scientificlinuxforum.org QR code
Scientific Linux Forum.org



Pages: (2) 1 2  ( Go to first unread post ) Reply to this topicStart new topicStart Poll

> Creating spins with Revisor, Creating customized SL images
ericl42
 Posted: Mar 21 2012, 08:04 PM
Quote Post


SLF Rookie
*

Group: Members
Posts: 18
Member No.: 1393
Joined: 21-March 12









Hello,

I'm trying to use Revisor to create a customized version of SL but I've ran into some issues. I've tried both using the GUI version and CLI version. Below is my CLI text.

CODE
revisor --cli --install-cd --install-tree --model=sl6-i386 --kickstart=/root/custom-ks.cfg


Even though this is a custom kickstart script, I am having the same issues with the stock ones as well. This is what I get once I start the imaging process.
QUOTE

Loading Repositories:                ############# 100.0%
Select kickstart packages:          ############# 100.0%
Resolving Dependencies:            ############# 100.0%
Populating statistics:                  ############# 100.0%
Downloading Packages:              ############# 100.0%
Linking in binary packages:          ############# 100.0%
Creating Repository Information: ############# 100.0%
Building Installation Images:                                          0.0%

Got an error from /usr/lib/revisor/scripts/RHEL6-buildinstall (return code 1)


I've tried this on SL6.1 and SL6.2 with little luck. I've gotten a few ISOs to be created but they never used the kickstart script like I wanted and since my fresh install, I'm getting the errors above. I've tried various methods such as disabling SELinux, copying the RHEL5-buildinstall to RHEL6-buildinstall, etc but haven't had any luck.

Also, if there is another product that would be better suited for creating custom spins that would work as well. I used bootcdwrite on Debian and it worked very well as far as getting a system up and running and then being able to copy that running system into a bootable ISO.

Any help would be greatly appreciated.

PM
^
AndrewSerk
 Posted: Mar 21 2012, 08:20 PM
Quote Post


SLF Moderator
******

Group: Moderators
Posts: 528
Member No.: 54
Joined: 14-April 11









Hi ericl42 and welcome to SLF,

You would be better off using livecd-creator (livecd-tools package) rather than revisor for versions 6x.
Just svn the .ks files (info in the below link) and edit the .ks as you see fit.

Here is a link for a how to for building a Scientific Linux livecd: http://www.livecd.ethz.ch/build.html

Hope this helps,
PM
^
log69
 Posted: Mar 22 2012, 10:01 AM
Quote Post


SLF Member
***

Group: Members
Posts: 98
Member No.: 1325
Joined: 24-February 12









Thanks Andrew, I needed the same info. (A note to myself:)

my kickstart file:

CODE
lang en_US.UTF-8
keyboard hu
repo --name=epel --mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch

%include sl62-livecd64-gnome.ks

%packages

btrfs-progs
dstat
elinks
git
inkscape
iotop
jwhois
mc
nano
nc
nmap
patch
pciutils
pinentry-gtk
policycoreutils-sandbox
powertop
ruby
screen
smartmontools
tree
wireshark
xterm

epel-release
bonnie++
colordiff
geany
htop
iftop
lbzip2
ntfs-3g
ntfsprogs
p7zip
pigz
putty
pv
pydf
rdiff-backup
ruby-mysql
testdisk
transmission

%end


program to run:
CODE
svn co https://svn.iac.ethz.ch/pub/livecd/trunk/SL6/livecd-config
cp myconfig.ks livecd-config/
cd livecd-config

su -c "LANG=C livecd-creator --config=myconfig.ks --fslabel=my_live_sl"
PM
^
log69
 Posted: Mar 22 2012, 11:19 AM
Quote Post


SLF Member
***

Group: Members
Posts: 98
Member No.: 1325
Joined: 24-February 12









I created a 64 bit Live CD, but also I noticed that it just boots fine on one of my 32 bit capable machine too. Does it contain both 32 and 64 bit kernels and userland by default on the Live media?

(nevermind, made a mistake wink.gif)
PM
^
AndrewSerk
 Posted: Mar 22 2012, 12:10 PM
Quote Post


SLF Moderator
******

Group: Moderators
Posts: 528
Member No.: 54
Joined: 14-April 11









Hi log69,

Glad you found the info of some use. Just for future reference, if you want to create a 32 bit livecd from a 64 bit machine use "setarch i686" infront of the livecd-creator command:

CODE
setarch i686 livecd-creator ..............



Hope this helps and have fun smile.gif
PM
^
ericl42
 Posted: Mar 23 2012, 07:45 PM
Quote Post


SLF Rookie
*

Group: Members
Posts: 18
Member No.: 1393
Joined: 21-March 12









Thank you very much for that information. I'm definitely on the right track now of actually being able to make some ISOs and not run into a ton of errors. Now I just have to fine tune a few things such as:

1. I don't want it to boot into a live cd, I want it to go directly into a HD install.
2. I want to already have the root password configured and add some non admin accounts.
3. I wan to limit the options they have on the install screen and have it very generic so I can define everything in the kickstart script.
4. I would like to figure out how to upload some images or files to the ISO for custom backgrounds and what not. I know I can wget some files and run post scripts but I'm afraid the install may not always have internet connectivity.

I'm also currently running into a few issues where the new ISO will start to boot and it freezes after the blue and gray bar goes all the way from left to right at the bottom of the screen and says Scientific Linux 6.2. It won't go past this screen. Not sure if I have a package that is missing or what.
PM
^
AndrewSerk
 Posted: Mar 25 2012, 01:20 PM
Quote Post


SLF Moderator
******

Group: Moderators
Posts: 528
Member No.: 54
Joined: 14-April 11









Hi ericl42,
I will try to help, but there is much I still have to learn about modifying a live img.
CODE

1. I don't want it to boot into a live cd, I want it to go directly into a HD install.
3. I wan to limit the options they have on the install screen and have it very generic so I can define everything in the kickstart script.


That sounds like a job for sed in the post section. Question 1 could be achieved by adding "liveintst" to the kernel line for gui install and "textinst" for text install, but for question 3, I am not exacly sure what the sed command would look like, but will look into it some more.
QUOTE
2. I want to already have the root password configured and add some non admin accounts.

You can add the root password to the .ks file like:
CODE
# Root password
rootpw --plaintext mypassword

or for a encrypted password:
CODE
#Root password
rootpw --iscrypted $1$6M6ZZ/Sd$OmFkxMWdQGaA.UPy/RUgR.

and for the added users you could use "adduser" in the post section.

QUOTE
4. I would like to figure out how to upload some images or files to the ISO for custom backgrounds and what not. I know I can wget some files and run post scripts but I'm afraid the install may not always have internet connectivity.

The easyiest way I have found to achieve such a thing is to create a local repo with any files I want to include in the iso. I then create a local.ks for the local repo and add "%include local.ks" to the .ks I am building with.

QUOTE
i'm also currently running into a few issues where the new ISO will start to boot and it freezes after the blue and gray bar goes all the way from left to right at the bottom of the screen and says Scientific Linux 6.2. It won't go past this screen. Not sure if I have a package that is missing or what.

If you remove the "rhgb" and "quiet" from the kernel line you should be able to see where the boot progress stops. That should give a better idea of what the issue is and you can post back here any info you discover and hopefully I or someone will be able to help.

