[Fedora-spins] [spin-kickstarts] add ec2 kickstart
Dennis Gilmore
ausil at fedoraproject.org
Sat Feb 26 02:06:58 UTC 2011
commit 513737f702097eeda95158cbf38517b65f1ec79b
Author: Dennis Gilmore <dennis at ausil.us>
Date: Fri Feb 25 20:06:35 2011 -0600
add ec2 kickstart
Fedora-15-ec2.ks | 113 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 113 insertions(+), 0 deletions(-)
---
diff --git a/Fedora-15-ec2.ks b/Fedora-15-ec2.ks
new file mode 100644
index 0000000..729e39b
--- /dev/null
+++ b/Fedora-15-ec2.ks
@@ -0,0 +1,113 @@
+# Build a basic Fedora 14 AMI
+lang en_US.UTF-8
+keyboard us
+timezone US/Eastern
+auth --useshadow --enablemd5
+selinux --disabled
+firewall --disabled
+bootloader --timeout=1
+network --bootproto=dhcp --device=eth0 --onboot=on
+services --enabled=network,ssh
+
+# By default the root password is emptied
+
+#
+# Define how large you want your rootfs to be
+# NOTE: S3-backed AMIs have a limit of 10G
+#
+part / --size 10000 --fstype ext3 --ondisk sda
+
+#
+# Repositories
+repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-15&arch=$basearch
+
+#
+#
+# Add all the packages after the base packages
+#
+%packages --excludedocs --nobase --instLangs=en
+ at core
+system-config-securitylevel-tui
+audit
+pciutils
+bash
+coreutils
+kernel
+grub
+e2fsprogs
+passwd
+policycoreutils
+chkconfig
+rootfiles
+yum
+vim-minimal
+acpid
+openssh-clients
+openssh-server
+curl
+sudo
+
+#Allow for dhcp access
+dhclient
+iputils
+
+%end
+
+# more ec2-ify
+%post --erroronfail
+
+# disable root password based login
+cat >> /etc/ssh/sshd_config << EOF
+PermitRootLogin no
+PasswordAuthentication no
+UseDNS no
+EOF
+
+# create ec2-user
+/usr/sbin/useradd ec2-user
+/bin/echo -e 'ec2-user\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
+
+# set up ssh key fetching
+cat >> /etc/rc.local << EOF
+if [ ! -d /home/ec2-user/.ssh ]; then
+ mkdir -p /home/ec2-user/.ssh
+ chmod 700 /home/ec2-user/.ssh
+fi
+
+# Fetch public key using HTTP
+while [ ! -f /home/ec2-user/.ssh/authorized_keys ]; do
+ curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/aws-key 2>/dev/null
+ if [ \$? -eq 0 ]; then
+ cat /tmp/aws-key >> /home/ec2-user/.ssh/authorized_keys
+ chmod 0600 /home/ec2-user/.ssh/authorized_keys
+ restorecon /home/ec2-user/.ssh/authorized_keys
+ rm -f /tmp/aws-key
+ echo "Successfully retrieved AWS public key from instance metadata"
+ else
+ FAILED=\$((\$FAILED + 1))
+ if [ \$FAILED -ge \$ATTEMPTS ]; then
+ echo "Failed to retrieve AWS public key after \$FAILED attempts, quitting"
+ break
+ fi
+ echo "Could not retrieve AWS public key (attempt #\$FAILED/\$ATTEMPTS), retrying in 5 seconds..."
+ sleep 5
+ fi
+done
+
+# make sure firstboot doesn't start
+echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
+
+if [ ! -d /lib64 ] ; then
+
+cat <<EOL >> /etc/fstab
+/dev/xvda3 swap swap defaults 0 0
+EOL
+
+# workaround xen performance issue (bz 651861)
+echo "hwcap 1 nosegneg" > /etc/ld.so.conf.d/libc6-xen.conf
+
+fi
+
+
+%end
+
More information about the spins
mailing list