ixs' Vodkamelone

With current virtualization technology it is often desirable to install an absolute minimal system and then only add the one service running on the system.

Unfortunately, this is not as easy as the "Minimal Installation" of RHEL (I'm not even going to think about fedora) is rather huge and contains lots of unnecessary gems people do not want on a server.

The easiest way of achieving a minimal installation is to use a kickstart file and select only the necessary packages.

The following kickstart file only installs a usable base system but leaves out the unnecessary stuff often being installed on a "server" installation.
The %post script is used to do some final clean up.
In this case i386 packages are removed if running on a x86_64 system in order to prevent having a mixed userland.
For people not running with IPv6, v6 support is disabled/removed as well.

This template kickstart file should be customized and then be published on a ftp or http server.
The anaconda installer can be instructed to use this file by passing ks=http://your.server/minimal.ks on the command line.

#
# Minimal RHEL5 Installation
# http://blog.vodkamelone.de/archives/151-Red-Hat-Enterprise-LinuxCentOS-5-minimal-installation.html
#

install
# Mirror URL
url --url Your Mirror URL, e.g. http://mirror.centos.org/centos/5/os/x86_64
lang en_US.UTF-8
keyboard de-latin1-nodeadkeys
network --device eth0 --bootproto dhcp
# Your root password
rootpw --iscrypted your root password as a crypted string
firewall --enabled --ssh
firstboot --disable
authconfig --enableshadow --enablemd5
selinux --enforcing
# Timezone, change as needed
timezone --utc Europe/Berlin
bootloader --location=mbr
# Append the following line if you need serial console support
#--append="console=tty0 console=ttyS0,115200n8r"
# or for Xen:
#--append="console=tty0 console=xvc0"
key --skip
logging --host=You syslog server
skipx
# uncomment if you only need a text mode installation
#text
reboot
services --disabled ip6tables
clearpart --initlabel --all
autopart

# Packages selection.
%packages --nobase
kernel
yum
openssh-server
openssh-clients
dhclient
audit
man
logrotate
tmpwatch
vixie-cron
crontabs
# Remove some stuff we do not need.
-iptables-ipv6
-system-config-securitylevel-tui
-gnu-efi
-Deployment_Guide-en-US
-redhat-release-notes
-cryptsetup-luks
# Remove some further packages
-hal
-pm-utils
-dbus
-dbus-glib
# If you're using xen, the following packages can be removed as well
#-setserial
#-hal
#-pm-utils
#-kudzu
#-dbus
#-dbus-glib

# Run a post script to clean up a bit
%post
chvt 3
(
echo "Disabling IPv6"
sed -i -e 's/\(NETWORKING_IPV6=\).*/\1no/' /etc/sysconfig/network

cat << EOF >> /etc/modprobe.conf
# disable IPv6
alias net-pf-10 off
EOF

echo "Disabling Zeroconf"
grep -q '^NOZEROCONF=yes' /etc/sysconfig/network || sed -i -e '/^NETWORKING=yes/a NOZEROCONF=yes' /etc/sysconfig/network

# Running on x86_64? Remove i386 rpms
if [ "$(uname -m)" == "x86_64" ]; then
	echo "We're on x86_64, removing unwanted i386 libraries"
	rpm -qa --queryformat='%{n}-%{v}-%{r}.%{arch}\n' | grep '\.i[3456]86$' | xargs rpm -ev
	echo "done"
fi

# Adding ssh key
# You could add your ssh key here
#echo "Adding ssh key"
#mkdir -p /root/.ssh
#chmod 700 /root/.ssh
#echo 'your ssh key' > /root/.ssh/authorized_keys
#chmod 600 /root/.ssh/authorized_keys


# Running on XEN? Add serial console if not already configured
if [ -f /proc/xen/capabilities ] && [ $(cat /proc/xen/capabilities | wc -l) -eq 0 ]; then
	echo "Adding XEN serial console support"
	# Check it's not already configured and add it and allow root-logins
	grep -q xvc0 /etc/inittab || sed -i -e '/^# Run gettys/a co:2345:respawn:/sbin/agetty xvc0 9600 vt100-nav ' /etc/inittab 
	grep -q xvc0 /etc/securetty || echo xvc0 >> /etc/securetty
fi

) 2>&1 | tee /root/ks-post.log
chvt 1