Hope this helps,

This post has been edited by AndrewSerk: Mar 25 2012, 02:17 PM
PM
^
ericl42
 Posted: Mar 26 2012, 03:15 PM
Quote Post


SLF Rookie
*

Group: Members
Posts: 18
Member No.: 1393
Joined: 21-March 12









Thanks again for your quick response. I really really appreciate it. I tried creating another image and I do see 1 error during the creation process.

QUOTE
e2fsck 1.41. 12 (17-May-2 010)
Pass 1: Chec king inodes,  blocks, and  sizes
Pass 2: Chec king directo ry structure
Pass 3: Chec king directo ry connectiv ity
Pass 4: Chec king referen ce counts
Pass 5: Chec king group s ummary infor mation
_Plz-Work2:  63742/262144  files (0.3%  non-contigu ous), 403349 /1048576 blo cks
e2image 1.41 .12 (17-May- 2010)
seek: Value  too large fo r defined da ta type
resize2fs 1. 41.12 (17-Ma y-2010)
Resizing the  filesystem  on /var/tmp/ imgcreate-U_ H0Xt/tmp-pEY gqP/ext3fs.i mg to 392555  (4k) blocks   


When this tries to boot, it goes through a lot of the services starting up with an green OK beside them until it gets to starting atd. After it says OK starting atd, I Have the following.

QUOTE
type=1305 audit(long number): audid=(another long number) ses=(number) op="remove rule" key=(null) list=4 res=1
type=1305 audit(long number): audit=_eanbled=0 old=1 audid=(number) ses=(number) res=1
readahead-collection: starting delayed service auditd
readahead-collection: sorting
readahead-collection: finished


Below is my kickstart script. I've been modifying a lot of random sections trying to get it to work.

QUOTE
#############################################
#
# Test ISO
#
#################################################

install
cdrom
text
lang en_US.UTF-8
keyboard us
timezone US/Eastern
auth --useshadow --enablemd5
selinux --disabled
firewall --enabled --service=ssh --port=514:tcp --port=514:udp --port=8888:tcp
xconfig --startxonboot
#part / --size 4096 --fstype ext4
services --enabled=NetworkManager,network,sshd,rsyslog
rootpw --plaintext testpassword
user --name=test_account --groups=wheel --homedir=/home/test_account --password=test --plaintext --shell=/bin/bash
network --bootproto=dhcp --device=eth0
firstboot --disable

#################################################
# Include kickstart files
#################################################

#%include sl62-live-base.ks

#################################################
# Repos
#################################################

# SL repos
repo --name=base      --baseurl=http://ftp.scientificlinux.org/linux/scientific/6.2/$basearch/os/
repo --name=security  --baseurl=http://ftp.scientificlinux.org/linux/scientific/6.2/$basearch/updates/security/
#repo --name=fastbugs  --baseurl=http://ftp.scientificlinux.org/linux/scientific/6.2/$basearch/updates/fastbugs/

#################################################
# Packages
#################################################

%packages

syslinux
kernel

# basic software groups
@base
# package added to @base
squashfs-tools
@core
@graphical-admin-tools
@network-file-system-client
@network-tools
@x11

# remote-desktop-clients
#rdesktop
#tsclient

# other usefull packages
#busybox
#mailx
memtest86+
livecd-tools
#fuse
#wpa_supplicant
#dracut-network
#yum-plugin-fastestmirror

# livecd bits to set up the livecd and be able to install
anaconda
device-mapper-multipath
isomd5sum

/usr/sbin/lokkit

%end

#################################################
# Post installation
#################################################

%post

echo '#### THIS IS A TEST #####' >> /etc/rsyslog.conf
echo '# TEST 2 - Please work' >> /etc/rsyslog.conf

echo 'New file' > /etc/newfile.txt

/usr/sbin/useradd test_account2 -c "Test Account2" -p asdf -s /bin/bash

/usr/sbin/usermod -G wheel test_account

echo '# Allow wheel group sudo access' >> /etc/sudoers
echo '%wheel ALL=(ALL) ALL' >> /etc/sudoers

%end

# Reboot after installation
reboot --eject
PM
^
AndrewSerk
 Posted: Mar 27 2012, 04:07 AM
Quote Post


SLF Moderator
******

Group: Moderators
Posts: 528
Member No.: 54
Joined: 14-April 11









I spent a little time on this tonight and have made "some" progress. For some reason that alludes me so far the passwords for test_account and test_account2 don't get set and liveinst seems to have no affect. unsure.gif But at least it boots now.
Thought I would post what I have so far. I edited your ks and saved it as test.ks and created a ugly.ks:

CODE
setarch i686 livecd-creator --config=ugly.ks --fslabel=uglytest --cache=/var/cache/live


CODE
# uglyboot.ks
%include test.ks  
%post --nochroot
for rhgbfile in EFI/boot/isolinux.cfg EFI/boot/grub.conf isolinux/isolinux.cfg EFI/boot/boot.conf
do
 echo "# uglifying $LIVE_ROOT/$rhgbfile"
 echo "# uglifying $LIVE_ROOT/$rhgbfile" >> $LIVE_ROOT/$rhgbfile
 sed -i -e's/ rhgb//g' -e's/ quiet//g' -e's/rd_NO_DM/rd_NO_DM  liveinst/g' $LIVE_ROOT/$rhgbfile
 echo "# uglified $LIVE_ROOT/$rhgbfile" >> $LIVE_ROOT/$rhgbfile
done
%end

Thanks to SiliconSlick for his above ks that I modified slightly.
CODE
#############################################
#
# Test ISO
#
#################################################
##install
lang en_US.UTF-8
keyboard us
timezone US/Eastern
auth --useshadow --enablemd5
selinux --disabled
firewall --enabled --service=ssh --port=514:tcp --port=514:udp --port=8888:tcp
xconfig --startxonboot
#part / --size 4096 --fstype ext4
services --enabled=NetworkManager,network,sshd,rsyslog
rootpw --plaintext testpassword
##user --name=test_account --groups=wheel --homedir=/home/test_account --password=test --plaintext --shell=/bin/bash
network --bootproto=dhcp --device=eth0
firstboot --disable

#################################################
# Include kickstart files
#################################################

#%include sl62-live-base.ks

#################################################
# Repos
#################################################

# SL repos
repo --name=base      --baseurl=http://ftp.scientificlinux.org/linux/scientific/6.2/$basearch/os/
repo --name=security  --baseurl=http://ftp.scientificlinux.org/linux/scientific/6.2/$basearch/updates/security/
#repo --name=fastbugs  --baseurl=http://ftp.scientificlinux.org/linux/scientific/6.2/$basearch/updates/fastbugs/

#################################################
# Packages
#################################################

%packages

syslinux
kernel

# basic software groups
@base
# package added to @base
squashfs-tools
@core
@graphical-admin-tools
@network-file-system-client
@network-tools
@x11

# remote-desktop-clients
#rdesktop
#tsclient

# other usefull packages
#busybox
#mailx
memtest86+
livecd-tools
#fuse
#wpa_supplicant
#dracut-network
#yum-plugin-fastestmirror

# livecd bits to set up the livecd and be able to install
anaconda
device-mapper-multipath
isomd5sum

@basic-desktop
# package removed from @basic-desktop
-gok

@general-desktop
# package removed from @general-desktop
-gnome-backgrounds
-gnome-user-share
-nautilus-sendto
-orca
-rhythmbox
-vino
-compiz
-compiz-gnome
-evince-dvi
-gnote
-sound-juicer
@desktop-platform
# packages removed from @desktop-platform
-redhat-lsb
## packages to remove to save diskspace
-evolution
-evolution-help
-evolution-mapi
-scenery-backgrounds
-redhat-lsb-graphics
-qt3
-xinetd
-openswan
-pinentry-gtk
-seahorse
-pinfo
-vim-common
-vim-enhanced
# added packages
xorg-x11-fonts-100dpi
xorg-x11-fonts-ISO8859-1-100dpi
xorg-x11-fonts-Type1



