CentOS 8: Working KS for semi-automatic installation of servers

Attention: There seems to be a bug in CentOS 8 (including 8.1.1911)
preventing automatic loading of ks.cfg from OEMDRV to work (at least it did
not in our tests). You can add inst.ks=hd:sdX1/ks.cfg to he setup command
line as workaround. This is not	an error of this kickstart file.

This commit contains also Smaller updates in README and CentOS 7 kickstart
file

Author: andreashaerter

README.md

@@ -9,12 +9,12 @@ setup of our bare metal VM host machines.
 
 ## Table of Contents
 
-  * [HowTo, Tips and Tricks](#howto-tips-and-trick)
+  * [HowTo, Tips and Tricks](#howto-tips-and-tricks)
     * [Validate Kickstart file, show differences between versions](#validate-kickstart-file-show-differences-between-versions)
-    * [CentOS 7/8: automatically load Kickstart file from OEMDRVstorage device](#centos-78-automatically-load-kickstart-file-from-oemdrvstorage-device)
-    * [CentOS 7/8: Create USB flash drive installation media](#centos-78-create-usb-flash-drive-installation-media)
     * [Debugging Hints](#debugging-hints)
-    * [CentOS 7: Custom USB flash drive including the Kickstart file for installation](#centos-7-custom-usb-flash-drive-including-the-kickstart-file-for-installation)
+    * [Automatically load Kickstart file from OEMDRV storage device](#automatically-load-kickstart-file-from-oemdrv-storage-device)
+    * [Create USB flash drive CentOS installation media](#create-usb-flash-drive-centos-installation-media)
+    * [Custom USB flash drive including a Kickstart file for installation](#custom-usb-flash-drive-including-a-kickstart-file-for-installation)
       * [Preparations](#preparations)
       * [Media creation](#media-creation)
   * [Further reading, useful links and notes](#further-reading-useful-links-and-notes)
@@ -53,8 +53,8 @@ ksvalidator ./foo.ks
 
 ### Debugging Hints
 
-After Anaconda (the graphical installer) started, there are differen TTYs /
-terminals you can switch to (via `Ctrl+Alt+F<Number>` ort `Alt+F<Number>`):
+After Anaconda (the graphical installer) started, there are different TTYs /
+terminals you can switch to (via `Ctrl+Alt+F<Number>` or `Alt+F<Number>`):
 
 * **TTY1:** Main information screen before starting the graphical installer
   (Anaconda). As well as the installation dialog when using `text` or `cmdline`.
@@ -66,16 +66,21 @@ terminals you can switch to (via `Ctrl+Alt+F<Number>` ort `Alt+F<Number>`):
     works.
   * `lsblk -l -p`
 * **TTY3**
-  * The install log displaying messages from install program.
+  * Install log: The install log displaying messages from install program (if any)
 * **TTY4**
-  * The system log displaying messages from kernel, etc.
+  * Strorage log: The system log displaying messages from kernel, etc.
 * **TTY5**
-  * All other messages.
+  * Program log: All other messages.
 * **TTY7**
   * The installation dialog when using the graphical installer.
 
 
-### CentOS 7/8: automatically load Kickstart file from `OEMDRV`storage device
+
+### Automatically load Kickstart file from `OEMDRV` storage device
+
+**Attention / FIXME:** There seems to be a bug in CentOS 8 (including 8.1.1911)
+preventing this automatism to work (at least it did not in our tests). You
+can add `inst.ks=hd:sdX1/ks.cfg` to he setup command line as workaround.
 
 The CentOS setup can load your Kickstart file automatically without having to
 specify the `inst.ks=` boot option. To do so, one name the file `ks.cfg` and
@@ -120,7 +125,7 @@ Now just boot and make sure the additional USB key is present when the installat
 
 
 
-### CentOS 7/8: Create USB flash drive installation media
+### Create USB flash drive CentOS installation media
 
