|
|
|
@ -10,7 +10,7 @@ |
|
|
|
# we do this post-deploy so all users inherit the setting after modifying |
|
|
|
# /etc/bashrc |
|
|
|
# |
|
|
|
# resulting permissions is 550 max |
|
|
|
# resulting permissions is: 700 dirs, 600 files |
|
|
|
# |
|
|
|
sed -i 's/umask\s022/umask 077/' /etc/bashrc |
|
|
|
sed -i 's/umask\s022/umask 077/' /etc/profile |
|
|
|
@ -25,7 +25,7 @@ ssh-keygen -q -b 4096 -t rsa -f /root/.ssh/id_rsa -N "" |
|
|
|
## -- REGISTER GIT HOST KEY AS KNOWN HOST |
|
|
|
ssh -o 'StrictHostKeyChecking no' config.tombstones.org.uk -p 22022 2>/dev/null | echo > /dev/null |
|
|
|
|
|
|
|
### Add "DEPLOY" alias to the SSH CONFIG file |
|
|
|
### Add "DEPLOY" alias to the SSH CONFIG file - this will be used to pull down Puppet updates |
|
|
|
cat << EODEP > /root/.ssh/config |
|
|
|
Host deploy |
|
|
|
Hostname config.tombstones.org.uk |
|
|
|
@ -37,16 +37,16 @@ EODEP |
|
|
|
### PACKAGES |
|
|
|
yum -y install git |
|
|
|
|
|
|
|
### REGISTER DEPLOY WITH DEPLOY_S |
|
|
|
### Register DEPLOY key with gitea |
|
|
|
## (need the -k flag until we can get the "curl" issue fixed) |
|
|
|
curl -X POST "https://config.tombstones.org.uk:23000/api/v1/user/keys" \ |
|
|
|
-k \ |
|
|
|
-H "accept: application/json" \ |
|
|
|
-H "Content-Type: application/json" \ |
|
|
|
-H "Authorization: token 2b2182bbbb7e52b3193c4c9718c6e96c372f8156" \ |
|
|
|
-d "{ \"key\": \"$(cat /root/.ssh/id_rsa_deploy.pub)\", \"read_only\": true, \"title\": \"$(hostname -s)-$(date +'%s')\"}" |
|
|
|
-d "{ \"key\": \"$(cat /root/.ssh/id_rsa_deploy.pub)\", \"read_only\": true, \"title\": \"$(hostname -s)-deploy-$(date +'%s')\"}" |
|
|
|
|
|
|
|
### PUPPET |
|
|
|
### -- begin Puppet common stuff (uses "deploy" key) |
|
|
|
# |
|
|
|
mkdir -p /var/lib/puppet/manifests |
|
|
|
cd /var/lib/puppet/manifests |
|
|
|
|