/usr/sbin/lokkit

%end

#################################################
# Post installation
#################################################

%post
/sbin/chkconfig firstboot off
echo '#### THIS IS A TEST #####' >> /etc/rsyslog.conf
echo '# TEST 2 - Please work' >> /etc/rsyslog.conf

echo 'New file' > /etc/newfile.txt

/usr/sbin/useradd test_account2 -c "Test Account2" -p testaccount2 -s /bin/bash

/usr/sbin/useradd test_account -c "Test Account" -p testaccount -s /bin/bash
/usr/sbin/usermod -G wheel test_account
echo '# Allow wheel group sudo access' >> /etc/sudoers
echo '%wheel ALL=(ALL) ALL' >> /etc/sudoers

#chown -R test_account.test_account /home/test_account/
#chown -R test_account2.test_account2 /home/test_account/
%end
PM
^
ericl42
 Posted: Mar 27 2012, 02:30 PM
Quote Post


SLF Rookie
*

Group: Members
Posts: 18
Member No.: 1393
Joined: 21-March 12









Thanks for your post. I also did a lot of tweaking yesterday before reading this and I got mine booting a lot better. Here is my new ks script.

QUOTE
#################################################
## Custom Kickstart Script
#################################################

install
firstboot --disable
cdrom
lang en_US.UTF-8
keyboard us
timezone --utc America/New_York
authconfig --enableshadow --passalgo=sha512
selinux --disabled
firewall --enabled --service=ssh --port=514:tcp,514:udp,8888
network --onboot yes --device eth0 --bootproto dhcp --noipv6

clearpart --all
bootloader --location=mbr

#################################################
## Repos
#################################################
repo --name=base      --baseurl=http://ftp.scientificlinux.org/linux/scientific/6.2/$basearch/os/
repo --name=security  --baseurl=http://ftp.scientificlinux.org/linux/scientific/6.2/$basearch/updates/security/

#################################################
## Packages
#################################################

%packages
@admin-tools
@base
@core
#@gnome-desktop
@hardware-support
@input-methods
@text-internet
@base-x

# livecd bits to set up the livecd and be able to install
anaconda
device-mapper-multipath
isomd5sum
livecd-tools

/usr/sbin/lokkit

%end

#################################################
## Post Boot Scripts
#################################################
%post

# Modify rsyslog configuration
echo '#### THIS IS A TEST #####' >> /etc/rsyslog.conf
echo '# TEST 2 - Please work' >> /etc/rsyslog.conf

# Test adding new files
echo 'New file' > /etc/newfile.txt

# Add a new user and modify permissions
/usr/sbin/useradd test_account -G wheel -c "Test Account" -d /home/test_account -s /bin/bash; echo password2 | passwd --stdin test_account

# Allow wheel group sudo access
echo '# Allow wheel group sudo access' >> /etc/sudoers
echo '%wheel ALL=(ALL) ALL' >> /etc/sudoers

%end

# Reboot after installation
reboot --eject


Like you said, adding users doesn't seem to work so I made a 1 liner to deal with that in the post boot script and it works very well. At this point in time I have to do the following.

1. Start taking our some unneeded packages to make it as small as possible and still boot.
2. Try to make the system instantly boot up to an install screen instead of having to cancel the system config and then run /usr/bin/liveinst (going to try adding this to the postinstall section as you mentioned above)
3. Once it starts installing, I need to take out a few of the sections that I have already predefined so no one can modify them. (yet again, going to try the sed options you stated above)

I really appreciate your help in all of this. I have never dealt with kickstart scripts before and they are very fun/annoying to work with!
PM
^
AndrewSerk
 Posted: Mar 27 2012, 05:48 PM
Quote Post


SLF Moderator
******

Group: Moderators
Posts: 528
Member No.: 54
Joined: 14-April 11









Glad to try to help,
A few more edits. Now it boots to text install smile.gif I am sure you wil still have to remove some clutter and straighten up a bit but should be getting close cool.gif
CODE

setarch i686 livecd-creator --config=ugly.ks --fslabel=uglytest --cache=/var/cache/live


CODE
# uglyboot.ks
%include test.ks  
%post --nochroot
for rhgbfile in EFI/boot/isolinux.cfg EFI/boot/grub.conf isolinux/isolinux.cfg EFI/boot/boot.conf
do
 echo "# uglifying $LIVE_ROOT/$rhgbfile"
 echo "# uglifying $LIVE_ROOT/$rhgbfile" >> $LIVE_ROOT/$rhgbfile
 sed -i -e's/ rhgb//g' -e's/ quiet//g' -e's/ rd_NO_LUKS rd_NO_MD rd_NO_DM/textinst /g' $LIVE_ROOT/$rhgbfile
 echo "# uglified $LIVE_ROOT/$rhgbfile" >> $LIVE_ROOT/$rhgbfile
done
%end


CODE
#################################################
## Custom Kickstart Script
#################################################

##install
##firstboot --disable
##cdrom
%include sl62-live-base.ks

lang en_US.UTF-8
keyboard us
timezone --utc America/New_York
authconfig --enableshadow --passalgo=sha512
selinux --disabled
firewall --enabled --service=ssh --port=514:tcp,514:udp,8888
network --onboot yes --device eth0 --bootproto dhcp --noipv6
# Root password
rootpw --plaintext roottestpassword
##clearpart --all
##bootloader --location=mbr

#################################################
## Repos
#################################################
repo --name=base      --baseurl=http://ftp.scientificlinux.org/linux/scientific/6.2/$basearch/os/
repo --name=security  --baseurl=http://ftp.scientificlinux.org/linux/scientific/6.2/$basearch/updates/security/

#################################################
## Packages
#################################################

%packages
@admin-tools
@base
@core
#@gnome-desktop
@hardware-support
@input-methods
@text-internet
@base-x
@x11
@fonts


# livecd bits to set up the livecd and be able to install
anaconda
device-mapper-multipath
isomd5sum
livecd-tools
ibus-gtk
gdm

/usr/sbin/lokkit

%end

#################################################
## Post Boot Scripts
#################################################
%post
/sbin/chkconfig firstboot off
# Modify rsyslog configuration
echo '#### THIS IS A TEST #####' >> /etc/rsyslog.conf
echo '# TEST 2 - Please work' >> /etc/rsyslog.conf

# Test adding new files
echo 'New file' > /etc/newfile.txt

# Add a new user and modify permissions
/usr/sbin/useradd test_account -G wheel -c "Test Account" -d /home/test_account -s /bin/bash; echo password2 | passwd --stdin test_account

# Allow wheel group sudo access
echo '# Allow wheel group sudo access' >> /etc/sudoers
echo '%wheel ALL=(ALL) ALL' >> /etc/sudoers


%end


Hope this helps,
QUOTE
I have never dealt with kickstart scripts before and they are very fun/annoying to work with!

EDIT: Kickstart files for livecd/dvds are a lot more difficult and involved than a ks for the install dvd. For a simple way to make a install ks for a install media check out "system-config-kickstart" package. wink.gif

This post has been edited by AndrewSerk: Mar 27 2012, 05:58 PM
PM
^
ericl42
 Posted: Mar 27 2012, 07:51 PM
Quote Post


SLF Rookie
*

Group: Members
Posts: 18
Member No.: 1393
Joined: 21-March 12









Getting closer! Here are the issues I'm currently trying to figure out/make better. But with this setup, It's ~450 MB ISO image and 1.4 gig install image.