 Just validate your ISO and write it with `dd` to the target device `/dev/sdX`
 (adapt as needed). For sure, all data (if any) on the target will get detroyed.
@@ -135,10 +140,11 @@ $ sudo dd if=./CentOS-8.1.1911-x86_64-dvd1.iso of=/dev/sdX bs=8M status=progress
 ```
 
 
-### CentOS 7: Custom USB flash drive including the Kickstart file for installation
+### Custom USB flash drive including a Kickstart file for installation
 
 Attention: the following method will only work with **Legacy BIOS boot**. The
-USB Flash drive **will not boot with UEFI**.
+USB Flash drive **will not boot with UEFI**. This method propaply **does not
+work with CentOS 8** (or at least needs adaption).
 
 #### Preparations
 
@@ -500,7 +506,7 @@ KS_SNIPPET_PACKAGES="
 
 ${KS_SNIPPET_PACKAGES}
 
-### Additional packages or package groups not dependend on the environment
+### Additional packages or package groups (not depended on the environment)
 @virtualization-hypervisor
 @virtualization-tools
 chrony
@@ -512,7 +518,6 @@ virt-top
 %end
 "
 
-# FIXME
 export KS_SNIPPET_NETWORK
 export KS_SNIPPET_IGNOREDISK
 export KS_SNIPPET_BOOTLOADER
@@ -532,6 +537,6 @@ envsubst "$MYVARS" <./template.ks >/tmp/result.ks
 #### Kickstart via webserver or DHCP
 
 * How to generate and serve kickstart file dynamically and use it with `inst.ks=http://`
-* HTTPS/TLS possible?
+* HTTPS/TLS possible? Cf. [5.3. Making a Kickstart file available on an HTTP or HTTPS server](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_installation/making-kickstart-files-available-to-the-installation-program_installing-rhel-as-an-experienced-user#making-a-kickstart-file-available-on-an-http-or-https-server_making-kickstart-files-available-to-the-installation-program)
 * How does this work in terms of network config from syslinux boot menu? Cf. https://www.redhat.com/archives/kickstart-list/2007-July/msg00035.html
 * Existing projects or create one in golang, basic HTTP server and templating?

centos7-vmhost.ks centos7-interactive.ks

@@ -1,7 +1,14 @@
 #version=RHEL7
 
+################################################################################
+# Kickstart file for semi-automatic installation of server systems (minimal or
+# GUI with GNOME).
+#
+# Purpose: implementing password, encryption and partitioning rules of Foundata
+################################################################################
+
 
-#### Pre-install scripts
+#### Pre script
 #
 # Attention: Kickstart commands do NOT run until *after* the %pre section,
 #            despite the ordering in the kickstart file.
@@ -13,9 +20,8 @@
 # - You cannot change anything on the not-yet-installed system here.
 #   If really needed, "%post --nochroot" might help.
 # - RHEL 7 Installation Guide, 26.3.3. Pre-installation Script, red.ht/2uUrzzU
+%pre --interpreter=/usr/bin/bash --erroronfail --log=/tmp/ks-pre.log
 
-
-%pre
 # Switch to /dev/tty6 (tty = TeleTYpewriter) for text console, redirect all
 # input and output, make /dev/tty6 the foreground terminal and start a shell
 # on it. The graphical interface (and therefore Anaconda) lives on /dev/tty1.
@@ -26,7 +32,7 @@ chvt 6
 # define regular expressions for input validation
 readonly regex_hostname='^[[:lower:]]([[:lower:][:digit:]\-]{0,61}[[:lower:][:digit:]])?$'
 readonly regex_domainname='^[[:lower:][:digit:]][[:lower:][:digit:]\-\.]{1,252}[[:lower:][:digit:]]$' # some domain NICs allow leading numbers and stuff; we cannot be stricter than them if we won't refuse really existing domains
-readonly regex_dmcryptpwd='^[[:alnum:][:punct:]]{20,}$' # ATTENTION: has to stricter or in sync than kickstart cmd "pwpolicy luks".
+readonly regex_dmcryptpwd='^[[:alnum:][:punct:]]{20,}$' # ATTENTION: has to be stricter or in sync than kickstart cmd "pwpolicy luks".
 
 # init misc vars
 data_hostname=''
@@ -323,7 +329,7 @@ then
             then
                 printf '%s\n' 'Error: Empty passwords are not allowed.'
             elif [ -z "${pwdscore}" ] ||
-                 [ "${pwdscore}" -lt 50 ] # ATTENTION: has to stricter or in sync than kickstart cmd "pwpolicy luks"
+                 [ "${pwdscore}" -lt 50 ] # ATTENTION: has to be stricter or in sync than kickstart cmd "pwpolicy luks"
             then
                 printf '%s\n' "Error: Password is too weak (cf. \"Password rules\" above). pwscore result: ${pwdscore}"
             elif ! printf '%s' "${data_dmcrypt_pwdplain}" | grep -E -q -e "${regex_dmcryptpwd}"
@@ -351,7 +357,7 @@ then
         done
         unset pwdconfirm
     else
-        printf 'Ok, system will be unencrypted.\n'
+        printf 'Ok, system will NOT be encrypted.\n'
     fi
     printf '\n\n'
 fi
@@ -397,8 +403,7 @@ fi
 # logvol.ks
 if [ "$(printf '%d' $(cat '/proc/partitions' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' | grep -E -e "${data_drive}\$" | tr -s '[:space:]' ' ' | cut -d ' ' -f 3))" -gt 86769664 ] # all linux blocks are currently 1024 bytes (cf. manpage vmstat(8))
 then
-    # OS on different filesystem, more flexible, reduced risk of filled up root FS
-    # 35840 + (5 x 10240) + 5120 + 2048 + 768 (boot) = 84736 MiB * 1024 = 86769664 bytes
