c5b4e5dfca
Extended Nailgun data driver to parse new ks_meta keys. Extended Ubuntu cloud-init config template to create a non-root account. Root login is being disabled, however, this setting will only be effective until osnailyfacter::ssh puppet class will have been evaluated during deployment as it overrides sshd_config values. This means, that PermitRootLogin should be managed by library as well. Blueprint: fuel-nonroot-openstack-nodes Depends-On: Ia18305e07d07377886783c3b3e44abe93cef2da5 Conflicts: bareon/tests/test_configdrive.py Change-Id: I69831fe0327ef9ac55bed99301d2c3732b87ed88
120 lines
3.1 KiB
Django/Jinja
120 lines
3.1 KiB
Django/Jinja
#cloud-config
|
|
resize_rootfs: false
|
|
growpart:
|
|
mode: false
|
|
disable_ec2_metadata: true
|
|
disable_root: false
|
|
users:
|
|
{% for user in user_accounts %}
|
|
- name: {{ user.name }}
|
|
plain_text_passwd: {{ user.password }}
|
|
lock_passwd: False
|
|
homedir: {{ user.homedir }}
|
|
shell: {{ user.shell }}
|
|
{% if user.ssh_keys|length > 0 %}
|
|
ssh_authorized_keys:
|
|
{% for key in user.ssh_keys %}
|
|
- {{ key }}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if user.sudo|length > 0 %}
|
|
sudo:
|
|
{% for entry in user.sudo %}
|
|
- "{{ entry }}"
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
chpasswd: { expire: false }
|
|
ssh_pwauth: false
|
|
|
|
# set the locale to a given locale
|
|
# default: en_US.UTF-8
|
|
locale: en_US.UTF-8
|
|
|
|
timezone: {{ common.timezone }}
|
|
|
|
hostname: {{ common.hostname }}
|
|
fqdn: {{ common.fqdn }}
|
|
|
|
|
|
# add entries to rsyslog configuration
|
|
rsyslog:
|
|
- filename: 10-log2master.conf
|
|
content: |
|
|
$template LogToMaster, "<%PRI%>1 %$NOW%T%TIMESTAMP:8:$%Z %HOSTNAME% %APP-NAME% %PROCID% %MSGID% -%msg%\n"
|
|
*.* @{{ common.master_ip }};LogToMaster
|
|
|
|
|
|
# that module's missing in 0.6.3, but existent for >= 0.7.3
|
|
write_files:
|
|
- content: |
|
|
---
|
|
url: {{ common.master_url }}
|
|
path: /etc/nailgun-agent/config.yaml
|
|
- content: target
|
|
path: /etc/nailgun_systemtype
|
|
|
|
mcollective:
|
|
conf:
|
|
main_collective: mcollective
|
|
collectives: mcollective
|
|
libdir: /usr/share/mcollective/plugins
|
|
logfile: /var/log/mcollective.log
|
|
loglevel: debug
|
|
daemonize: 0
|
|
direct_addressing: 1
|
|
ttl: 4294957
|
|
securityprovider: psk
|
|
plugin.psk: {{ mcollective.pskey }}
|
|
identity: {{ mcollective.identity }}
|
|
{% if mcollective.connector == 'stomp' %}
|
|
connector = stomp
|
|
plugin.stomp.host: {{ mcollective.host }}
|
|
plugin.stomp.port: {{ mcollective.port|default(61613) }}
|
|
plugin.stomp.user: {{ mcollective.user }}
|
|
plugin.stomp.password: {{ mcollective.password }}
|
|
{% else %}
|
|
connector: rabbitmq
|
|
plugin.rabbitmq.vhost: {{ mcollective.vhost }}
|
|
plugin.rabbitmq.pool.size: 1
|
|
plugin.rabbitmq.pool.1.host: {{ mcollective.host }}
|
|
plugin.rabbitmq.pool.1.port: {{ mcollective.port|default(61613) }}
|
|
plugin.rabbitmq.pool.1.user: {{ mcollective.user }}
|
|
plugin.rabbitmq.pool.1.password: {{ mcollective.password }}
|
|
plugin.rabbitmq.heartbeat_interval: 30
|
|
{% endif %}
|
|
factsource: yaml
|
|
plugin.yaml: /etc/mcollective/facts.yaml
|
|
|
|
puppet:
|
|
conf:
|
|
main:
|
|
logdir: /var/log/puppet
|
|
rundir: /var/run/puppet
|
|
ssldir: $vardir/ssl
|
|
pluginsync: true
|
|
prerun_command: /bin/true
|
|
postrun_command: /bin/true
|
|
agent:
|
|
classfile: $vardir/classes.txt
|
|
localconfig: $vardir/localconfig
|
|
server: {{ puppet.master }}
|
|
report: false
|
|
configtimeout: 600
|
|
|
|
runcmd:
|
|
{% if puppet.enable != 1 %}
|
|
- /usr/sbin/invoke-rc.d puppet stop
|
|
- /usr/sbin/update-rc.d -f puppet remove
|
|
{% endif %}
|
|
{% if mcollective.enable != 1 %}
|
|
- /usr/sbin/invoke-rc.d mcollective stop
|
|
- echo manual > /etc/init/mcollective.override
|
|
{% else %}
|
|
- rm -f /etc/init/mcollective.override
|
|
{% endif %}
|
|
- iptables -t filter -F INPUT
|
|
- iptables -t filter -F FORWARD
|
|
|
|
final_message: "YAY! The system is finally up, after $UPTIME seconds"
|