1. How to add "Install" option on the initial boot menu.
2. After the install is done, you hit the reboot button and the image doesn't reboot. It just gives you a command prompt and you have to type in reboot.
3. The firewall section isn't working. I'm specifying ports to open up but they are not showing open once I install to the HD.
4. I am trying to remove various packages and all of them are showing up as installed. Not sure why they are still there.

QUOTE
######################################################
## Custom Kickstart Script
######################################################

install
firstboot --disable
cdrom
lang en_US.UTF-8
keyboard us
timezone --utc America/New_York
authconfig --enableshadow --passalgo=sha512
selinux --disabled
services --enabled=iptables,rsyslog,sshd,ntpd --disabled=firstboot
firewall --enabled --ssh --port=514:tcp
skipx

clearpart --all
bootloader --location=mbr

######################################################
## Repos
######################################################
repo --name=base      --baseurl=http://ftp.scientificlinux.org/linux/scientific/6.2/$basearch/os/
repo --name=security  --baseurl=http://ftp.scientificlinux.org/linux/scientific/6.2/$basearch/updates/security/

######################################################
## Packages
######################################################

%packages

# Basic packages
@base
@core
@hardware-support

# Packages for livecd install
anaconda
device-mapper-multipath
isomd5sum
livecd-tools

# Remove these packages
-cups
-postfix
-sendmail
-gnome-icon-theme
-gnome-themes
-python
-perl
-gnome-user-docs
-curl
-ModemManager
-sqlite
-rsync
-openldap
-tigervnc-server

/usr/sbin/lokkit

%end

######################################################
## Post Boot Scripts
######################################################
%post

# Modify rsyslog configuration
echo '#### THIS IS A TEST #####' >> /etc/rsyslog.conf
echo '# TEST 2 - Please work' >> /etc/rsyslog.conf

# Test adding new files
echo 'New file' > /etc/newfile.txt

# Add a new user and modify permissions
/usr/sbin/useradd test_account -G wheel -c "Test Account" -d /home/test_account -s /bin/bash; echo longpassword | passwd --stdin test_account

# Allow wheel group sudo access
echo '# Allow wheel group sudo access' >> /etc/sudoers
echo '%wheel ALL=(ALL) ALL' >> /etc/sudoers

%end

# Reboot after installation
reboot --eject


Also, what is your second section of "code" for. The post --nochroot and for rhgbfile section. I'm confused about that.
PM
^
AndrewSerk
 Posted: Mar 27 2012, 09:07 PM
Quote Post


SLF Moderator
******

Group: Moderators
Posts: 528
Member No.: 54
Joined: 14-April 11









QUOTE
1. How to add "Install" option on the initial boot menu.

That is what I was doing with the ugly.ks by adding "textinst" to the kernel line . That and removing rhgb and quiet from the kernel line. It works but is not that pretty> ' bootloader --append="textinst" or "liveinst" ' placed above the repo lines would be prettier (if that works, I just read about that)

QUOTE
2. After the install is done, you hit the reboot button and the image doesn't reboot. It just gives you a command prompt and you have to type in reboot.

Check the logs before you type in reboot and see if any error is logged that might give us a clue as to the issue.

QUOTE
3. The firewall section isn't working. I'm specifying ports to open up but they are not showing open once I install to the HD.

I am not exacly sure how to make those setting tranfer to a HD install but would guess it has something to do with $LIVE_ROOT/ vs. $INSTALL_ROOT as in what was in the rpm that provides the files. I will see what I can find on the subject.

QUOTE
4. I am trying to remove various packages and all of them are showing up as installed. Not sure why they are still there.

You are using "-" to remove them? like:
-curl
and putting that to the end of %packages and they are still installed?
If so, then might be a dep issue.

This post has been edited by AndrewSerk: Mar 27 2012, 09:11 PM
PM
^
AndrewSerk
 Posted: Mar 28 2012, 03:47 AM
Quote Post


SLF Moderator
******

Group: Moderators
Posts: 528
Member No.: 54
Joined: 14-April 11









The bootloader directive does work for appending things to the kernel line here. If you append textinst it boots to a text install and if you append liveinst it boots to a gui install. I put the directive above the repo line:

CODE
bootloader --append="textinst"
or
CODE
bootloader --append="anything the kernel can understand"


So no real need for that ugly.ks.

Hope this helps,
PM
^
ericl42
 Posted: Mar 28 2012, 01:41 PM
Quote Post


SLF Rookie
*

Group: Members
Posts: 18
Member No.: 1393
Joined: 21-March 12









Unfortunately adding "liveint" or "textinst" doesn't do anything when I add it to the bootloader option. I see that it appends it to the description like it's suppose to, but it still doesn't boot directly into the install. You still have to type in the username root and then run liveinst to get it working. So I'll have to look into that. I also found out that the firewall settings don't take affect on the live CD either.

I looked at the commands that the normal SL62 CD has for the "install" section and these are the arguments they call. I'll try that later today.

vmlinz0 initrd=initrd0.img root=live:CDLABEL=SL62-i386-LiveCD rootfstype=auto ro liveimg liveinst noswap rd_NO_LUKS rd_NO_MD rd_NO_DM *
PM
^
AndrewSerk
 Posted: Mar 29 2012, 01:13 AM
Quote Post


SLF Moderator
******

Group: Moderators
Posts: 528
Member No.: 54
Joined: 14-April 11









There are some differences between the last kickstart I posted and the last you posted. The biggest diff. probably is I included sl62-live-base( %include sl62-live-base.ks ). I bet that has something to do with the bootloader directives not working.

Haven't had any time to research how to preserve the firewall settings for a install yet. Hope to have some time tomorrow night or Friday.
PM
^
ericl42
 Posted: Apr 6 2012, 08:29 PM
Quote Post


SLF Rookie
*

Group: Members
Posts: 18
Member No.: 1393
Joined: 21-March 12









Started working on this again today and I'm definitely getting a lot closer. I've given up on dealing with the firewall on the main section and tried to configure it via echoing the /etc/sysconfig/iptables file and by running the /sbin/iptables commands but none of them seem to work. So I'm not sure what's going on with that. I also still can't get it to prompt me for the network configuration like I'd like it to. But it's definitely getting there! One major question I had is the difference between the chroot vs nochroot. From what I've read, chroot is for the actual file system that is being copied to the hard drive and the nochroot is if you start copying to and from the live cd to the hard drive. That doesn't sound right to me though but seems to be the case in a lot of postscript examples I"ve seen. Here is my currently postscript

QUOTE
%post

# Add a new user and modify permissions
/usr/sbin/useradd test_user -G wheel -c "Test User" -d /home/test_user -s /bin/bash; echo tmppassword | passwd --stdin test_user

# Test to see if wget works (DOES NOT WORK)
wget www.google.com -O /tmp/test

# Allow wheel group sudo access
echo ' ' >> /etc/sudoers
echo '### Allow wheel group sudo access ###' >> /etc/sudoers
echo '%wheel ALL=(ALL) ALL' >> /etc/sudoers

# Modify ssh_config
echo ' ' >> /etc/ssh/ssh_config
echo '### Specific settings for timeouts' >> /etc/ssh/ssh_config
echo 'TCPKeepAlive yes' >> /etc/ssh/ssh_config
echo 'ServerAliveInterval 120' >> /etc/ssh/ssh_config
echo 'ServerAliveCountMax 3' >> /etc/ssh/ssh_config

