diff --git a/albert/post.cfg b/albert/post.cfg index 52e72c3..93df4a4 100644 --- a/albert/post.cfg +++ b/albert/post.cfg @@ -30,3 +30,71 @@ curl -X POST "https://config.tombstones.org.uk:23000/api/v1/user/keys" \ # -- postfix #git clone ssh://git@config.tombstones.org.uk:22022/tombstones/puppet-postfix.git + +########## Anything below this line is from common/post..cfg + +## +## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +## +## Note: these commands are all run by "root" on the VM itself +## .. the finished file is found at /root/anaconda-ks.cfg +## +## adding "echo" lines in here don't actually write anything to the screen +## +## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +## + +## -- UMASK +# strengthen the default umask +# we do this post-deploy so all users inherit the setting after modifying +# /etc/bashrc +# +# resulting permissions is: 700 dirs, 600 files +# +sed -i 's/umask\s022/umask 077/' /etc/bashrc +sed -i 's/umask\s022/umask 077/' /etc/profile +sed -i 's/umask\s022/umask 077/' /etc/csh.cshrc + +### install git and use that to begin deploying puppet configs +yum -y install git + +## -- create SSH keys in root's home dir: +# DEPLOY account. This key is pushed to gitea for puppet to use - the install actually uses hal's key first +ssh-keygen -q -b 4096 -t rsa -f /root/.ssh/id_rsa_deploy -N "" -C"deploy@$(hostname -s)" +# ROOT's key... +ssh-keygen -q -b 4096 -t rsa -f /root/.ssh/id_rsa -N "" + +### Add "DEPLOY" alias to the SSH CONFIG file - this will be used to pull down Puppet updates +cat << EODEP > /root/.ssh/config +Host deploy + User git + Hostname config.tombstones.org.uk + Port 22022 + ## port 23000 + StrictHostKeyChecking no + IdentityFile /root/.ssh/id_rsa_deploy +EODEP + +### Register this "deploy" account with gitea +curl -X POST "https://config.tombstones.org.uk:23000/api/v1/user/keys" \ +-H "accept: application/json" \ +-H "Content-Type: application/json" \ +-H "Authorization: token 2b2182bbbb7e52b3193c4c9718c6e96c372f8156" \ +-d "{ \"key\": \"$(cat /root/.ssh/id_rsa_deploy.pub)\", \"read_only\": true, \"title\": \"$(hostname -s)-deploy-$(date +'%s')\"}" + +## .. note: this key shows up in the list of keys for the "deploy" gitea user +## ...but also means files can be fetched over ssh using "git@deploy" as an alias + +## -- REGISTER GIT HOST KEY AS KNOWN HOST +#ssh -o 'StrictHostKeyChecking no' config.tombstones.org.uk -p 22022 2>/dev/null | echo > /dev/null +ssh -o 'StrictHostKeyChecking no' deploy 2>/dev/null | echo > /dev/null + + + +### -- begin Puppet common stuff (uses "deploy" key) +mkdir -p /var/lib/puppet/manifests +cd /var/lib/puppet/manifests +## -- may be an issue with this syntax, not sure... +#git clone git@deploy:/tombstones/puppet-common.git +#git clone ssh://deploy:/tombstones/puppet-common.git +git clone deploy:/tombstones/puppet-common.git \ No newline at end of file