ks-centos5.cfg

# Build a basic CentOS 5 AMI
lang en_US.UTF-8
keyboard us
timezone US/Eastern
auth --useshadow --enablemd5
selinux --disabled
firewall --disabled
bootloader --timeout=1 
network --bootproto=dhcp --device=eth0 --onboot=on
services --enabled=network


# Uncomment the next line
# to make the root password be password
# By default the root password is emptied
#rootpw password

#
# Define how large you want your rootfs to be
# NOTE: S3-backed AMIs have a limit of 10G
#
part / --size 512 --fstype ext3

#
# Repositories
repo --name=CentOS5-Base --mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=os
repo --name=CentOS5-Updates --mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=updates
repo --name=CentOS5-Addons --mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=extras
repo --name=EPEL --baseurl=http://download.fedoraproject.org/pub/epel/5/$basearch/

#
#
# Add all the packages after the base packages
#
%packages --excludedocs --nobase --instLangs=en
@core
system-config-securitylevel-tui
audit
pciutils
bash
coreutils
kernel-xen
grub
e2fsprogs
passwd
policycoreutils
chkconfig
rootfiles
yum
vim-minimal
acpid
openssh-clients
openssh-server
curl

#Allow for dhcp access
dhclient
iputils

%end

#
# Add custom post scripts after the base post.
#
%post
%end

%post --nochroot --erroronfail
# bleah.  fedora 14 has a newer version of bdb for rpm
# migrate from bdb47 to bdb45 with db_dump + db_load if needed
if [ $(file $INSTALL_ROOT/var/lib/rpm/Packages | grep -c "version 9") -ne 0 ]; then
  pushd $INSTALL_ROOT/var/lib/rpm 2>/dev/null || exit 1
  rm -f __db*
  for f in * ; do
    db_dump $f | db45_load $f.45 || exit 1
    mv $f.45 $f
  done
  popd 2>/dev/null
fi
%end

# more ec2-ify
%post --erroronfail
# disable root password based login
cat >> /etc/ssh/sshd_config << EOF
PermitRootLogin without-password
UseDNS no
EOF

# set up ssh key fetching
cat >> /etc/rc.local << EOF
if [ ! -d /root/.ssh ]; then
  mkdir -p /root/.ssh
  chmod 700 /root/.ssh
fi
# Fetch public key using HTTP
KEY_FILE=\$(mktemp)
curl http://169.254.169.254/2009-04-04/meta-data/public-keys/0/openssh-key 2>/dev/null > \$KEY_FILE
if [ \$? -eq 0 ]; then
  cat \$KEY_FILE >> /root/.ssh/authorized_keys
  chmod 600 /root/.ssh/authorized_keys
fi
rm -f \$KEY_FILE
EOF

%end