### version=OBDP-2022 ###
# mount /dev/sr0 /mnt #
# shopt -s dotglob #
# cp -apvrf /mnt/* /var/www/html/centos7.9/ #
### System authorization information ###
auth --enableshadow --passalgo=sha512
### Install OS instead of upgrade ###
install
### Use URL installation media ###
url --url=http://192.168.111.80/centos7.9
### Use graphical or text install ###
graphical
#text
### Run the Setup Agent on first boot ###
firstboot --disable
### Keyboard layouts ###
keyboard --vckeymap=us --xlayouts='us'
### System language ###
lang en_US.UTF-8
### Root password P@ssw0rd ###
rootpw --iscrypted $6$URJ0Z14XWOxVgQxY$vyg8lhq4UM8xdetf8QWRohstarLQQnc13FZPySwWOZRaCJqBkADfvtCtahE3ou3wDPKqxKsgJRoLFNFIUL7vd.
### ADD User password P@ssw0rd ###
group --name=sysadmin
user --group=sysadmin --name=obdpadmin --iscrypted --password=$6$URJ0Z14XWOxVgQxY$vyg8lhq4UM8xdetf8QWRohstarLQQnc13FZPySwWOZRaCJqBkADfvtCtahE3ou3wDPKqxKsgJRoLFNFIUL7vd. --gecos="Admin ONYX Big Data Platform"
### System timezone ###
timezone Asia/Jakarta --isUtc --ntpservers=192.168.111.11,192.168.111.12,0.id.pool.ntp.org,1.id.pool.ntp.org,2.id.pool.ntp.org,3.id.pool.ntp.org
### System bootloader configuration ###
#bootloader --append=" crashkernel=auto" --location=mbr --boot-drive=sda
#autopart --type=lvm
ignoredisk --only-use=sda,sdb
bootloader --location=mbr
### Clear the Master Boot Record ###
zerombr
### Partition clearing information ###
#clearpart --none --initlabel
clearpart --all
### Disk OS partitioning information ###
part /boot/efi --asprimary --fstype="vfat" --size=200
part /boot --asprimary --fstype="ext4" --size=500
part pv.01 --size=1 --grow --ondisk=sda
volgroup vg_os --pesize=4096 pv.01
logvol / --fstype="ext4" --name=lv_root --vgname=vg_os --size=30720
logvol swap --fstype="swap" --name=lv_swap --vgname=vg_os --size=8192
logvol /usr --fstype="ext4" --name=lv_odp --vgname=vg_os --size=40960
logvol /tmp --fstype="ext4" --name=lv_tmp --vgname=vg_os --size=5120
logvol /var --fstype="ext4" --name=lv_var --vgname=vg_os --size=10240
bootloader --location=mbr --driveorder=sda --append="nomodeset rhgb quiet"
### disk OBDP ###
part pv.02 --size=1 --grow --ondisk=sdb
volgroup vg_obdp --pesize=4096 pv.02
#### Commercial ####
#logvol /obdp --fstype="ext4" --name=lv_obdp --vgname=vg_obdp --size=100900 --fsoptions="noatime"
#### R&D ####
logvol /hadoop --fstype="ext4" --name=lv_obdp --vgname=vg_obdp --size=110000 --fsoptions="noatime"
### Network Client Node #Pls, manual entry your flavor on GUI ###
#network --bootproto=dhcp --device=ens33 --onboot=on
#network --bootproto=static --device=ens33 --onboot=on
#define mac address nya juga di /etc/dhcp/dhcpd.conf#
network --bootproto=static --device=00:0C:29:33:9A:F2 --ip=192.168.111.81 --gateway=192.168.111.2 --netmask=255.255.255.0 --nameserver=192.168.111.10 --noipv6 --activate --onboot=on
network --bootproto=static --device=00:0C:29:B0:74:AB --ip=192.168.111.82 --gateway=192.168.111.2 --netmask=255.255.255.0 --nameserver=192.168.111.10 --noipv6 --activate --onboot=on
network --bootproto=static --device=00:0C:29:58:E8:B8 --ip=192.168.111.83 --gateway=192.168.111.2 --netmask=255.255.255.0 --nameserver=192.168.111.10 --noipv6 --activate --onboot=on
network --bootproto=static --device=00:0C:29:CF:37:CE --ip=192.168.111.84 --gateway=192.168.111.2 --netmask=255.255.255.0 --nameserver=192.168.111.10 --noipv6 --activate --onboot=on
network --bootproto=static --device=00:0C:29:AE:A3:EF --ip=192.168.111.85 --gateway=192.168.111.2 --netmask=255.255.255.0 --nameserver=192.168.111.10 --noipv6 --activate --onboot=on
%pre
iotty=`tty`
