1 changed files with 0 additions and 80 deletions
@ -1,80 +0,0 @@ |
|||
## |
|||
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|||
## |
|||
## Note: these commands are all run by "root" on the VM itself |
|||
## .. the finished file is found at /root/anaconda-ks.cfg |
|||
## |
|||
## adding "echo" lines in here don't actually write anything to the screen |
|||
## |
|||
## ... these are new commands to test out the puppet-common-albert configs |
|||
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|||
## |
|||
|
|||
## -- for increased logging: |
|||
#set -x |
|||
|
|||
## -- UMASK |
|||
# strengthen the default umask |
|||
# we do this post-deploy so all users inherit the setting after modifying |
|||
# /etc/bashrc |
|||
# |
|||
# resulting permissions is: 700 dirs, 600 files |
|||
# |
|||
sed -i 's/umask\s022/umask 077/' /etc/bashrc |
|||
sed -i 's/umask\s022/umask 077/' /etc/profile |
|||
sed -i 's/umask\s022/umask 077/' /etc/csh.cshrc |
|||
|
|||
#echo "yum exists in: $(which yum)" |
|||
|
|||
### install git and use that to begin deploying puppet configs |
|||
## -- doesn't seem to fully like the -y here... keeps pausing and asking to continue |
|||
#dnf -y install wget |
|||
#yum -y install wget |
|||
#yum -y install git |
|||
|
|||
|
|||
## -- create SSH keys in root's home dir: |
|||
# DEPLOY account. This key is pushed to gitea for puppet to use - the install actually uses hal's key first |
|||
ssh-keygen -q -b 4096 -t rsa -f /root/.ssh/id_rsa_deploy -N "" -C"deploy@$(hostname -s)" |
|||
# ROOT's key... |
|||
ssh-keygen -q -b 4096 -t rsa -f /root/.ssh/id_rsa -N "" |
|||
|
|||
### Add "DEPLOY" alias to the SSH CONFIG file - this will be used to pull down Puppet updates |
|||
cat << EODEP > /root/.ssh/config |
|||
Host deploy |
|||
User git |
|||
Hostname config.tombstones.org.uk |
|||
Port 22022 |
|||
## port 23000 |
|||
StrictHostKeyChecking no |
|||
IdentityFile /root/.ssh/id_rsa_deploy |
|||
EODEP |
|||
|
|||
### Register this "deploy" account with gitea |
|||
curl -X POST "https://config.tombstones.org.uk:23000/api/v1/user/keys" \ |
|||
-H "accept: application/json" \ |
|||
-H "Content-Type: application/json" \ |
|||
-H "Authorization: token 2b2182bbbb7e52b3193c4c9718c6e96c372f8156" \ |
|||
-d "{ \"key\": \"$(cat /root/.ssh/id_rsa_deploy.pub)\", \"read_only\": true, \"title\": \"$(hostname -s)-deploy-$(date +'%s')\"}" |
|||
|
|||
## .. note: this key shows up in the list of keys for the "deploy" gitea user |
|||
## ...but also means files can be fetched over ssh using "git@deploy" as an alias |
|||
|
|||
## -- REGISTER GIT HOST KEY AS KNOWN HOST |
|||
#ssh -o 'StrictHostKeyChecking no' config.tombstones.org.uk -p 22022 2>/dev/null | echo > /dev/null |
|||
ssh -o 'StrictHostKeyChecking no' deploy 2>/dev/null | echo > /dev/null |
|||
|
|||
|
|||
|
|||
### -- begin Puppet common stuff (uses "deploy" key) |
|||
#mkdir -p /var/lib/puppet/manifests |
|||
#cd /var/lib/puppet/manifests |
|||
## -- may be an issue with this syntax, not sure... |
|||
#git clone git@deploy:/tombstones/puppet-common.git |
|||
#git clone ssh://deploy:/tombstones/puppet-common.git |
|||
|
|||
## -- using puppet-common-albert instead. |
|||
#git clone deploy:/tombstones/puppet-common-albert.git |
|||
|
|||
## ============ end of kickstarts/albert/kickstart-post.cfg ================= |
|||
|
|||
Loading…
Reference in new issue