url}

shutdown

%packages  --excludedocs --instLangs=en
@core
openssl
bash
docker
dracut
e4fsprogs
efibootmgr
grub2
grub2-efi
kernel
net-tools
parted
shadow-utils
shim
syslinux
hyperv-daemons
cifs-utils
cdk-entitlements
fuse-sshfs
nfs-utils
go-hvkvp
python-setuptools
dnsmasq
subscription-manager-rhsm-certificates
httpd-tools

#Packages to be removed
-aic94xx-firmware
-alsa-firmware
-iprutils
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-iwl7265-firmware
-postfix
-rsyslog
%end

%post

# Disable floppy driver to load
echo "omit_drivers+=\"floppy\"" > /etc/dracut.conf.d/nofloppy.conf
echo "blacklist floppy" > /etc/modprobe.d/nofloppy.conf

# Setting a global Locale for the server
echo "LANG=\"C\"" > /etc/locale.conf

# Add docker user with 'tcuser' password
/usr/sbin/useradd -p 'wtd3OP71kP1NQ' docker
/usr/sbin/usermod -a -G docker docker

# sudo permission for docker user
echo "%docker ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/docker
sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers


# Place holder for base64 encode handle-user-data script
cat > handle-user-data.base64 << EOF
${handle_user_data}
EOF

# minishift as variant for custom provisioner
echo "VARIANT=\"minishift\"" >> /etc/os-release
echo "VARIANT_VERSION=\"${version}\"" >> /etc/os-release
echo "BUILD_ID=\"${build_id}\"" >> /etc/os-release

# Remove redhat-logo and firmware package to help with reduce box size
yum remove -y redhat-logos linux-firmware

# Clear yum package and metadata cache
yum clean all

# Place holder cert generation script. This is needed to create certs when system
# boots first time to make sure docker daemon running with cert enabled. On restart
# this script will first check cert is already available or not.
cat > cert-gen.sh.base64 << EOF
${cert_gen}
EOF

base64 -d < cert-gen.sh.base64 > minishift-cert-gen
rm -f cert-gen.sh.base64
chmod +x minishift-cert-gen
mv minishift-cert-gen /usr/local/bin

# update docker.service file to exec the certificate generation script
sed -i.back 's/ExecStart=/ExecStartPre=\/usr\/local\/bin\/minishift-cert-gen\n&/' /usr/lib/systemd/system/docker.service
sed -i.back '/After=*/c\After=network.target rc-local.service' /usr/lib/systemd/system/docker.service
sed -i.back '/After=*/c\After=cloud-init.service rc-local.service' /usr/lib/systemd/system/docker-storage-setup.service

# update the docker config to listen on TCP as well as unix socket
sed -i.back '/OPTIONS=*/c\OPTIONS="--selinux-enabled --log-driver=journald -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --tlscacert=/etc/docker/ca.pem --tlscert=/etc/docker/server.pem --tlskey=/etc/docker/server-key.pem --tlsverify"' /etc/sysconfig/docker

# update docker-storage to use overlay2 as default storage driver
echo 'DOCKER_STORAGE_OPTIONS="--storage-driver overlay2"' > /etc/sysconfig/docker-storage

# Show a warning banner when using yum to install software
mv /usr/bin/yum /usr/bin/yum-unsupported
# Place holder for base64 encode yum-wrapper script
cat > yum-wrapper.base64 << EOF
${yum_wrapper}
EOF
base64 -d < yum-wrapper.base64 > yum-wrapper
rm -f yum-wrapper.base64
mv yum-wrapper /usr/bin/yum
chmod +x /usr/bin/yum


# Place holder for base64 encode handle-user-data script
cat > handle-user-data.base64 << EOF
${handle_user_data}
EOF
base64 -d < handle-user-data.base64 > handle-user-data
rm -f handle-user-data.base64
chmod +x handle-user-data
mv handle-user-data /usr/local/bin/minishift-handle-user-data

# Handle user data (systemd service)
cat > handle-user-data-service.base64 << EOF
${handle_user_data_service}
EOF
base64 -d < handle-user-data-service.base64 > handle-user-data.service
rm handle-user-data-service.base64
mv handle-user-data.service /usr/lib/systemd/system/minishift-handle-user-data.service


# Set IP address based on settings or hvkvp (Hyper-V)
cat > set-ipaddress.base64 << EOF
${set_ipaddress}
EOF
base64 -d < set-ipaddress.base64 > set-ipaddress
rm set-ipaddress.base64
chmod +x set-ipaddress
mv set-ipaddress /usr/local/bin/minishift-set-ipaddress

# Set IP address (systemd service)
cat > set-ipaddress-service.base64 << EOF
${set_ipaddress_service}
EOF
base64 -d < set-ipaddress-service.base64 > set-ipaddress.service
rm set-ipaddress-service.base64
mv set-ipaddress.service /usr/lib/systemd/system/minishift-set-ipaddress.service


# Systemd configuration
systemctl disable kdump
systemctl disable rc-local
systemctl disable network
systemctl disable NetworkManager
systemctl disable NetworkManager-dispatcher
systemctl disable NetworkManager-wait-online
systemctl disable dnsmasq
systemctl enable minishift-handle-user-data
systemctl enable minishift-set-ipaddress
systemctl enable docker
systemctl enable rhel-push-plugin

# Clean
rm -f /etc/resolv.conf
rm -rf /usr/lib/locale/locale-archive
rm -rf /var/cache/yum/*

%end