exec < $iotty > $iotty 2> $iotty
ip a
echo -n "PLEASE ISI HOSTNAME seuai mac-address KEMUDIAN ENTER : "
read NAME
echo $NAME > /tmp/hostname.tmp
sleep 1
echo "network --hostname=$NAME" >> /tmp/networkhost.txt
%end
#
### Define Packages @^infrastructure-server-environment @^minimal ###
%packages
@base
#kexec-tools
#chrony
#sssd
#realmd
#oddjob
#oddjob-mkhomedir
#samba-common-tools
#krb5-workstation
#openldap-clients
#policycoreutils-python
#adcli
#samba-common
#python-devel
#python-kerberos
#cpp
#libmpc
#mpfr
#gcc
#tcpdump
#java-1.8.0-openjdk-devel
#wget
#sos
#net-tools
#ntp
#sudo
#telnet
#sysstat
#deltarpm
#adobe-mappings-cmap
#adobe-mappings-cmap-deprecated
#adobe-mappings-pdf
#cups-client
#foomatic-filters
#gdbm-devel
#ghostscript
#glibc-devel
#glibc-headers
#kernel-headers
#lcms2
#libXmu
#libXt
#libXxf86misc
#libdb-devel
#libgs
#libmng
#libpaper
#libpng12
#m4
#mailcap
#mesa-libGLU
#nmap-ncat
#openjpeg2
#patch
#perl-B-Lint
#perl-Business-ISBN
#perl-Business-ISBN-Data
#perl-CGI
#perl-CPAN
#perl-Class-ISA
#perl-Compress-Raw-Bzip2
#perl-Compress-Raw-Zlib
#perl-Data-Dumper
#perl-Digest
#perl-Digest-MD5
#perl-Digest-SHA
#perl-Encode-Locale
#perl-Env
#perl-ExtUtils-Install
#perl-ExtUtils-MakeMaker
#perl-ExtUtils-Manifest
#perl-ExtUtils-ParseXS
#perl-FCGI
#perl-File-CheckTree
#perl-File-Listing
#perl-HTML-Parser
#perl-HTML-Tagset
#perl-HTTP-Cookies
#perl-HTTP-Daemon
#perl-HTTP-Date
#perl-HTTP-Message
#perl-HTTP-Negotiate
#perl-IO-Compress
#perl-IO-HTML
#perl-IO-Socket-IP
#perl-IO-Socket-SSL
#perl-LWP-MediaTypes
#perl-Locale-Codes
#perl-Locale-Maketext
#perl-Module-Pluggable
#perl-Mozilla-CA
#perl-Net-HTTP
#perl-Net-LibIDN
#perl-Net-SSLeay
#perl-Pod-Checker
#perl-Pod-LaTeX
#perl-Pod-Parser
#perl-Pod-Plainer
#perl-Sys-Syslog
#perl-Test-Harness
#perl-Test-Simple
#perl-Text-Soundex
#perl-Text-Unidecode
#perl-TimeDate
#perl-URI
#perl-WWW-RobotRules
#perl-XML-LibXML
#perl-XML-NamespaceSupport
#perl-XML-SAX
#perl-XML-SAX-Base
#perl-autodie
#perl-devel
#perl-libwww-perl
#perl-local-lib
#pyparsing
#qt
#qt-settings
#qt-x11
#qt3
#redhat-lsb
#redhat-lsb-core
#redhat-lsb-cxx
#redhat-lsb-desktop
#redhat-lsb-languages
#redhat-lsb-printing
#redhat-lsb-submod-multimedia
#redhat-lsb-submod-security
#spax
#snappy-devel
#systemtap-sdt-devel
#urw-base35-bookman-fonts
#urw-base35-c059-fonts
#urw-base35-d050000l-fonts
#urw-base35-fonts
#urw-base35-fonts-common
#urw-base35-gothic-fonts
#urw-base35-nimbus-mono-ps-fonts
#urw-base35-nimbus-roman-fonts
#urw-base35-nimbus-sans-fonts
#urw-base35-p052-fonts
#urw-base35-standard-symbols-ps-fonts
#urw-base35-z003-fonts
#xorg-x11-server-utils
#perl-YAML-Tiny
%end
### SELinux configuration ###
selinux --disabled
firewall --disabled
### Installation logging level ###
logging --level=info
### Reboot after installation ###
#reboot
poweroff
%post
(
### /etc/chrony.conf (NTP server) ###
cp /etc/chrony.conf /etc/chrony.conf.bak
sed -i 's/server 0.id.pool.ntp.org iburst/#NTP Server/g' /etc/chrony.conf
awk '!/server ..id.pool.ntp.org iburst/' /etc/chrony.conf > temp && mv temp /etc/chrony.conf -f
sed -ie '/#NTP Server/a\server 0.id.pool.ntp.org iburst' /etc/chrony.conf
sed -ie '/#NTP Server/a\server 1.id.pool.ntp.org iburst' /etc/chrony.conf
### resolv.conf ###
cat > /etc/resolv.conf << EOF
nameserver 192.168.111.10
EOF
### start and enable services ###
systemctl enable NetworkManager
systemctl start NetworkManager
systemctl start sshd
systemctl enable sshd
systemctl enable chronyd
systemctl start chronyd
tuned-adm profile throughput-performance
### Turn off the uneeded stuff ###
systemctl stop firewalld
