# install from http
install
url --url http://mirror.msulocal/mirror/scientific/6.3/x86_64/os


# remove everything from install disk
# note that by limiting this (--initlabel) to just the install drive,
#   unlabeled disks will no be labeled.  anaconda will make a popup
#   asking to approve labels (gpt, atleast for large parts)
clearpart --initlabel --all --drives=/dev/disk/by-path/pci-0000:02:08.0-sas-0x1221000000000000-lun-0

# partitions
partition /boot --fstype=ext4 --size=200 --ondisk=/dev/disk/by-path/pci-0000:02:08.0-sas-0x1221000000000000-lun-0
partition pv.01 --grow --size=1 --ondisk=/dev/disk/by-path/pci-0000:02:08.0-sas-0x1221000000000000-lun-0

# volume group
volgroup vg_sys pv.01 --pesize=4096

# logical volumes
logvol /    --fstype=ext4 --name=lv_root --vgname=vg_sys --size=15360
logvol /tmp --fstype=ext4 --name=lv_tmp  --vgname=vg_sys --size=10240
logvol /var --fstype=ext4 --name=lv_var  --vgname=vg_sys --size=10240
logvol /var/cache/openafs --fstype=ext4 --name=lv_afscache --vgname=vg_sys --size=4096
logvol swap --name=lv_swap --vgname=vg_sys --size=4096

network --device eth0 --onboot yes --bootproto static --noipv6 --ip 10.10.128.93 --netmask 255.255.240.0 --gateway 10.10.128.1 --nameserver 10.10.128.8,10.10.128.9 --hostname msut3-xrootd-p1.aglt2.org

network --device p2p1 --onboot yes --bootproto static --noipv6 --ip 192.41.236.93 --netmask 255.255.254.0 --gateway 192.41.236.1 --hostname msut3-xrootd-p1.aglt2.org


lang en_US.UTF-8
keyboard us

# SHA512
rootpw --iscrypted $6$GoGreen!!$8tySC5W8uSuDsOi3AMNDqz6al9gOFuYJd13Uw3jUgYHKhYYy/KWTsrVkLQukfy.3kaCp5Rvdosj9gDiYsgccl/

#firewall --service=ssh
firewall --trust=eth0
authconfig --enableshadow --passalgo=sha512
timezone --utc America/Detroit
bootloader --location=mbr --append="crashkernel=auto"
selinux --disabled
skipx
text

# local repo for use during packages section
#repo --name="AGLT2 Repo 6/x86_64" --baseurl=http://mirror.msulocal/mirror/aglt2/6/x86_64

# services to disable or enable.  make sure to have no spaces in lists
services --disable NetworkManager,auditd,cups,smartd,avahi-daemon --enable ntpd

# nonpriv user setup just for install time, root account is also available...
# also need to boot with option "sshd=1"
#sshpw --username=installer INST5577 --plaintext

# reboot when done
reboot


%packages
@base
@client-mgmt-tools
@console-internet
@core
@directory-client
@hardware-monitoring
@large-systems
@misc-sl
@performance
@perl-runtime
xorg-x11-xauth
openafs-client
openafs-compat
openafs-krb5
openafs-authlibs
-NetworkManager


%pre
#!/bin/sh
mkdir /tmp/anaconda-pre
ls -l /dev/disk/by-path > /tmp/anaconda-pre/disks-by-path-pre.out
%end

%pre

# tests to verify that correct disk is used for install
# if tests fail, want to stop installer

# ! this is pretty flakey.  Maybe should skip if the install disk is uniquely
# ! specified by path

# Max allowed disk size in GB
MAXSIZE=999

# a place to put a log
LOGDIR="/tmp/anaconda-pre"
LOGFILE="$LOGDIR/pre-check-install-disk-maxsize.out"
mkdir $LOGDIR

# get the size. ask parted for size in GB, grep for 1 or more digits in result

# parted print fails if disk has no label, so OK for reinstalls, but a 
# problem for fresh systems or new vdisks
#SIZE=`parted /dev/disk/by-path/pci-0000:02:08.0-sas-0x1221000000000000-lun-0 unit gb print | awk '/^Disk.*GB/ {print $3}' | sed 's/GB//' | grep '^[0-9][0-9]*$'`

# fdisk works?
SIZE=`fdisk -l /dev/disk/by-path/pci-0000:02:08.0-sas-0x1221000000000000-lun-0 | head -2 | awk '/Disk/ {print int($3)}' | grep '^[0-9][0-9]*$'`

SIZEEXIT=$?

if [ "$SIZEEXIT" -ne "0" ]; then
  echo "failed to get disk size" >> $LOGFILE

  # send output to console
  chvt 3
  exec < /dev/tty3 > /dev/tty3
  echo "failed to get disk size, pausing installer, please correct and retry."

  # want to stop install, this "cat" should just wait forever...
  cat

fi

if [ "$SIZE" -gt "$MAXSIZE" ]; then
  echo "disk size $SIZE greater than $MAXSIZE stop installer" >> $LOGFILE

  # send output to console
  chvt 3
  exec < /dev/tty3 > /dev/tty3
  echo "disk size $SIZE GB greater than $MAXSIZE, pausing installer, please correct and retry."

  # want to stop install, this "cat" should just wait forever...
  cat

  # this should kill the installer (tested interactively), leaves at
  #  "enter Ctrl-C or Ctrl-Alt-Delete prompt"
  # killall anaconda
fi

echo "disk size $SIZE is OK" >> $LOGFILE

%end



%post --nochroot
cp -r /tmp/anaconda-pre /mnt/sysimage/root
%end

%post
(

# post-sshd-config-ten-ten.tmpl

# minimal sshd config allowing ssh_keys access on 10.10. network
# expect sshd to be reconfigured by CFEngine

# SSHD Config, defaults have been stripped out
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.install.orig
cat > /etc/ssh/sshd_config << 'ENDSSHCONFIG'
SyslogFacility AUTHPRIV
PasswordAuthentication no
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
X11Forwarding yes
PermitRootLogin without-password
Subsystem sftp /usr/libexec/openssh/sftp-server
ListenAddress 10.10.128.93
ENDSSHCONFIG

) 2>&1 | tee /root/post-sshd-config-ten-ten.log
%end

%post

echo "post-ssh-key-rockwell running `date`"

# need to have authorized_keys file
# note that this leaves file broken for selinux

mkdir /root/.ssh
chmod 700 /root/.ssh
touch /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys

cat >> /root/.ssh/authorized_keys << ENDSSHKEY
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApn2AFiC3Oi30VaeZ7o8h\
I6fV7oWpUp9Hq8sWABHRftohXufJ+KdjlH1Xv+iwfXlk8iiM8SRtuJol\
RtaOyMEuwMZKz8+AzS0VXceBUd/EAcUCAKHsLO4VRwJpUfMNan6jj1OD\
V4hx5zL9ZecR/C2VpOoYSusFQ1emBdvOO4lE2TAM1gicrjMgHWfo5fu6\
PsFb/ShXu4N52mzTO0LYa0pDUePsZfucEo2M0rDywtAOxENQ/bZ9E7Tc\
jp2Hzuh5rE145TeN/J2wh3Bw09d+FernumAtwayD3VRoLZudlU9Z/+h+\
6dgZ6Y9XHumjvUIvU8JTFDay5eqtPM5ueIUI7xO/hw== Tom Rockwell
ENDSSHKEY

%end
%post

# kill grub splashimage and hidden menu grub options
sed -i '/^hiddenmenu/d' /boot/grub/grub.conf
sed -i '/^splashimage/d' /boot/grub/grub.conf

# kill the graphical and quiet kernel options
sed -i 's/ rhgb//' /boot/grub/grub.conf
sed -i 's/ quiet//' /boot/grub/grub.conf

# add time boot parameter for timestamp in dmesg
# match "kernel /vmlinuz" and append to the line
sed -i 's/\(.*kernel .vmlinuz.*\)/\1 printk.time=1/' /boot/grub/grub.conf

%end

%post

# Overwrite sl.repo so local repo mirror is used

rm /etc/yum.repos.d/sl-other.repo

# fill file using here-doc with parameter sub turned off
cat > /etc/yum.repos.d/sl.repo << 'ENDSLREPO'
# Written by kickstart.  Use local mirrors.

