You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
44 lines
1.3 KiB
44 lines
1.3 KiB
### UMASK
|
|
# strengthen the default umask
|
|
# we do this post deploy so all users inherit the setting after modifying
|
|
# /etc/bashrc
|
|
#
|
|
# resulting permissions is 550 max
|
|
#
|
|
sed -i 's/umask\s022/umask 077/' /etc/bashrc
|
|
sed -i 's/umask\s022/umask 077/' /etc/profile
|
|
sed -i 's/umask\s022/umask 077/' /etc/csh.cshrc
|
|
|
|
### SSH KEY
|
|
# DEPLOY_S
|
|
ssh-keygen -q -b 4096 -t rsa -f /root/.ssh/id_rsa_deploy -N ""
|
|
# ROOT
|
|
ssh-keygen -q -b 4096 -t rsa -f /root/.ssh/id_rsa -N ""
|
|
|
|
### REGISTER GIT HOST KEY AS KNOWN HOST
|
|
ssh -o 'StrictHostKeyChecking no' config.tombstones.org.uk -p 22122 2>/dev/null | echo > /dev/null
|
|
|
|
### DEPLOY SSH CONFIG
|
|
cat << EODEP > /root/.ssh/config
|
|
Host deploy
|
|
Hostname config.tombstones.org.uk
|
|
Port 22122
|
|
StrictHostKeyChecking no
|
|
IdentityFile /root/.ssh/id_rsa_deploy
|
|
EODEP
|
|
|
|
### PACKAGES
|
|
yum -y install git
|
|
|
|
### REGISTER DEPLOY WITH DEPLOY_S
|
|
curl -X POST "https://config.tombstones.org.uk:23000/api/v1/user/keys" \
|
|
-H "accept: application/json" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: token d5504c29d01678260841c3606eacbf47d6222a59" \
|
|
-d "{ \"key\": \"$(cat /root/.ssh/id_rsa_deploy.pub)\", \"read_only\": true, \"title\": \"$(hostname -s)-$(date +'%s')\"}"
|
|
|
|
### PUPPET
|
|
#
|
|
mkdir -p /var/lib/puppet/manifests
|
|
cd /var/lib/puppet/manifests
|
|
git clone git@deploy:tombstones/puppet-common.git
|
|
|