Option Z. Rpm2cpio package| cpio -idv Make changes to config file Repackage the RPM, Etc. Etc.
Matthew Conley 912-398-6704 On Jun 2, 2017 7:50 AM, <kickstart-list-requ...@redhat.com> wrote: > Send Kickstart-list mailing list submissions to > kickstart-list@redhat.com > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.redhat.com/mailman/listinfo/kickstart-list > or, via email, send a message with subject or body 'help' to > kickstart-list-requ...@redhat.com > > You can reach the person managing the list at > kickstart-list-ow...@redhat.com > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Kickstart-list digest..." > > Today's Topics: > > 1. Re: Kickstart-list Digest, Vol 149, Issue 1 (Matthew) > 2. Re: Addon Order (Kyle Powell) > 3. Re: Addon Order (bishop) > 4. Re: Addon Order (Alex Martin) > > > ---------- Forwarded message ---------- > From: Matthew <simon...@gmail.com> > To: kickstart-list@redhat.com > Cc: > Bcc: > Date: Thu, 1 Jun 2017 12:15:15 -0400 > Subject: Re: Kickstart-list Digest, Vol 149, Issue 1 > Would either creating an etc/hosts file with the proper settings or a > proxy config work? > > Matthew Conley > 912-398-6704 <(912)%20398-6704> > > On Jun 1, 2017 12:00 PM, <kickstart-list-requ...@redhat.com> wrote: > >> Send Kickstart-list mailing list submissions to >> kickstart-list@redhat.com >> >> To subscribe or unsubscribe via the World Wide Web, visit >> https://www.redhat.com/mailman/listinfo/kickstart-list >> or, via email, send a message with subject or body 'help' to >> kickstart-list-requ...@redhat.com >> >> You can reach the person managing the list at >> kickstart-list-ow...@redhat.com >> >> When replying, please edit your Subject line so it is more specific >> than "Re: Contents of Kickstart-list digest..." >> >> Today's Topics: >> >> 1. Addon Order (Alex Martin) >> >> >> ---------- Forwarded message ---------- >> From: Alex Martin <alexmartin...@gmail.com> >> To: kickstart-list@redhat.com >> Cc: >> Bcc: >> Date: Thu, 1 Jun 2017 12:29:49 +0100 >> Subject: Addon Order >> Hello, >> >> I have a bit of an odd use-case. Part of our environment is isolated off >> from the internet, so to get around this, I have mirrored the CentOS and >> Epel repos locally and running the installer against those. >> >> The environment is isolated off due to PCI compliance, so I'm trying to >> configure kickstart to select this profile at install. >> >> %addon org_fedora_oscap >> content-type = scap-security-guide >> profile = pci-dss >> %end >> >> The problem is, once the centos-release package is installed, it replaces >> or updates the /etc/yum.repos.d/CentOS-Base.repo files back to their >> defaults. >> >> This causes the installer to hang trying to download required scap files >> for that profile from the internet. >> >> I have attempted to create an addon which runs just after the packages >> install, but before the org_fedora_oscap addon, this new addon updates the >> repo URLs back to the mirrored location. >> /mnt/sysimage/etc/yum.repos.d/CentOS-Base.repo. >> >> However, despite the addon running fine, it seems to run AFTER the >> org_fedora_oscap addon. >> >> So basically, am I going around this the wrong way, or is there some >> logic behind which addons are executed in which order? >> >> The relevant part of the kickstart file looks roughly like this: >> >> %packages >> @^minimal >> @core >> chrony >> kexec-tools >> #Additional >> <list of more packages> >> >> %end >> >> %addon org_update_repo >> %end >> >> >> %addon org_fedora_oscap >> content-type = scap-security-guide >> profile = pci-dss >> %end >> >> I can post the full sanitised file if requested. >> >> My next option is to update the org_fedora_oscap addon to replace the >> paths, but I think I might be going around this all the wrong way. >> >> Would really appreciate any advice! >> Cheers. >> Alex >> >> >> >> _______________________________________________ >> Kickstart-list mailing list >> Kickstart-list@redhat.com >> https://www.redhat.com/mailman/listinfo/kickstart-list >> > > > ---------- Forwarded message ---------- > From: Kyle Powell <kpow...@redhat.com> > To: Discussion list about Kickstart <kickstart-list@redhat.com> > Cc: > Bcc: > Date: Thu, 1 Jun 2017 15:51:59 -0400 > Subject: Re: Addon Order > On Thu, Jun 1, 2017 at 7:29 AM, Alex Martin <alexmartin...@gmail.com> > wrote: > >> The problem is, once the centos-release package is installed, it replaces >> or updates the /etc/yum.repos.d/CentOS-Base.repo files back to their >> defaults. >> >> This causes the installer to hang trying to download required scap files >> for that profile from the internet. >> > > If this is your problem, would using alternate yum repos for installation > instead of trying to redefine the base repos in CentOS-Base.repo correct > the issue? Something like: > > repo --name=CentOS-Local --baseurl=/whatever/is/in/ > modified/CentOS-Base.repo > > in your kickstart cfg (I'd put it before %packages) would define an > alternate repo to use for installation and prevent the installation of the > centos-release package from breaking the installation. > > -- > Kyle Powell | Red Hat | Senior Consultant, RHCA > > > ---------- Forwarded message ---------- > From: bishop <bis...@platypus.bc.ca> > To: Discussion list about Kickstart <kickstart-list@redhat.com> > Cc: > Bcc: > Date: Thu, 1 Jun 2017 18:48:34 -0400 > Subject: Re: Addon Order > > Alex, > > /etc/yum.repos.d/CentOS-Base.repo isn't replaced or updated: it's a > config file, and appears to be config(noreplace). If you >it then your > troubles with that one should be over. > > I had to wait until I could check, but I was sure of it. And my own > cobbler-installed systems have relied on this since at least centos4, > despite many, many updates of the centos-release. > > (I use a modified %yum_repos macro in the kickstart to write a cron job > that creates a new repo file, so the repos in my profiles always launder > out into the subscribed hosts. Works well) > > If you *delete* that repo file, though, yes, of course, it's going to be > restored with a new copy. Maybe don't do that. > > - bish > > > > On Thu, Jun 1, 2017 at 7:29 AM, Alex Martin <alexmartin...@gmail.com > > <mailto:alexmartin...@gmail.com>> wrote: > > > > The problem is, once the centos-release package is installed, it > > replaces or updates the /etc/yum.repos.d/CentOS-Base.repo files back > > to their defaults. > > > > This causes the installer to hang trying to download required scap > > files for that profile from the internet. > > > > > > > ---------- Forwarded message ---------- > From: Alex Martin <alexmartin...@gmail.com> > To: Discussion list about Kickstart <kickstart-list@redhat.com> > Cc: > Bcc: > Date: Fri, 2 Jun 2017 12:50:06 +0100 > Subject: Re: Addon Order > The org_fedora_oscap addon which does the remediation bits runs in the > /mnt/sysimage chroot environment and accesses the files in /etc/yum.repos.d > (looking at strace) > Because of this, I don't think it respects the repo or proxy lines in the > kickstart file, hence my attempt to edit the repo files directly before the > addon executing. > > Just to check, the %pre section of the kickstart runs before the disk is > partitioned, is the correct? > And the %post sections run after the packages have been installed? > > So is there anyway to get files onto the target system before the packages > are installed? > > Thanks > Alex > > > > On 1 June 2017 at 23:48, bishop <bis...@platypus.bc.ca> wrote: > >> >> Alex, >> >> /etc/yum.repos.d/CentOS-Base.repo isn't replaced or updated: it's a >> config file, and appears to be config(noreplace). If you >it then your >> troubles with that one should be over. >> >> I had to wait until I could check, but I was sure of it. And my own >> cobbler-installed systems have relied on this since at least centos4, >> despite many, many updates of the centos-release. >> >> (I use a modified %yum_repos macro in the kickstart to write a cron job >> that creates a new repo file, so the repos in my profiles always launder >> out into the subscribed hosts. Works well) >> >> If you *delete* that repo file, though, yes, of course, it's going to be >> restored with a new copy. Maybe don't do that. >> >> - bish >> >> >> > On Thu, Jun 1, 2017 at 7:29 AM, Alex Martin <alexmartin...@gmail.com >> > <mailto:alexmartin...@gmail.com>> wrote: >> > >> > The problem is, once the centos-release package is installed, it >> > replaces or updates the /etc/yum.repos.d/CentOS-Base.repo files >> back >> > to their defaults. >> > >> > This causes the installer to hang trying to download required scap >> > files for that profile from the internet. >> > >> >> _______________________________________________ >> Kickstart-list mailing list >> Kickstart-list@redhat.com >> https://www.redhat.com/mailman/listinfo/kickstart-list >> > > > _______________________________________________ > Kickstart-list mailing list > Kickstart-list@redhat.com > https://www.redhat.com/mailman/listinfo/kickstart-list >
_______________________________________________ Kickstart-list mailing list Kickstart-list@redhat.com https://www.redhat.com/mailman/listinfo/kickstart-list