## ## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ## ## Note: these commands are all run by "root" on the VM itself ## .. the finished file is found at /root/anaconda-ks.cfg ## ## adding "echo" lines in here don't actually write anything to the screen ## ## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ## echo "## BEGIN: COMMON post.sh..." ## -- for increased logging: set -x ## -- UMASK # strengthen the default umask # we do this post-deploy so all users inherit the setting after modifying # /etc/bashrc # # resulting permissions is: 700 dirs, 600 files # sed -i 's/umask\s022/umask 077/' /etc/bashrc sed -i 's/umask\s022/umask 077/' /etc/profile sed -i 's/umask\s022/umask 077/' /etc/csh.cshrc ### install git (and necessary packages) and use that to begin deploying configs yum -y install git net-tools wget ansible ## -- create SSH keys in root's home dir: # DEPLOY account. This key is pushed to gitea for puppet to use - the install actually uses hal's key first ssh-keygen -q -b 4096 -t rsa -f /root/.ssh/id_rsa_deploy -N "" -C"deploy@$(hostname -s)" # ROOT's key... ssh-keygen -q -b 4096 -t rsa -f /root/.ssh/id_rsa -N "" ### Add "DEPLOY" alias to the SSH CONFIG file - this will be used to pull down Puppet updates cat << EODEP > /root/.ssh/config Host deploy User git Hostname config.tombstones.org.uk Port 22022 ## port 23000 StrictHostKeyChecking no IdentityFile /root/.ssh/id_rsa_deploy EODEP ### Register this "deploy" account with gitea curl -X POST "https://config.tombstones.org.uk:23000/api/v1/user/keys" \ -H "accept: application/json" \ -H "Content-Type: application/json" \ -H "Authorization: token 2b2182bbbb7e52b3193c4c9718c6e96c372f8156" \ -d "{ \"key\": \"$(cat /root/.ssh/id_rsa_deploy.pub)\", \"read_only\": true, \"title\": \"$(hostname -s)-deploy-$(date +'%s')\"}" ## .. note: this key shows up in the list of keys for the "deploy" gitea user ## ...but also means files can be fetched over ssh using "git@deploy" as an alias ## -- REGISTER GIT HOST KEY AS KNOWN HOST #ssh -o 'StrictHostKeyChecking no' config.tombstones.org.uk -p 22022 2>/dev/null | echo > /dev/null ssh -o 'StrictHostKeyChecking no' deploy 2>/dev/null | echo > /dev/null ### -- begin Puppet common stuff (uses "deploy" key) #mkdir -p /var/lib/puppet/manifests #cd /var/lib/puppet/manifests ## -- may be an issue with this syntax, not sure... #git clone git@deploy:/tombstones/puppet-common.git #git clone ssh://deploy:/tombstones/puppet-common.git #git clone deploy:/tombstones/puppet-common.git echo "## END: COMMON post.sh..." ## ============ end of kickstarts/common/post.sh =================