systemctl disable firewalld
### make an entry for all your servers in /etc/hosts a dedicated DNS server will be there for the production environment ###
echo '192.168.111.80 kickstart kickstart.kopi.com' repo.onyx.id repo2.optimasidata.com | sudo tee --append /etc/hosts > /dev/null
echo '192.168.111.81 master01 master01.kopi.com' | sudo tee --append /etc/hosts > /dev/null
echo '192.168.111.82 master02 master02.kopi.com' | sudo tee --append /etc/hosts > /dev/null
echo '192.168.111.83 worker01 worker01.kopi.com' | sudo tee --append /etc/hosts > /dev/null
echo '192.168.111.84 worker02 worker02.kopi.com' | sudo tee --append /etc/hosts > /dev/null
echo '192.168.111.85 worker03 worker03.kopi.com' | sudo tee --append /etc/hosts > /dev/null
echo '192.168.111.10 ad-kopi kopi.com' | sudo tee --append /etc/hosts > /dev/null
### /etc/ssh/sshd_config ###
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
sed -i 's/^#PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
sed -i 's/^#AllowTcpForwarding.*/AllowTcpForwarding no/' /etc/ssh/sshd_config
sed -i 's/^X11Forwarding.*/X11Forwarding no/' /etc/ssh/sshd_config
sed -i 's/^#LogLevel.*/LogLevel VERBOSE/' /etc/ssh/sshd_config
sed -i 's/^.*ClientAliveInterval.*/ClientAliveInterval 600/' /etc/ssh/sshd_config
sed -i 's/^.*ClientAliveCountMax.*/ClientAliveCountMax 0/' /etc/ssh/sshd_config
sed -i 's/^GSSAPIAuthentication.*/GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed -i 's/^#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
### limits.conf ###
echo '* soft nofile 100000' | sudo tee --append /etc/security/limits.conf > /dev/null
echo '* hard nofile 100000' | sudo tee --append /etc/security/limits.conf > /dev/null
echo '* soft nproc 100000' | sudo tee --append /etc/security/limits.conf > /dev/null
echo '* hard nproc 100000' | sudo tee --append /etc/security/limits.conf > /dev/null
### Add some enhancements to sysctl ###
cat >> /etc/sysctl.conf << EOF
### Increase size of file handles and inode cache ###
fs.file-max = 6544018
### Increase number of incoming connections Default 128###
net.core.somaxconn = 1024
### Increase number of incoming connections backlog ###
net.core.netdev_max_backlog = 1024
### setting virtual memory ratio (Do less swapping)###
vm.dirty_ratio = 10
vm.swappiness = 0
### Disable IPv6 ###
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
### Disable select acknowledgments ###
net.ipv4.tcp_sack = 0
### Allows TCP to send “duplicate” SACKs ###
net.ipv4.tcp_dsack = 0
### How often TCP sends out keepalive messages when keepalive is enabled. Default: 2hours ###
net.ipv4.tcp_keepalive_time = 600
### How many keepalive probes TCP sends out, until it decides that the connection is broken. Default value: 9 ###
net.ipv4.tcp_keepalive_probes = 5
### How frequently the probes are send out. Multiplied by tcp_keepalive_probes ###
net.ipv4.tcp_keepalive_intvl = 15
### Time to hold socket in state FIN-WAIT-2,Default value is 60sec ###
net.ipv4.tcp_fin_timeout = 30
### The three values setting the minimum, initial, and maximum size of the Memory Receive/Send Buffer per connection, they define the actual memory usage ###
net.ipv4.tcp_rmem = 8192 33554432 2147483647
net.ipv4.tcp_wmem = 8192 33554432 2147483647
### This value influences the timeout of an alive TCP connection ###
net.ipv4.tcp_retries2 = 10
### Number of times SYNACKs for a passive TCP connection attempt will be retransmitted, Default 5 = 180 sec ###
net.ipv4.tcp_synack_retries = 3
### 2 NIC 2 Gateway ###
net.ipv4.conf.default.rp_filter = 2
net.ipv4.conf.all.rp_filter = 2
EOF
### Disable transparent hugepages ###
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo never > /sys/kernel/mm/transparent_hugepage/defrag
### nsswitch.conf ###
echo 'hosts: files dns' | sudo tee --append /etc/nsswitch.conf > /dev/null
### /etc/sudoers ###
echo '%sysadmin ALL=(ALL) NOPASSWD: ALL' | sudo tee --append /etc/sudoers > /dev/null
echo 'root@kopi.com ALL=(ALL) ALL' | sudo tee --append /etc/sudoers > /dev/null
### issue ###
cat > /etc/issue << EOF
##########################################################################
# WARNING-OBDP-Y2022 #
# #
# This system is for the use of Corporate authorized users only. #
# Individuals using this computer system without authority, or in #
# excess of their authority, are subject to having all of their #
# activities on this system monitored and recorded by system personnel. #
# #
# In the course of monitoring individuals improperly using this system, #
# or in the course of system maintenance, the activities of authorized #
# users may also be monitored. #
# #
# Anyone using this system expressly consents to such monitoring and is #
# advised that if such monitoring reveals possible evidence of criminal #
# activity, system personel may provide the evidence of such monitoring #
# to law enforcement officials. #
##########################################################################
Hostname = \n
IP Addr = \4
EOF
### motd ###
echo 'Welcome to $HOSTNAME Server' > /etc/motd
cat > /etc/motd << EOF
##########################################################################
# WARNING-OBDP-Y2022 #
# #
# This system is for the use of Corporate authorized users only. #
# Individuals using this computer system without authority, or in #
# excess of their authority, are subject to having all of their #
# activities on this system monitored and recorded by system personnel. #
# #
# In the course of monitoring individuals improperly using this system, #
# or in the course of system maintenance, the activities of authorized #
# users may also be monitored. #
# #
# Anyone using this system expressly consents to such monitoring and is #
# advised that if such monitoring reveals possible evidence of criminal #
# activity, system personel may provide the evidence of such monitoring #
# to law enforcement officials. #
##########################################################################
EOF
#### local repo ###
rm -rf /etc/yum.repos.d/CentOS-*
rm -rf /var/cache/yum/x86_64/7/*
yum clean metadata
yum clean all
yum repolist
wget http://192.168.111.80/ks/base-local.repo /etc/yum.repos.d/ -P /etc/yum.repos.d/
wget http://192.168.111.80/ks/pgdg14.repo /etc/yum.repos.d/ -P /etc/yum.repos.d/
wget http://192.168.111.80/ks/ambari-server-2.7.5.0.03-ONYX.x86_64.rpm /etc/yum.repos.d/ -P /root
wget http://192.168.111.80/ks/ambari-agent-2.7.5.0.03-ONYX.x86_64.rpm /etc/yum.repos.d/ -P /root
### Package OBDP Server ###
yum -y install /root/ambari-agent-2.7.5.0.03-ONYX.x86_64.rpm
sed -i 's/^hostname=.*/hostname=master01.kopi.com/' /etc/ambari-agent/conf/ambari-agent.ini
yum update -y
### /etc/onalert/onalert_agent.conf ###
#/bin/wget http://192.168.111.80/onalert/RPM/onalert_agent_unix-7.0_onyx.761-220510.noarch.rpm /etc/yum.repos.d/ -P /root
#yum -y perl-YAML-Tiny
#yum -y install /root/onalert_agent_unix-7.0_onyx.761-220510.noarch.rpm
#cp /etc/onalert/onalert_agent.conf /etc/onalert/onalert_agent.conf.ORI
#sed -i 's/^server_ip.*/server_ip 192.168.111.101/' /etc/onalert/onalert_agent.conf
#systemctl enable onalert_agent_daemon
### # The aforementioned log ###
) > /root/install-obdp.log 2>&1