Contains the scripts to build a disk image that deploys a SENPAI node based on AlmaLinux 8.5
The scripts have been tested on Alma Linux 8.5.
-
The image created is in ISO format. It is bootable on both BIOS and UEFI systems.
-
Once inserted in the device, powering the latter on will lead to a 100% interaction-less installation of a SENPAI worker node.
-
The image uses the
scap-security-guideto harden the system to ANSSI-BP-028-HIGH compliance. -
The user, at boot time, has the option to interrupt the installation to instead install a SENPAI manager node.
-
The default root password is
root. The default admin password isadmin. Those are the two user accounts on the machine. -
When they log in for the first time, their password must be changed (enforced by password expiration in post-install)
It would be best to read the script, but to sum it up:
-
The Alma ISO is extracted
-
The GRUB config is overwritten with one that passes as an initrd argument the path to the kickstart file
-
The kickstart files are copied to the root of the image
-
Additional repositories, with extra packages (like SENPAI and OpenSCAP) are copied to the rootof the image as well
-
The ISO is repackaged, and made bootable.
-
When inserted, GRUB will start the installation with the bundled kickstart.
-
The bundled kickstart will install packages from the bundled repositories.
-
In the kickstart post-install sequence, OpenSCAP is called to harden the system.
-
That's all folks !
The build process requires createrepo, curl, xorriso and syslinux from EPEL:
# dnf install epel-release && dnf update
# dnf install xorriso syslinux createrepo curl
Clone the repo and cd into it:
# git clone https://github.com/SENPAI-Molecular-Dynamics/iso-builder && cd iso-builder
Add execute permissions to the script:
# chmod +x build.sh
Call the script from a terminal:
# ./build.sh