e7ffd040eb
The iptables rules should be saved after being flushed as part of the cloud-init process. If the reboot plugin is used, the default CentOS rules are loaded on boot because we are not saving the cleared set of rules. This can cause some network configurations to break. Ubuntu is not impacted as they do not have any 'default' rules. Change-Id: I49842cd833a736f318dd237f07be2267dbfb27ab Closes-Bug: 1459733
105 lines
2.7 KiB
Django/Jinja
105 lines
2.7 KiB
Django/Jinja
#cloud-config
|
|
resize_rootfs: false
|
|
growpart:
|
|
mode: false
|
|
disable_ec2_metadata: true
|
|
disable_root: false
|
|
|
|
# password: RANDOM
|
|
# chpasswd: { expire: True }
|
|
|
|
ssh_pwauth: false
|
|
ssh_authorized_keys:
|
|
{% for key in common.ssh_auth_keys %}
|
|
- {{ key }}
|
|
{% endfor %}
|
|
|
|
# set the locale to a given locale
|
|
# default: en_US.UTF-8
|
|
locale: en_US.UTF-8
|
|
|
|
timezone: {{ common.timezone }}
|
|
|
|
hostname: {{ common.hostname }}
|
|
fqdn: {{ common.fqdn }}
|
|
|
|
# add entries to rsyslog configuration
|
|
rsyslog:
|
|
- filename: 10-log2master.conf
|
|
content: |
|
|
$template LogToMaster, "<%%PRI%>1 %$NOW%T%TIMESTAMP:8:$%Z %HOSTNAME% %APP-NAME% %PROCID% %MSGID% -%msg%\n"
|
|
*.* @{{ common.master_ip }};LogToMaster
|
|
|
|
runcmd:
|
|
{% if puppet.enable != 1 %}
|
|
- service puppet stop
|
|
- chkconfig puppet off
|
|
{% endif %}
|
|
{% if mcollective.enable != 1 %}
|
|
- service mcollective stop
|
|
- chkconfig mcollective off
|
|
{% else %}
|
|
- chkconfig mcollective on
|
|
- service mcollective restart
|
|
{% endif %}
|
|
- iptables -t filter -F INPUT
|
|
- iptables -t filter -F FORWARD
|
|
- service iptables save
|
|
|
|
# that module's missing in 0.6.3, but existent for >= 0.7.3
|
|
write_files:
|
|
- content: |
|
|
---
|
|
url: {{ common.master_url }}
|
|
path: /etc/nailgun-agent/config.yaml
|
|
- content: target
|
|
path: /etc/nailgun_systemtype
|
|
|
|
mcollective:
|
|
conf:
|
|
main_collective: mcollective
|
|
collectives: mcollective
|
|
libdir: /usr/libexec/mcollective
|
|
logfile: /var/log/mcollective.log
|
|
loglevel: debug
|
|
daemonize: 1
|
|
direct_addressing: 1
|
|
ttl: 4294957
|
|
securityprovider: psk
|
|
plugin.psk: {{ mcollective.pskey }}
|
|
{% if mcollective.connector == 'stomp' %}
|
|
connector = stomp
|
|
plugin.stomp.host: {{ mcollective.host }}
|
|
plugin.stomp.port: {{ mcollective.port|default(61613) }}
|
|
plugin.stomp.user: {{ mcollective.user }}
|
|
plugin.stomp.password: {{ mcollective.password }}
|
|
{% else %}
|
|
connector: rabbitmq
|
|
plugin.rabbitmq.vhost: {{ mcollective.vhost }}
|
|
plugin.rabbitmq.pool.size: 1
|
|
plugin.rabbitmq.pool.1.host: {{ mcollective.host }}
|
|
plugin.rabbitmq.pool.1.port: {{ mcollective.port|default(61613) }}
|
|
plugin.rabbitmq.pool.1.user: {{ mcollective.user }}
|
|
plugin.rabbitmq.pool.1.password: {{ mcollective.password }}
|
|
plugin.rabbitmq.heartbeat_interval: 30
|
|
{% endif %}
|
|
factsource: yaml
|
|
plugin.yaml: /etc/mcollective/facts.yaml
|
|
|
|
puppet:
|
|
conf:
|
|
main:
|
|
logdir: /var/log/puppet
|
|
rundir: /var/run/puppet
|
|
ssldir: $vardir/ssl
|
|
pluginsync: true
|
|
agent:
|
|
classfile: $vardir/classes.txt
|
|
localconfig: $vardir/localconfig
|
|
server: {{ puppet.master }}
|
|
report: false
|
|
configtimeout: 600
|
|
|
|
|
|
final_message: "YAY! The system is finally up, after $UPTIME seconds"
|