[SlimDevices: Beta] ANNOUNCE: Instant SqueezeCenter
Robin Bowes
robin-lists at robinbowes.com
Thu Dec 20 16:44:51 PST 2007
Fletch wrote:
> Some details on the USB auto-mount feature
> - Don't leave your USB drive(s) plugged in during install, or they will
> be erased with all the other drives
I've been meaning to mention this since I read it: You really should
only format the boot drive, and preferably prompt the user before doing
so. Formatting all connected drives.
THIS IS A VERY BAD THING!
DO NOT UNDERESTIMATE HOW BAD THIS IS!!
I also promised some feedback on your kickstart file. Well, I've not yet
had chance to look at it in any detail but here's one I use for a
minimal CentOS 5 network install, i.e. all packages are pulled from the
web. All that's required is a boot disk.
I'm sure you're already aware of it, but this is a good kickstart
reference guide:
http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Installation_Guide-en-US/s1-kickstart2-options.html
R.
##
## config file for kickstart of vg06.yo61.net
##
## - - install type/source - - - - - - - - - - -
install
text
url --url http://mirrors.kernel.org/centos/5/os/i386/
## - - debugging - - - - - - - - - -
## :: uncomment the following to debug a Kickstart config file
# interactive
## - - language support - - - - - - - -
## :: language used during install
lang en_GB.UTF-8
## :: keyboard support
keyboard uk
## - - video card and monitor - - - - - - - - - -
skipx
## - - network configuration - - - - - - - - - -
network --device eth0 --bootproto static --ip 192.168.26.201 --netmask
255.255.255.224 --gateway 192.168.26.193 --nameserver
192.168.2.203,192.168.2.204 --hostname vg06.yo61.net.sitepen.net
## - - security and authentication - - - - - - -
rootpw --iscrypted ***removed***
firewall --enabled --ssh
authconfig --enableshadow --enablemd5
selinux --enforcing
## - - time zone - - - - - - - - - -
timezone --utc Etc/UTC
## - - boot loader- - - - - - - - - -
bootloader --location=mbr --driveorder=xvda
## - - disk setup - - - - - - - - - -
## :: remove old partitions
clearpart --all --initlabel
## Disk setup.
part /boot --fstype ext3 --size=100 --asprimary --ondisk=xvda
part pv.00 --size=1 --grow --asprimary --ondisk=xvda
volgroup vg_vg06 pv.00
# Disk layout - assume VM has 512MB RAM
logvol swap --name=lv_swap --vgname=vg_vg06 --size=1024
logvol / --name=lv_root --vgname=vg_vg06 --size=1 --grow
## - - package selection - - - - - - - - - -
## :: reboot the machine when done
## :: (it's up to you to remove the boot media)
reboot
## - - package selection - - - - - - - - - -
repo --name=extras
--mirrorlist=http://mirrorlist.centos.org/?release=5&arch=i386&repo=extras
repo --name=updates
--mirrorlist=http://mirrorlist.centos.org/?release=5&arch=i386&repo=updates
services --disabled=ip6tables,cups
%packages --nobase
@core
# for SELinux auditing and creating custom policies
audit
checkpolicy
selinux-policy-devel
make
# for ssh + sshd
openssh-server
openssh-clients
# Linux lsb utils
redhat-lsb
# To configure firewall
system-config-securitylevel-tui
# to install more packages
yum
wget
# Man pages
man
bzip2
groff
# Small, but useful stuff
lsof
sudo
which
yum-fastestmirror
yum-priorities
## - - - - - - - - - - - - - - - - - - - - -
%post
# Install my public key for root user
cd /root
mkdir --mode=700 .ssh
cat > .ssh/authorized_keys << PUBLIC_KEY
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAtDHt4p16wtfUeyzyWBN7R1SXcnjq+R/ojQmiv8HOfYPNM48eCXYdCiNHD4tPCxuizLulqq1zG06B2OPVy9GXXtyXcAXLAQdGaZwDdKU6gHMUplUChSyDpXK6+afdkGimNYoWkQSjqPr9DF1YC4pyWRijxZGvun+yKIv1920wUmS1eqPfAmGYiVPY6ianctEx74PN0E9clenHsPipNDKlYGYeXDx2qewfG3YzJj6W02dCGSkNIaNNefQite3rQcOFHvAYDwzewKZmFSIdTo6nFqAVZtHi8ralyxzP2I7jo9NC5Q6Ivql+hWozlw+x6+zaA2KELcfqY2IMf+7VadtBww==
robin <at> robinbowes <dot> com
PUBLIC_KEY
chmod 600 .ssh/authorized_keys
# Create non-root user + group
groupadd -g10000 robin
useradd --uid 10000 --gid robin --groups wheel --create-home
--password='** removed **' --comment 'Robin Bowes' robin
# Add Robin's public key to non root user
su - robin -c "mkdir --mode=700 .ssh ; cat > .ssh/authorized_keys <<
PUBLIC_KEY
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAtDHt4p16wtfUeyzyWBN7R1SXcnjq+R/ojQmiv8HOfYPNM48eCXYdCiNHD4tPCxuizLulqq1zG06B2OPVy9GXXtyXcAXLAQdGaZwDdKU6gHMUplUChSyDpXK6+afdkGimNYoWkQSjqPr9DF1YC4pyWRijxZGvun+yKIv1920wUmS1eqPfAmGYiVPY6ianctEx74PN0E9clenHsPipNDKlYGYeXDx2qewfG3YzJj6W02dCGSkNIaNNefQite3rQcOFHvAYDwzewKZmFSIdTo6nFqAVZtHi8ralyxzP2I7jo9NC5Q6Ivql+hWozlw+x6+zaA2KELcfqY2IMf+7VadtBww==
robin <at> robinbowes <dot> com
PUBLIC_KEY
chmod 600 .ssh/authorized_keys"
# Add arch to default RPM display format
echo "%_query_all_fmt %%{name}-%%{version}-%%{release}.%%{arch}"
> /etc/rpm/macros
# Give users in wheel group sudo access
perl -pi -e
's/#[[:space:]]*(%wheel[[:space:]]+ALL=\(ALL\)[[:space:]]+NOPASSWD:[[:space:]]*ALL)/$1/'
/etc/sudoers
More information about the beta
mailing list