v16, i02: isting 2 xen-build-script.sh

Article	Listing 1	Listing 2	Listing 3	Listing 4
Listing 5	feb2007.tar
Listing 2 xen-build-script.sh

reboot
install
text
url --url http://192.168.42.18/fc5/core/
lang en_GB
keyboard uk
rootpw --iscrypted $1$xxxxxxxxxxxxxxxxxxxx
firewall --enabled --port=22:tcp
authconfig --enableshadow --enablemd5
selinux --enforcing
timezone Europe/London
bootloader --location=mbr --driveorder=xvda --append="quiet"
zerombr yes

auth  --useshadow  --enablemd5 --enableldap --enableldapauth --ldapserver \
  192.168.42.19 --ldapbasedn dc=morpheux,dc=org --enablekrb5 --krb5realm \
  MORPHEUX.ORG --krb5kdc 192.168.42.19 --krb5adminserver 192.168.42.19

network --bootproto=static --ip=192.168.42.19 --netmask=255.255.255.0 \
  --gateway=192.168.42.1 --nameserver=192.168.42.19 --hostname=krb5.example.com

skipx
clearpart --all

part / --fstype ext3 --size=1 --grow --ondisk=xvda --asprimary
part swap --size=1024 --ondisk=xvdb --asprimary

%packages
@admin-tools
@base
@base-x
@core
@editors
@text-internet
comps-extras
cracklib-dicts
rmt
tzdata
screen
openssl
openldap-servers
emacs
krb5-server
bind

%post

echo "preyum ">/dev/tty1
mv /etc/yum.repos.d{,-orig}

mv /etc/rc3.d/S27ldap /etc/rc3.d/S12ldap

echo "192.168.42.18   joe.example.com joe" >> /etc/hosts

cat >>/etc/yum.conf <<EOF

[base]
name=Fedora Core \$releasever - \$basearch - Released Updates
baseurl=http://192.168.42.18/fc5/core/
enabled=1
gpgcheck=1
gpgkey=http://192.168.42.18/fc5/core/RPM-GPG-KEY-fedora

[updates-released]
name=Fedora Core \$releasever - \$basearch - Released Updates
baseurl=http://192.168.42.18/fc5/updates/
enabled=1
gpgcheck=1
gpgkey=http://192.168.42.18/fc5/core/RPM-GPG-KEY-fedora

EOF

/usr/bin/yum -y update >/dev/tty1

for i in anacron autofs bluetooth hidd avahi-daemon smartd cups \
  cups-config-daemon; do
         /sbin/chkconfig --level 35 $i off 
done

for i in named httpd ldap; do
         /sbin/chkconfig --level 35 $i on
done 

mv /etc/rc3.d/S27ldap /etc/rc3.d/S13ldap

cat >> /etc/rc.local <<EOF

if ! iptables -nL RH-Firewall-1-INPUT | grep "dpt:80" | grep "dpt:80"; then

IP=/sbin/iptables

# delete unanted rules

         \${IP} -D RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
         \${IP} -D RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT

# add new rules for services we use.

         UDP="-I RH-Firewall-1-INPUT 7 -m udp -p udp"
         TCP="-I RH-Firewall-1-INPUT 7 -m state --state NEW -m tcp -p tcp"

         \${IP} \${TCP} --dport 25 -j ACCEPT

         \${IP} \${TCP} --dport 53 -j ACCEPT
         \${IP} \${UDP} --dport 53 -j ACCEPT

         \${IP} \${TCP} --dport 80 -j ACCEPT

         \${IP} \${TCP} --dport 636 -j ACCEPT
         \${IP} \${UDP} --dport 636 -j ACCEPT

         \${IP} \${TCP} --dport 5432 -j ACCEPT
         \${IP} \${UDP} --dport 5432 -j ACCEPT

         service iptables save
fi

setsebool -P httpd_tty_comm 1

EOF


setsebool -P httpd_tty_comm 1

mkdir -p /var/local_yum
echo -e "/dev/hda1\t/var/local_yum\text3\tdefaults,acl\t0 0" >> /etc/fstab