[sl]
name=Scientific Linux $releasever - $basearch
baseurl=http://mirror.msulocal/mirror/scientific/$releasever/$basearch/os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl6 file:///etc/pki/rpm-gpg/RPM-GPG-KEY-cern

[sl-security]
name=Scientific Linux $releasever - $basearch - security updates
baseurl=http://mirror.msulocal/mirror/scientific/$releasever/$basearch/updates/security
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl6 file:///etc/pki/rpm-gpg/RPM-GPG-KEY-cern
ENDSLREPO

chmod 644 /etc/yum.repos.d/sl.repo

# add the AGLT2 repo
cat > /etc/yum.repos.d/aglt2.repo << 'ENDAGLT2REPO'
[aglt2]
name=AGLT2 $releasever - $basearch
baseurl=http://mirror.msulocal/mirror/aglt2/$releasever/$basearch
enabled=1
gpgcheck=0

[aglt2-testing]
name=AGLT2 Testing $releasever - $basearch
baseurl=http://mirror.msulocal/mirror/aglt2/testing/$releasever/$basearch
enabled=0
gpgcheck=0
ENDAGLT2REPO

chmod 644 /etc/yum.repos.d/aglt2.repo

%end

%post

echo 'atlas.umich.edu' > /usr/vice/etc/ThisCell

sed -i s/^CACHESIZE=.*/CACHESIZE=1900000/ /etc/sysconfig/afs

chkconfig afs on

%pre


%post

# add static routes using /etc/sysconfig/network-scripts/devname.route files

echo "ADDRESS0=10.10.0.0" >> /etc/sysconfig/network-scripts/eth0.route
echo "NETMASK0=255.255.240.0" >> /etc/sysconfig/network-scripts/eth0.route
echo "GATEWAY0=10.10.128.1" >> /etc/sysconfig/network-scripts/eth0.route

%end

%post

# create the repo file pointing to local mirror of OMSA

cat > /etc/yum.repos.d/dell-omsa.repo <<ENDREPOFILE
[dell-omsa-indep]
name=Dell OMSA repository - Hardware independent
baseurl=http://mirror.msulocal/mirror/dell/hardware/OMSA_7.1/platform_independent/rh60_64
type=rpm-md
gpgcheck=1
gpgkey=http://mirror.msulocal/mirror/dell/hardware/OMSA_7.1/RPM-GPG-KEY-dell
       http://mirror.msulocal/mirror/dell/hardware/OMSA_7.1/RPM-GPG-KEY-libsmbios
enabled=1
failover=priority

[dell-omsa-specific]
name=Dell OMSA repository - Hardware specific
type=rpm-md
baseurl=http://mirror.msulocal/mirror/dell/hardware/OMSA_7.1/pe1950/rh60_64
gpgcheck=1
gpgkey=http://mirror.msulocal/mirror/dell/hardware/OMSA_7.1/RPM-GPG-KEY-dell
       http://mirror.msulocal/mirror/dell/hardware/OMSA_7.1/RPM-GPG-KEY-libsmbios
enabled=1
failover=priority
ENDREPOFILE

%end


%post
# paren for redirect of ouput to logfile...
(

echo "post script running `date`"

# don't have solution for using UL kernel with SL openafs packges in SL6
#yum -y update kernel
#wget -O /tmp/kmod-openafs.rpm http://mirror.msulocal/mirror/aglt2/6/x86_64/kmod-openafs-1.6.1-1.3.2.13_UL1.el6.x86_64.rpm
#rpm -i /tmp/kmod-openafs.rpm

yum -y install srvadmin-omacore srvadmin-storage

# try to set time
ntpdate 10.10.128.8

# CFEngine Keys?

# Salt Keys?

# Change pxe boot action to localboot
wget  --no-check-certificate -O - -o /dev/null https://10.10.128.11/install/sbin/public/setPxeboot.cgi

# paren for redirect of ouput to logfile...
) 2>&1 | tee /root/anaconda_post-ssh-keys.log
%end

%post
# for debugging
#sleep 3456
sleep 7
%end