+    # using seperate partitions to reduced risk of filled up root filesystem.
     printf '%s\n' "$(cat <<-'DELIM'
 	logvol /         --vgname=vg01 --name=os_root     --fstype="xfs"  --size=10240
 	logvol /home     --vgname=vg01 --name=os_home     --fstype="xfs"  --size=2048
@@ -445,12 +450,6 @@ chrony
 kexec-tools
 rng-tools
 
-### VM host (base)
-@virtualization-hypervisor
-@virtualization-tools
-virt-install
-virt-top
-libguestfs-tools
 DELIM
 )" >> /tmp/packages.ks
 if [ -n "${data_hostwithgui}" ] &&
@@ -463,8 +462,6 @@ then
 	@fonts
 	@input-methods
 	@internet-browser
-	virt-manager
-	virt-viewer
 	-cheese
 	-empathy
 	-totem
@@ -529,9 +526,6 @@ exec < /dev/tty1 > /dev/tty1 2> /dev/tty1
 
 
 
-
-
-
 ###### Setup / Anaconda
 
 # use graphical install
@@ -561,8 +555,6 @@ firstboot --enable
 
 ###### Internationalization (I18N), Localization (L10N)
 
-
-
 # Keyboard layouts
 #
 # Hints and notes:
@@ -579,16 +571,17 @@ keyboard 'us'
 #
 # Hints and notes:
 # - Get list of supported timezones: timedatectl list-timezones
-# - --utc = System assumes the hardware clock is set to UTC time.
-#   FIXME doc states --utc, files created by Anaconda are using --isUtc;
-#         Which one is correct? cf. https://bugs.centos.org/view.php?id=3631
-#
-#  [commented out, let user decide by using the UI Anaconda provides]:  timezone Europe/Berlin --isUtc
-#   NOTE: "timezone" is also commented out for another reason. A lack ot it
-#         prevents Anaconda from starting the installation automatically. This
-#         enables the user to use the UI to adapt misc settings before the
-#         installation happens. Might be useful from time to time, especially
-#         regarding network settings.
+# - --isUtc = System assumes the hardware clock is set to UTC time.
+#   Please note: doc states --utc but files created by Anaconda on CentOS 7 are
+#   using --isUtc; See also:
+#   https://bugs.centos.org/view.php?id=3631
+#   https://bugzilla.redhat.com/show_bug.cgi?id=1206226
+# - "timezone" is a required kickstart command for a complete automated install.
+#   A lack ot it prevents Anaconda from starting the installation automatically.
+#   This can be used to enable the user to use the UI to adapt misc settings
+#   before the installation happens. Might be useful from time to time,
+#   especially regarding network settings.
+#  [commented out, let user decide by using the UI Anaconda provides]: timezone Europe/Berlin --isUtc
 
 
 
@@ -600,9 +593,10 @@ auth --enableshadow --passalgo=sha512
 
 
 ###### Users and groups
-
-# Snippet to create SHA512 crypt compatible user password hashes:
-# python -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())'
+#
+# Hints and notes:
+# - Snippet to create SHA512 crypt compatible user password hashes:
+#   python -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())'
 
 
 # user: root
@@ -688,41 +682,40 @@ volgroup vg01 pv.01
 %include /tmp/logvol.ks
 
 
+
 ###### Services (modifies systemd target "default")
 
 services --enabled="chronyd"
 
 
+
 ###### GUI: (no) X Window System
+
 %include /tmp/gui.ks
 
 
 ###### Packages
-#
 # Notes:
 # - You can specify packages by environment, group, or by their package names.
 # - Get details of the available packages groups:
 #   yum grouplist ids hidden
 #   yum groupinfo <id>
-#     or
-#   dnf -v grouplist
-#   dnf grouplist hidden
-#   dnf groupinfo <id>
 # - See "RHEL 7 Installation Guide, 26.3.2. Package Selection" (cf.
-#   red.ht/1ECqgSK) for more documentation
+#   red.ht/1ECqgSK) for more information
 # - Syntax hints:
 #     @^environment
 #     @group
 #     simple-package
 #   Put a "-" in front for removal
+
 %include /tmp/packages.ks
 
 
 
 #### Kdump
-# Disabled on this machine (as we do not have support for CentOS nor usually
-# need this on a default system for debugging) - one might configure it later
-# in /etc/kdump.conf if needed.
+# Disabled on this machine (as we do not have vendor support for CentOS nor
+# usually need this on a default system for debugging) - one might configure it
+# later in /etc/kdump.conf if needed.
 %addon com_redhat_kdump com_redhat_kdump --disable
 
 %end
@@ -750,22 +743,22 @@ pwpolicy user --minlen=10 --minquality=50 --strict --nochanges --notempty
 
 # password policy for dm-crypt/LUKS
 # ATTENTION: One has to keep the %pre script stricter or in sync with the
-#            following kickstart cmd (cf. regex_dmcryptpwd variable and pwscore
-#            value when asking the user for a password).
+#            following kickstart command (cf. regex_dmcryptpwd variable and
+#            pwscore value when asking the user for a password).
 pwpolicy luks --minlen=20 --minquality=50 --strict --nochanges --notempty
 
 %end
 
 
 
 #### Post-install scripts
-#
 # Notes:
 # - For exchanging data between %pre and %post: cf. comments above %pre.
 # - If really needed, "%post --nochroot" can be used to change things on the
 #   freshly installed system.
 # - RHEL 7 Installation Guide, 26.3.5. Post-installation Script, red.ht/1Q08cug
+#%post --interpreter=/usr/bin/bash --log=/root/ks-post.log
 
-# %post
-#   Nothing right now
-# %end
+# Nothing right now
+
+#%end