You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
74 lines
2.6 KiB
74 lines
2.6 KiB
##
|
|
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
##
|
|
## Note: these commands are all run by "root" on the VM itself
|
|
## .. the finished file is found at /root/anaconda-ks.cfg
|
|
##
|
|
## adding "echo" lines in here don't actually write anything to the screen
|
|
##
|
|
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
##
|
|
echo "## BEGIN: COMMON post.sh..."
|
|
|
|
## -- for increased logging:
|
|
set -x
|
|
|
|
## -- UMASK
|
|
# strengthen the default umask
|
|
# we do this post-deploy so all users inherit the setting after modifying
|
|
# /etc/bashrc
|
|
#
|
|
# resulting permissions is: 700 dirs, 600 files
|
|
#
|
|
sed -i 's/umask\s022/umask 077/' /etc/bashrc
|
|
sed -i 's/umask\s022/umask 077/' /etc/profile
|
|
sed -i 's/umask\s022/umask 077/' /etc/csh.cshrc
|
|
|
|
### install git (and necessary packages) and use that to begin deploying configs
|
|
yum -y install git net-tools wget
|
|
|
|
## -- create SSH keys in root's home dir:
|
|
# DEPLOY account. This key is pushed to gitea for puppet to use - the install actually uses hal's key first
|
|
ssh-keygen -q -b 4096 -t rsa -f /root/.ssh/id_rsa_deploy -N "" -C"deploy@$(hostname -s)"
|
|
# ROOT's key...
|
|
ssh-keygen -q -b 4096 -t rsa -f /root/.ssh/id_rsa -N ""
|
|
|
|
### Add "DEPLOY" alias to the SSH CONFIG file - this will be used to pull down Puppet updates
|
|
cat << EODEP > /root/.ssh/config
|
|
Host deploy
|
|
User git
|
|
Hostname config.tombstones.org.uk
|
|
Port 22022
|
|
## port 23000
|
|
StrictHostKeyChecking no
|
|
IdentityFile /root/.ssh/id_rsa_deploy
|
|
EODEP
|
|
|
|
### Register this "deploy" account with gitea
|
|
curl -X POST "https://config.tombstones.org.uk:23000/api/v1/user/keys" \
|
|
-H "accept: application/json" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: token 2b2182bbbb7e52b3193c4c9718c6e96c372f8156" \
|
|
-d "{ \"key\": \"$(cat /root/.ssh/id_rsa_deploy.pub)\", \"read_only\": true, \"title\": \"$(hostname -s)-deploy-$(date +'%s')\"}"
|
|
|
|
## .. note: this key shows up in the list of keys for the "deploy" gitea user
|
|
## ...but also means files can be fetched over ssh using "git@deploy" as an alias
|
|
|
|
## -- REGISTER GIT HOST KEY AS KNOWN HOST
|
|
#ssh -o 'StrictHostKeyChecking no' config.tombstones.org.uk -p 22022 2>/dev/null | echo > /dev/null
|
|
ssh -o 'StrictHostKeyChecking no' deploy 2>/dev/null | echo > /dev/null
|
|
|
|
|
|
|
|
### -- begin Puppet common stuff (uses "deploy" key)
|
|
#mkdir -p /var/lib/puppet/manifests
|
|
#cd /var/lib/puppet/manifests
|
|
## -- may be an issue with this syntax, not sure...
|
|
#git clone git@deploy:/tombstones/puppet-common.git
|
|
#git clone ssh://deploy:/tombstones/puppet-common.git
|
|
#git clone deploy:/tombstones/puppet-common.git
|
|
|
|
echo "## END: COMMON post.sh..."
|
|
|
|
|
|
## ============ end of kickstarts/common/post.sh =================
|
|
|