Hoping someone can help me with this. I'm also certain this is a stupid mistake that I haven't caught, but you never know.
Background: I'm customizing my own CentOS 9 Stream ISO. We'll be phasing out support for the CentOS 7 Linux servers within the next year (along with their software suite). The goal is to automate as much of the deployment as I can. Given the various environments where this will be deployed (40+ unique environments), I figured the easiest way was KickStart in the ISO. Ansible wasn't going to be easy to do as these VMs will be deployed in locations that I can't control DHCP, PXE, TFTP, etc. Not to mention, spread across the world with no centralized access, and in most cases, restricted internet access. Ansible-pull might be an option down the line. But the goal is an install that only prompts for IP information and a hostname. Everything else is automated. Kickstart is filling that function for me.
Anyways, onto talking about the customizations. Note: A lot of these were necessary because CentOS does not release a "minimal" ISO (I'm aware of 'boot.iso'), which is a bit asinine... but whatever.
- Ripped apart and removed significant portions of AppStream/
- Ripped apart and removed *i686* packages from BaseOS/
- Created new repo data (AppStream/repodata/ and BaseOS/repodata/)
- Added kickstart.cfg that:
- Sets up default accounts
- Sets up high-level default firewall policies
- Sets up SE linux
- Sets up Security Policies
- Added addition '3rd Party' repos (self-hosted and synced).
- Configures %packages
- @^custom-environment
- @ standard
- @ base
- @ hardware-monitoring
- @ network-tools
- @ performance
- <3rd Party apps found in the custom repos>
- Configures %post sections
- Re-writes default SSH/Management policies.
- Rewrites Default Logging Policies.
- Rewrites config for 3rd Party Application(s).
- Attaches MGMT profile.
- Installs additional 3rd party apps without public repos.
- Configures granular firewall policy.
- <and others>
- Modifications to:
- isolinux/isolinux.cfg
- isolinux/grub.conf
- efi/boot/grub.conf
- Screenshots of the modified files: https://imgur.com/a/ueON3mS
I spent time reading both RedHat's documentation on customizing ISOs under solution #60959 (https://access.redhat.com/solutions/60959) and VMWare's documentation (https://docs.vmware.com/en/VMware-vSphe ... B1F9C.html). RedHat's is somewhat more applicable here, obviously.
RedHat's documentation ends with 3 commands to theoretically generate your own hybrid EFI/BIOS-bootable image:
Code: Select all
# mkisofs -o /tmp/<Appliance Name>.iso -b isolinux/isolinux.bin -J -R -l -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table \
-eltorito-alt-boot -e images/efiboot.img -no-emul-boot -graft-points -joliet-long -V "Appliance" .
# isohybrid --uefi /tmp/rhel7test.iso
# implantisomd5 /tmp/rhel7test.iso
Code: Select all
menuentry 'Install Appliance via UEFI' --class fedora --class gnu-linux --class gnu --class os {
linuxefi /images/pxeboot/vmlinuz inst.repo=cdrom inst.ks=cdrom:/kickstart.cfg inst.stage2=hd:LABEL=Appliance quiet
initrdefi /images/pxeboot/initrd.img
}
Running 'File' and 'isoinfo' against both the default CentOS 9 Stream DVD, and my own custom DVD, I can't find any differences that would impact the EFI side of it. (Notably: mkisofs executes fully and does output a *.iso file to my tmp directory.) The even more interesting part is what happens if I rip the image to a USB stick and attempt baremetal installs. The Intel NUC (test PC) will read the media just fine in UEFI/EFI. Ripped to a USB stick using rufus.
I'm assuming this is a stupid oversight somewhere in a command. Obviously, I'm doing something wrong; does anyone know what it is?
Cheers,
CDP