# Modify sshd_config
/bin/sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
/sbin/service sshd restart

# Create a directory for rsyslog queuing
mkdir /var/spool/rsyslog

# Modify rsyslog configuration
echo ' ' >> /etc/rsyslog.conf
echo '### Queuing Config ###' >> /etc/rsyslog.conf
echo '$WorkDirectory                  /var/spool/rsyslog' >> /etc/rsyslog.conf
echo '$ActionQueueType                LinkedList' >> /etc/rsyslog.conf
echo '$ActionQueueFileName            remotequeue' >> /etc/rsyslog.conf
echo '$ActionResumeRetryCount        -1' >> /etc/rsyslog.conf
echo '$ActionQueueSaveOnShutdown      on' >> /etc/rsyslog.conf
echo '$ActionQueueMaxFileSize        100m' >> /etc/rsyslog.conf
echo '$ActionQueueMaxDiskSpace        5g' >> /etc/rsyslog.conf
echo ' ' >> /etc/rsyslog.conf
echo '### Forwarding Rule ###' >> /etc/rsyslog.conf
echo '*.*    @@127.0.0.1:1514' >> /etc/rsyslog.conf

# Create an init script for the SSH tunnel
cat > /etc/inittab << EOF_inittab

log1:3:respawn:ssh -fnNTx -L 1514:127.0.0.1:514 test_user@192.168.56.110 > /dev/null 2>&1

EOF_inittab

# Potentially add stuff to crontab
#echo '0 1 * * * /path/to/script' >> /etc/crontab

# Modify firewall rules (DOES NOT WORK)
/bin/sed -i 's/:INPUT ACCEPT/:INPUT DROP/' /etc/sysconfig/iptables
/bin/sed -i 's/-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT/-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT \n-A INPUT -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT \n-A INPUT -p udp -m state --state NEW -m udp --dport 514 -j ACCEPT' /etc/sysconfig/iptables
/sbin/service iptables restart

%end

PM
^
AndrewSerk
 Posted: Apr 7 2012, 07:39 PM
Quote Post


SLF Moderator
******

Group: Moderators
Posts: 528
Member No.: 54
Joined: 14-April 11









Hi ericl42,

Glad you have made progress. smile.gif
From the observations that I have made the difference between the chroot and --nochroot is: The chroot environment isolates the livecd build environment form the host that is building the livecd.
The --nochroot environment allows you to copy from the build host environment to the livecd build enviroment.

As example of --nochroot: I use this to "untar" the mplayer codes that are stored in the same folder as the ks (build host environment) to the livecd (livecd build environment)
CODE
##############################################################################
## POST --NOCHROOT
##############################################################################

%post --nochroot
##makes mplayer codecs dir and unpack them
mkdir -p $INSTALL_ROOT/usr/lib/codecs
tar -jxvf all-20110131.tar.bz2 --strip-components 1 -C $INSTALL_ROOT/usr/lib/codecs/


I did a little testing on the persistent changes to iptables and found that if I add to "/etc/rc.d/init.d/livesys-late" the changes are persistent after a install. There is probably a better way to do this like build a rpm that modifies iptables after the iptables file is created,
Here is a snippet of how I added to /etc/rc.d/init.d/livesys-late:
CODE

%post
cat >> /etc/rc.d/init.d/livesys-late << EOF_lateinitscript
# setup firewall
rm /etc/sysconfig/iptables
touch /etc/sysconfig/iptables

cat >> /etc/sysconfig/iptables << EOF_iptables
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth+ -j MASQUERADE
-A POSTROUTING -o ippp+ -j MASQUERADE
-A POSTROUTING -o isdn+ -j MASQUERADE
-A POSTROUTING -o ppp+ -j MASQUERADE
-A POSTROUTING -o tun+ -j MASQUERADE
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type destination-unreachable -j DROP
-A INPUT -p icmp -m icmp --icmp-type echo-reply -j DROP
-A INPUT -p icmp -m icmp --icmp-type echo-request -j DROP
-A INPUT -p icmp -m icmp --icmp-type parameter-problem -j DROP
-A INPUT -p icmp -m icmp --icmp-type redirect -j DROP
-A INPUT -p icmp -m icmp --icmp-type router-advertisement -j DROP
-A INPUT -p icmp -m icmp --icmp-type router-solicitation -j DROP
-A INPUT -p icmp -m icmp --icmp-type source-quench -j DROP
-A INPUT -p icmp -m icmp --icmp-type time-exceeded -j DROP
-A INPUT -p icmp -j DROP
-A INPUT -i lo -j DROP
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -p icmp -m icmp --icmp-type destination-unreachable -j DROP
-A FORWARD -p icmp -m icmp --icmp-type echo-reply -j DROP
-A FORWARD -p icmp -m icmp --icmp-type echo-request -j DROP
-A FORWARD -p icmp -m icmp --icmp-type parameter-problem -j DROP
-A FORWARD -p icmp -m icmp --icmp-type redirect -j DROP
-A FORWARD -p icmp -m icmp --icmp-type router-advertisement -j DROP
-A FORWARD -p icmp -m icmp --icmp-type router-solicitation -j DROP
-A FORWARD -p icmp -m icmp --icmp-type source-quench -j DROP
-A FORWARD -p icmp -m icmp --icmp-type time-exceeded -j DROP
-A FORWARD -p icmp -j DROP
-A FORWARD -i lo -j DROP
-A FORWARD -o eth+ -j DROP
-A FORWARD -o ippp+ -j DROP
-A FORWARD -o isdn+ -j DROP
-A FORWARD -o ppp+ -j DROP
-A FORWARD -o tun+ -j DROP
-A INPUT -j DROP
-A FORWARD -j DROP
COMMIT
EOF_iptables
service iptables restart
EOF_lateinitscript

If you use this method you should add a chmod for iptables between EOF_iptables and EOF_lateinitscript.


Hope this helps

This post has been edited by AndrewSerk: Apr 14 2012, 06:53 AM
PM
^
ericl42
 Posted: Apr 11 2012, 03:25 PM
Quote Post


SLF Rookie
*

Group: Members
Posts: 18
Member No.: 1393
Joined: 21-March 12









Latest kickstart script and outstanding issues. I hope if nothing else the kickstart script below will help some other people get past a few initial hurdles I had.

