Re: New to list and question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Mar 2, 2006, at 8:28 AM, Patrick wrote:


Hi all,
Last time I was on this list was iirc in 2002 so I'm sort of new to the 
list. Recently I setup a PXE/kickstart install system for a bunch of
servers. Works very well (pxe/kickstart rocks!) but it is incomplete so 
I would like to iron out more details. Once the install is finished I
would like to:

* add extra firewall rules to /etc/sysconfig/iptables or replace it
* change or replace some configs like /etc/ntp.conf, /etc/hosts
* turn off a ton of unneeded services (chkconfig --level 2345 foo off)
* turn off IPv6 in (iirc) /etc/modules.conf
* turn off zerconf in /etc/sysconfig/network
* install a bunch of updates
* install some extra rpms

I assume I should specify this in the %post section of the kickstart
file but I don't know what the required syntax is. Any suggestions or
docs how I go about this?

Thanks and regards,
Patrick

_______________________________________________
Kickstart-list mailing list
Kickstart-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/kickstart-list



Patrick,
I have found that a fairly minimal postinstall script with cfengine handling all the other changes later. The advantage of this is that cfengine can help maintain the state of the machine long after the installation. Another benefit of this method is that any changes you want to make to a group of machines will happen immediately and any newly kickstarted machines will get the updated config. For things like iptables blacklists and whitelists, it is really useful.
So, my post install script downloads and installs yum with my custom configurations and then uses yum to apply security patches and install some third party applications that I rely on and then it calls cfengine to handle the rest of it. 

Check it out at http://www.cfengine.org

- -alex

Alex Lovell-Troy
Computer Systems Engineer
Large Binocular Telescope
alt@xxxxxxxxxxx



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFEBx3xdmWtRNAkjzERAnNGAJ4hF+feg0rFbTKynJeibm54vszejQCfRuh1
JdD1l42Wm1rlE4oBenaNGdk=
=CTd5
-----END PGP SIGNATURE-----
[Index of Archives]     [Red Hat General]     [CentOS Users]     [Fedora Users]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux