forked from srbala/fedora-kickstarts
114 lines
2.4 KiB
Plaintext
114 lines
2.4 KiB
Plaintext
|
# Build a basic Fedora 14 AMI
|
||
|
lang en_US.UTF-8
|
||
|
keyboard us
|
||
|
timezone US/Eastern
|
||
|
auth --useshadow --enablemd5
|
||
|
selinux --disabled
|
||
|
firewall --disabled
|
||
|
bootloader --timeout=1
|
||
|
network --bootproto=dhcp --device=eth0 --onboot=on
|
||
|
services --enabled=network,ssh
|
||
|
|
||
|
# By default the root password is emptied
|
||
|
|
||
|
#
|
||
|
# Define how large you want your rootfs to be
|
||
|
# NOTE: S3-backed AMIs have a limit of 10G
|
||
|
#
|
||
|
part / --size 10000 --fstype ext3 --ondisk sda
|
||
|
|
||
|
#
|
||
|
# Repositories
|
||
|
repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-15&arch=$basearch
|
||
|
|
||
|
#
|
||
|
#
|
||
|
# Add all the packages after the base packages
|
||
|
#
|
||
|
%packages --excludedocs --nobase --instLangs=en
|
||
|
@core
|
||
|
system-config-securitylevel-tui
|
||
|
audit
|
||
|
pciutils
|
||
|
bash
|
||
|
coreutils
|
||
|
kernel
|
||
|
grub
|
||
|
e2fsprogs
|
||
|
passwd
|
||
|
policycoreutils
|
||
|
chkconfig
|
||
|
rootfiles
|
||
|
yum
|
||
|
vim-minimal
|
||
|
acpid
|
||
|
openssh-clients
|
||
|
openssh-server
|
||
|
curl
|
||
|
sudo
|
||
|
|
||
|
#Allow for dhcp access
|
||
|
dhclient
|
||
|
iputils
|
||
|
|
||
|
%end
|
||
|
|
||
|
# more ec2-ify
|
||
|
%post --erroronfail
|
||
|
|
||
|
# disable root password based login
|
||
|
cat >> /etc/ssh/sshd_config << EOF
|
||
|
PermitRootLogin no
|
||
|
PasswordAuthentication no
|
||
|
UseDNS no
|
||
|
EOF
|
||
|
|
||
|
# create ec2-user
|
||
|
/usr/sbin/useradd ec2-user
|
||
|
/bin/echo -e 'ec2-user\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
|
||
|
|
||
|
# set up ssh key fetching
|
||
|
cat >> /etc/rc.local << EOF
|
||
|
if [ ! -d /home/ec2-user/.ssh ]; then
|
||
|
mkdir -p /home/ec2-user/.ssh
|
||
|
chmod 700 /home/ec2-user/.ssh
|
||
|
fi
|
||
|
|
||
|
# Fetch public key using HTTP
|
||
|
while [ ! -f /home/ec2-user/.ssh/authorized_keys ]; do
|
||
|
curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/aws-key 2>/dev/null
|
||
|
if [ \$? -eq 0 ]; then
|
||
|
cat /tmp/aws-key >> /home/ec2-user/.ssh/authorized_keys
|
||
|
chmod 0600 /home/ec2-user/.ssh/authorized_keys
|
||
|
restorecon /home/ec2-user/.ssh/authorized_keys
|
||
|
rm -f /tmp/aws-key
|
||
|
echo "Successfully retrieved AWS public key from instance metadata"
|
||
|
else
|
||
|
FAILED=\$((\$FAILED + 1))
|
||
|
if [ \$FAILED -ge \$ATTEMPTS ]; then
|
||
|
echo "Failed to retrieve AWS public key after \$FAILED attempts, quitting"
|
||
|
break
|
||
|
fi
|
||
|
echo "Could not retrieve AWS public key (attempt #\$FAILED/\$ATTEMPTS), retrying in 5 seconds..."
|
||
|
sleep 5
|
||
|
fi
|
||
|
done
|
||
|
|
||
|
# make sure firstboot doesn't start
|
||
|
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
|
||
|
|
||
|
if [ ! -d /lib64 ] ; then
|
||
|
|
||
|
cat <<EOL >> /etc/fstab
|
||
|
/dev/xvda3 swap swap defaults 0 0
|
||
|
EOL
|
||
|
|
||
|
# workaround xen performance issue (bz 651861)
|
||
|
echo "hwcap 1 nosegneg" > /etc/ld.so.conf.d/libc6-xen.conf
|
||
|
|
||
|
fi
|
||
|
|
||
|
|
||
|
%end
|
||
|
|