1. When the boot menu starts and I select "install" or "install (text mode)", it never goes directly to the install. It goes to a command prompt where I have to type in root and the run "liveinst".
2. When the install starts, I want to remove some of the options. Ex. - I am defining the time zone, language, etc in the kickstart script so I don't want anyone to be able to modify that.
3. It's not prompting me for the network information. I don't want to run firstboot, I just want it to ask me for the network during the intial setup. I've tried various things in the kickstart script such as "asknet", "network --query", and none seem to work.
4. The iptables setup doesn't work. I've tried adding "iptables --ssh --http --port:514" at the top of the kickstart script, I've tried echoing commands into /etc/sysconfig/iptables, I've tried rewriting the file completely, and none of it seems to work.
QUOTE

######################################################
## Custom Kickstart Script
######################################################

######################################################
## Include another kickstart script
######################################################

#%include test-base.ks
#%include sl62-live-base.ks

######################################################
## Basic Settings
######################################################

cdrom
install
text
autostep
skipx

lang en_US.UTF-8
keyboard us
timezone --utc America/New_York
authconfig --enableshadow --passalgo=sha512
selinux --disabled
services --enabled=iptables,rsyslog,sshd,ntpd --disabled=sendmail,cups,firstboot

clearpart --all
#bootloader --location=mbr --append="textinst"

######################################################
## Repos
######################################################
repo --name=base      --baseurl=http://ftp.scientificlinux.org/linux/scientific/6.2/$basearch/os/
repo --name=security  --baseurl=http://ftp.scientificlinux.org/linux/scientific/6.2/$basearch/updates/security/

######################################################
## Packages
######################################################

%packages

# Basic packages
@base
@core
@graphical-admin-tools
@network-file-system-client
@network-tools
@x11
squashfs-tools

# Additional packages that are not on the other template
gcc
openssl-devel
make

# Additional firmware support
aic94xx-firmware
netxen-firmware
atmel-firmware
bfa-firmware
ql2100-firmware
ql2200-firmware
ql23xx-firmware
ql2400-firmware
ql2500-firmware
rt61pci-firmware
rt73usb-firmware
xorg-x11-drv-ati-firmware

# Packages for livecd install
anaconda
device-mapper-multipath
isomd5sum
livecd-tools

# Remove these packages
#-cups
#-postfix
#-sendmail
#-gnome-icon-theme
#-gnome-themes
#-python
#-perl
#-gnome-user-docs
#-curl
#-ModemManager
#-sqlite
#-rsync
#-openldap
#-tigervnc-server

/usr/sbin/lokkit

%end

######################################################
## Post Script --nochroot (nochroot environment allows you to copy from the build host environment to the livecd build enviroment)
######################################################
%post --nochroot

###### TESTING #####
mkdir -p $INSTALL_ROOT/usr/lib/codecs
mkdir -p $INSTALL_ROOT/root/

cp -R testing $INSTALL_ROOT/root/
tar -xzf test.tar.gz --strip-components 1 -C $INSTALL_ROOT/usr/lib/codecs/
###################

# Copy new splash screen for boot menu
cp -f splash.jpg $LIVE_ROOT/isolinux/

# Modify the boot menu
cat > $LIVE_ROOT/isolinux/isolinux.cfg << EOF_boot_menu

default vesamenu.c32
timeout 100

menu background splash.jpg
menu title Welcome to TestISO!
menu color border 0 #ffffffff #00000000
menu color sel 7 #ffffffff #ff000000
menu color title 0 #ffffffff #00000000
menu color tabmsg 0 #ffffffff #00000000
menu color unsel 0 #ffffffff #00000000
menu color hotsel 0 #ff000000 #ffffffff
menu color hotkey 7 #ffffffff #ff000000
menu color timeout_msg 0 #ffffffff #00000000
menu color timeout 0 #ffffffff #00000000
menu color cmdline 0 #ffffffff #00000000
menu hidden
menu hiddenrow 5
label linux0
  menu label Boot
  kernel vmlinuz0
  append initrd=initrd0.img root=live:CDLABEL=TestISO rootfstype=auto ro liveimg quiet textinst rhgb rd_NO_LUKS rd_NO_MD rd_NO_DM 
menu default
label linuxtext0
  menu label Boot (Text Mode)
  kernel vmlinuz0
  append initrd=initrd0.img root=live:CDLABEL=TestISO rootfstype=auto ro liveimg 3 quiet textinst rhgb rd_NO_LUKS rd_NO_MD rd_NO_DM 
label linux0
  menu label Boot (Basic Video)
  kernel vmlinuz0
  append initrd=initrd0.img root=live:CDLABEL=TestISO rootfstype=auto ro liveimg quiet textinst rhgb rd_NO_LUKS rd_NO_MD rd_NO_DM xdriver=vesa nomodeset
label install0
  menu label Install
  kernel vmlinuz0
  append initrd=initrd0.img root=live:CDLABEL=TestISO rootfstype=auto ro liveimg liveinst noswap textinst rd_NO_LUKS rd_NO_MD rd_NO_DM 
label textinstall0
  menu label Install (Text Mode)
  kernel vmlinuz0
  append initrd=initrd0.img root=live:CDLABEL=TestISO rootfstype=auto ro liveimg textinst noswap textinst rd_NO_LUKS rd_NO_MD rd_NO_DM 

EOF_boot_menu

%end

#####################################################
## Post Script (chroot environment isolates the livecd build environment form the host that is building the livecd)
#####################################################
%post

# Add a new user and modify permissions
/usr/sbin/useradd test_user -G wheel -c "Test User" -d /home/test_user -s /bin/bash; echo testpassword | passwd --stdin test_user

# Allow wheel group sudo access
cat >> /etc/sudoers << EOF_sudoers

### Allow wheel group sudo access ###
%wheel ALL=(ALL) ALL'
EOF_sudoers

# Modify ssh_config
cat >> /etc/ssh/ssh_config << EOF_ssh_config
### Specific settings for timeouts
TCPKeepAlive yes
ServerAliveInterval 120
ServerAliveCountMax 3
EOF_ssh_config

# Modify sshd_config
/bin/sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
/sbin/service sshd restart

# Create a directory for rsyslog queuing
mkdir /var/spool/rsyslog

# Modify rsyslog configuration
cat >> /etc/rsyslog.conf << EOF_rsyslog

### Queuing Config ###' >> /etc/rsyslog.conf
$WorkDirectory                  /var/spool/rsyslog
$ActionQueueType                LinkedList
$ActionQueueFileName            remotequeue
$ActionResumeRetryCount        -1
$ActionQueueSaveOnShutdown      on
$ActionQueueMaxFileSize        100m
$ActionQueueMaxDiskSpace        5g

### Forwarding Rule ###
*.*    @@127.0.0.1:1514
EOF_rsyslog

# Potentially add stuff to crontab
#echo '0 1 * * * /path/to/script' >> /etc/crontab

# Modify firewall rules
cat > /etc/sysconfig/iptables << EOF_iptables
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 514 -j ACCEPT
-A FORWARD -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
-A FORWARD -p udp -m state --state NEW -m udp --dport 514 -j ACCEPT
COMMIT
EOF_iptables

%end

# Reboot after installation
reboot --eject

PM
^
AndrewSerk
 Posted: Apr 11 2012, 04:08 PM
Quote Post


SLF Moderator
******

Group: Moderators
Posts: 528
Member No.: 54
Joined: 14-April 11









I suspect this missing snippet from the live-base.ks is the issue with liveinst / textinst not working, there maybe more from live-base.ks that is necessary for the functions you want.:

Snippet from sl62-live-base.ks
CODE
% post
cat > /etc/rc.d/init.d/livesys-late << EOF_lateinitscript
#!/bin/bash
# if liveinst or textinst is given, start anaconda
if [ "\\\$( cmdline_parameter liveinst )" ]; then
  plymouth --quit
  /usr/sbin/liveinst \\\$ks
  /sbin/reboot
fi
if [ "\\\$( cmdline_parameter textinst )" ]; then
  plymouth --quit
  /usr/sbin/liveinst --text \\\$ks
  /sbin/reboot
fi
EOF_lateinitscript


You should go through the sl62-live-base.ks and "rebuild" it removing the things you don't want and adding what you might need. Then save and %include it.

This post has been edited by AndrewSerk: Apr 11 2012, 04:18 PM
PM
^
ericl42
 Posted: Apr 13 2012, 08:22 PM
Quote Post


SLF Rookie
*

Group: Members
Posts: 18
Member No.: 1393
Joined: 21-March 12









I ended up using the following include files:

%include sl62-livecd-gnome.ks
%include sl62-live-base.ks

With this I have a full fledged gui for the end user to install easier and the boot install scripts work fine. Right now I'm working on tweaking the boot menu a little more but I think that has been 100% resolved. The major issues I have now are:

1. Iptables does not want to work correctly for me!!!! I tried your script but it didn't work. I also tried creating an iptables.script with a lot of commands in it and invoking that and it didn't work either. I may have to just create the script and then have it run in /etc/rc.local at boot or cron it so it'll run. Not sure, but it is very frustrating for something that should work with the kickstart "firewall --" options.
2. It still isn't prompting me for network configuration during boot and it's not working once I start the machine. I hope this is just a virual box problem. I'll try to burn it to a CD later and see if a physical machine works.
3. I'm going to create a locked down version of gnome so they can run some custom scripts. So I'm going to have to create some desktop items so that users can run them.
4. I need to make it where the users can't modify a few options during the boot install process such as root password, time zone, etc. I want those to stay as a default that I set.
PM
^
AndrewSerk
 Posted: Apr 13 2012, 11:17 PM
Quote Post


SLF Moderator
******

Group: Moderators
Posts: 528
Member No.: 54
Joined: 14-April 11









Glad you are still making progress.
QUOTE
I tried your script but it didn't work.

Looks like the script was missing a restart of iptables! sorry for that!

snippet
CODE

COMMIT
EOF_iptables
service iptables restart
EOF_lateinitscript

The script for iptables 2nd line should also read:
CODE
cat >> /etc/rc.d/init.d/livesys-late << EOF_lateinitscript


I'll post back on the other stuff just as soon as I get my AAA server up again.
EDIT: OK got my AAA server up and working again.

QUOTE
2. It still isn't prompting me for network configuration during boot and it's not working once I start the machine. I hope this is just a virual box problem. I'll try to burn it to a CD later and see if a physical machine works.

Have you tried "asknetwork" in your .ks?

QUOTE
3. I'm going to create a locked down version of gnome so they can run some custom scripts. So I'm going to have to create some desktop items so that users can run them.

Most of the Gnome settings can be manipulated by command line with "gconftool-2" but I don't have much experience with it. I will post how I have added things to the desktop in my next post.(my info is on a different machine than I am posting from now)

QUOTE
4. I need to make it where the users can't modify a few options during the boot install process such as root password, time zone, etc. I want those to stay as a default that I set.

Not sure how to go about that but will see what I can find on the subject.

This post has been edited by AndrewSerk: Apr 14 2012, 06:52 AM
PM
^
AndrewSerk
 Posted: Apr 16 2012, 02:48 PM
Quote Post


SLF Moderator
******

Group: Moderators
Posts: 528
Member No.: 54
Joined: 14-April 11









QUOTE
I need to make it where the users can't modify a few options during the boot install process such as root password, time zone, etc. I want those to stay as a default that I set.


I believe you can set the time zone/location through gconftool-2 and make the changes to gnome so that no one can change the changes by editing through the gconftool-2 and the /etc/gconf/gconf.xml.mandatory file. If you want the changes to be persistent for a install I would try to add the gconftool-2 commands to /etc/rc.d/init.d/livesys-late . If you just want the commands to work for the live session and not the install add the lines to /etc/rc.d/init.d/livesys .

I have never tried this before for a livecd but for other things you don't want the user to be able to change you might want to set "sticky bits" on the files/settings.

I have not been able to find my info on adding to the desktop of a livecd but will continue the search and post the info when I find it.
PM
^
ericl42
 Posted: Apr 17 2012, 04:15 PM
Quote Post


SLF Rookie
*

Group: Members
Posts: 18
Member No.: 1393
Joined: 21-March 12









Here is my latest kickstart script. The install works perfectly, minus the autostep stuff not working correctly. From what I read, if you set various options such as keyboard, timezone, and root password, autostep will skip those during the install process and not let the user pick them, but that isn't happening. I'll have to figure out whats going on with that because I don't want those to be modified at all. But on the bright side, I have been able to modify a lot of the application menu items to lock that down. Then I'll probably create a /bin/rbash profile for them as well to lock down the terminal. I was even able to add some items to the Application menu for support, since for some reason I couldn't put them directly on the user's desktop. It is probably due to some race condition on when it's created. So if I can get the network up and working correctly (may be a VM issue) and have the boot process auto step through with minimal user interaction, I think I'll almost be there. Yet again, I really appreciate all of the help you've been. It's definitely been a learning process.

P.S. - Just checked and the iptables rules are still not working!! Arg!

Edit - I started doing some more reading and they acted like I needed to copy my ks.cfg file to $LIVE_ROOT and then during the boot menu do something like ks=cd:/ks.cfg to make the install unattended. Because apparently now it doesn't now about the kickstart script.

QUOTE
######################################################
## Custom Kickstart Script
######################################################

######################################################
## Include another kickstart script
######################################################

%include sl62-livecd-gnome.ks

######################################################
## Basic Settings
######################################################

cdrom
install
autopart
autostep
firstboot --disabled
xconfig --startxonboot
rootpw --plaintext password

lang en_US.UTF-8
keyboard us
timezone --utc America/New_York
auth --useshadow --enablemd5
selinux --disabled
services --enabled=iptables,rsyslog,sshd,ntpd --disabled=sendmail,cups,firstboot

clearpart --all

######################################################
## Repos
######################################################
repo --name=base          --baseurl=http://ftp.scientificlinux.org/linux/scientific/6.2/$basearch/os/
repo --name=security   --baseurl=http://ftp.scientificlinux.org/linux/scientific/6.2/$basearch/updates/security/

######################################################
## Packages
######################################################

%packages

# Additional packages that are not on the other template
#gcc
#openssl-devel
#make

# Additional firmware support
aic94xx-firmware
netxen-firmware
atmel-firmware
bfa-firmware
ql2100-firmware
ql2200-firmware
ql23xx-firmware
ql2400-firmware
ql2500-firmware
rt61pci-firmware
rt73usb-firmware
xorg-x11-drv-ati-firmware

# Remove these packages


/usr/sbin/lokkit

%end

######################################################
## Post Script --nochroot (nochroot environment allows you to copy from the build host environment to the livecd build enviroment)
######################################################
%post --nochroot

# Modify desktop background
cp -f security_hacker_wallpaper.jpg $INSTALL_ROOT/usr/share/backgrounds/1280x1024_default.png
cp -f security_hacker_wallpaper.jpg $INSTALL_ROOT/usr/share/backgrounds/1920x1200_default.png
cp -f security_hacker_wallpaper.jpg $INSTALL_ROOT/usr/share/backgrounds/2048x1536_default.png

# Copy new splash screen for boot menu
cp -f splash.jpg $LIVE_ROOT/isolinux/

# Modify the boot menu
cat > $LIVE_ROOT/isolinux/isolinux.cfg << EOF_boot_menu

default vesamenu.c32
timeout 100

menu background splash.jpg
menu title Welcome to Test!
menu color border 0 #ffffffff #00000000
menu color sel 7 #ffffffff #ff000000
menu color title 0 #ffffffff #00000000
menu color tabmsg 0 #ffffffff #00000000
menu color unsel 0 #ffffffff #00000000
menu color hotsel 0 #ff000000 #ffffffff
menu color hotkey 7 #ffffffff #ff000000
menu color timeout_msg 0 #ffffffff #00000000
menu color timeout 0 #ffffffff #00000000
menu color cmdline 0 #ffffffff #00000000
menu hidden
menu hiddenrow 5
label install0
  menu label Install
  kernel vmlinuz0
  append initrd=initrd0.img root=live:CDLABEL=Test rootfstype=auto ro liveimg liveinst noswap autostep  rd_NO_LUKS rd_NO_MD rd_NO_DM 
menu default
EOF_boot_menu

%end

#####################################################
## Post Script (chroot environment isolates the livecd build environment form the host that is building the livecd)
#####################################################
%post

# Add a new user and modify permissions
/usr/sbin/useradd support -G wheel -c "Support" -d /home/support -s /bin/bash; echo password | passwd --stdin support
/usr/sbin/useradd login1 -c "Login1" -d /home/login1 -s /bin/bash; echo password1 | passwd --stdin ogin1

# Allow wheel group sudo access
cat >> /etc/sudoers << EOF_sudoers

### Allow wheel group sudo access ###
%wheel ALL=(ALL) ALL'
EOF_sudoers

# Modify ssh_config
cat >> /etc/ssh/ssh_config << EOF_ssh_config

### Specific settings for timeouts
TCPKeepAlive yes
ServerAliveInterval 120
ServerAliveCountMax 3
EOF_ssh_config

# Modify sshd_config
/bin/sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
/sbin/service sshd restart

# Create a directory for rsyslog queuing
mkdir /var/spool/rsyslog

# Modify rsyslog configuration
cat >> /etc/rsyslog.conf << EOF_rsyslog

### Queuing Config ###
\$WorkDirectory /var/spool/rsyslog
\$ActionQueueType LinkedList
\$ActionQueueFileName remotequeue
\$ActionResumeRetryCount -1
\$ActionQueueSaveOnShutdown on
\$ActionQueueMaxFileSize 100m
\$ActionQueueMaxDiskSpace 5g

### Forwarding Rule ###
*.*     @@127.0.0.1:1514
EOF_rsyslog

# Create an init script for the SSH tunnel
cat >> /etc/inittab << EOF_inittab
log1:3:respawn:ssh -fnNTx -L 1514:127.0.0.1:514 syslog_user@192.168.56.110 > /dev/null 2>&1
EOF_inittab

# Allow forwarding (first line is for initial allowance, second line is to maintain during a reboot)
echo 1 > /proc/sys/net/ipv4/ip_forward
/bin/sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/' /etc/sysctl.conf

# Create iptable rules
cat >> /etc/rc.d/init.d/livesys-late << EOF_lateinitscript
# setup firewall
rm /etc/sysconfig/iptables
touch /etc/sysconfig/iptables

cat >> /etc/sysconfig/iptables << EOF_iptables
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 514 -j ACCEPT
-A INPUT -p udp -m state --state NEW --dport 514 -j ACCEPT
COMMIT
EOF_iptables
/sbin/service iptables restart
EOF_lateinitscript

# Remove some files that are not needed
rpm -e --nodeps tigervnc-server postfix pidgin cups pulseaudio-module-bluetooth gnome-bluetooth-libs gnome-bluetooth libgweather cheese evolution-data-server

# Modify the applications menu
rm -f /usr/share/applications/gthumb*.desktop
rm -f /usr/share/applications/brasero*.desktop
rm -f /usr/share/applications/gnome-screens*.desktop
rm -f /usr/share/applications/about-this-computer.desktop
rm -f /usr/share/applications/gnome-about*.desktop
rm -f /usr/share/applications/gnome-dictionary.desktop
rm -f /usr/share/applications/gnome-gcalctool.desktop
rm -f /usr/share/applications/gnome-keybinding.desktop
rm -f /usr/share/applications/bluetooth-properties.desktop
rm -f /usr/share/applications/totem.desktop
rm -f /usr/share/applications/gnome-file-roller.desktop
rm -f /usr/share/applications/gnome-gucharmap.desktop
rm -f /usr/share/applications/gedit.desktop
#rm -f /usr/share/applications/gnome-terminal.desktop
rm -f /usr/share/applications/gnome-baobab.desktop
rm -f /usr/share/applications/gnome-system-monitor.desktop
rm -f /usr/share/applications/palimpsest.desktop
rm -f /usr/share/applications/gnome-nautilus-browser.desktop
rm -f /usr/share/applications/TUV.desktop
rm -f /usr/share/applications/sl-release-notes.desktop
rm -f /usr/share/applications/system-config-users.desktop
rm -f /usr/share/applications/authconfig.desktop
rm -f /usr/share/applications/system-config-firewall.desktop
rm -f /usr/share/applications/system-config-services.desktop
rm -f /usr/share/applications/gnome-network-properties.desktop
rm -f /usr/share/applications/gnome-volume-control.desktop
rm -f /usr/share/applications/gnome-default-application.desktop
rm -f /usr/share/applications/gnome-at-properties.desktop
rm -f /usr/share/applications/gnome-session-properties.desktop

/bin/sed -i 's/Categories=System;Settings;X-Red-Hat-Base;/Categories=Settings;/' /usr/share/applications/system-config-date.desktop

###### TESTING ########
cat > /usr/local/bin/remote_support << EOF_remote_support
#!/bin/bash
# This is a remote support script
# Varoius commands
top
EOF_remote_support

chmod 777 /usr/local/bin/remote_support

#############################

cat > /usr/share/applications/remote-support.desktop << EOF_test
[Desktop Entry]
Name=Remote Support
Comment=Perimeter Support
Exec=/usr/local/bin/remote_support
Icon=utilities-terminal
Type=Application
Categories=System;
StartupNotify=True
EOF_test

chmod 644 /usr/share/applications/remote-support.desktop

#### END  TESTING #####

%end

# Reboot after installation
reboot --eject
PM
^
AndrewSerk
 Posted: Apr 17 2012, 08:11 PM
Quote Post


SLF Moderator
******

Group: Moderators
Posts: 528
Member No.: 54
Joined: 14-April 11









Hi ericl42,
You are learning at a incredible rate and doing a great job especially for your first time working with kickstarts! http://th166.photobucket.com/albums/u117/rdshear/Smiley%20Faces/th_smiley-face-thumbs-up.gif

I went through some of my .ks trying to see if I can figure out why the network script is not working for you and found a few things that may be the issue. I have been appending "ipv6.disable=1" to the kernel line and have "/sbin/chkconfig ip6tables off" in my %post section. I have also been adding "chmod 600 /etc/sysconfig/iptables" in livesys-late. If you are using ipv6 maybe you need to set /etc/sysconfig/ip6tables instead or also?

I remembered how I have put files to the Desktop in the past. ph34r.gif I copy the file from within the %post --nochroot section with something like ( I use the adobe.ks as a example of the file to put on the Desktop):
CODE
%post --nochroot
cp adobe.ks $INSTALL_ROOT/usr/share/adobe.ks

and add another copy in /etc/rc.d/init.d/livesys-late from the %post section to copy it from the $INSTALL_ROOT to the Desktop:
CODE
%post
cat >> /etc/rc.d/init.d/livesys-late << EOF_lateinitscript
cp /usr/share/adobe.ks /home/liveuser/Desktop/adobe.ks
chmod 777 /home/liveuser/Desktop/adobe.ks
EOF_lateinitscript

I will look into how to pass "autostep" on to anaconda for a live install and post my findings.

Hope this helps,



PM
^
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:

Topic OptionsPages: (2) 1 2  Reply to this topicStart new topicStart Poll