| Tatyana Leontovich | 4885f79 | 2017-09-25 15:16:27 +0300 | [diff] [blame] | 1 | | # All the data below will be stored as a string object |
| 2 | #cloud-config, see http://cloudinit.readthedocs.io/en/latest/topics/examples.html |
| 3 | |
| 4 | ssh_pwauth: True |
| 5 | users: |
| 6 | - name: root |
| 7 | sudo: ALL=(ALL) NOPASSWD:ALL |
| 8 | shell: /bin/bash |
| 9 | ssh_authorized_keys: |
| 10 | {% for key in config.underlay.ssh_keys %} |
| 11 | - ssh-rsa {{ key['public'] }} |
| 12 | {% endfor %} |
| 13 | |
| 14 | disable_root: false |
| 15 | chpasswd: |
| 16 | list: | |
| 17 | root:r00tme |
| 18 | expire: False |
| 19 | |
| 20 | bootcmd: |
| 21 | # Block access to SSH while node is preparing |
| 22 | - cloud-init-per once sudo iptables -A INPUT -p tcp --dport 22 -j DROP |
| 23 | # Enable root access |
| 24 | - sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin yes/' /etc/ssh/sshd_config |
| 25 | - service sshd restart |
| 26 | output: |
| 27 | all: '| tee -a /var/log/cloud-init-output.log /dev/tty0' |
| 28 | |
| 29 | runcmd: |
| Dennis Dmitriev | ed3f4be | 2018-01-29 17:42:16 +0200 | [diff] [blame] | 30 | # Prepare network connection |
| 31 | - sudo ifup ens3 |
| 32 | #- sudo route add default gw {gateway} {interface_name} |
| 33 | - sudo ifup ens4 |
| 34 | - sudo ifup ens5 |
| 35 | - sudo ifup ens6 |
| 36 | |
| Tatyana Leontovich | ecd491d | 2017-09-13 13:51:12 +0300 | [diff] [blame] | 37 | - rm /etc/resolv.conf |
| 38 | - touch /etc/resolv.conf |
| 39 | - export LOCAL_DNS_IP=$(ifconfig ens3 | grep "inet addr" | cut -d ':' -f 2 | cut -d ' ' -f 1) |
| 40 | - echo "nameserver $LOCAL_DNS_IP" >> /etc/resolv.conf; |
| 41 | - echo "nameserver 172.18.208.44" >> /etc/resolv.conf; |
| Dennis Dmitriev | d86ffa1 | 2018-03-15 22:07:51 +0200 | [diff] [blame] | 42 | - echo "supersede domain-name-servers $LOCAL_DNS_IP, 172.18.208.44" >> /etc/dhcp/dhclient.conf |
| Tatyana Leontovich | 4885f79 | 2017-09-25 15:16:27 +0300 | [diff] [blame] | 43 | - export TERM=linux |
| 44 | - export LANG=C |
| Tatyana Leontovich | 4885f79 | 2017-09-25 15:16:27 +0300 | [diff] [blame] | 45 | |
| Tatyana Leontovich | 4885f79 | 2017-09-25 15:16:27 +0300 | [diff] [blame] | 46 | |
| 47 | # Create swap |
| 48 | - fallocate -l 4G /swapfile |
| 49 | - chmod 600 /swapfile |
| 50 | - mkswap /swapfile |
| 51 | - swapon /swapfile |
| 52 | - echo "/swapfile none swap defaults 0 0" >> /etc/fstab |
| 53 | |
| 54 | |
| 55 | ############## Cloud repo01 node ################## |
| Tatyana Leontovich | 4885f79 | 2017-09-25 15:16:27 +0300 | [diff] [blame] | 56 | - which wget >/dev/null || (apt-get update; apt-get install -y wget); |
| Tatyana Leontovich | 4885f79 | 2017-09-25 15:16:27 +0300 | [diff] [blame] | 57 | - echo "deb [arch=amd64] http://apt.mirantis.com/xenial {{ REPOSITORY_SUITE }} salt extra" > /etc/apt/sources.list.d/mcp_salt.list; |
| 58 | - wget -O - http://apt.mirantis.com/public.gpg | apt-key add -; |
| Tatyana Leontovich | 14e201d | 2018-07-05 13:28:54 +0300 | [diff] [blame] | 59 | - echo "deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2017.7 xenial main" > /etc/apt/sources.list.d/saltstack.list; |
| 60 | - wget -O - https://repo.saltstack.com/apt/ubuntu/16.04/amd64/2017.7/SALTSTACK-GPG-KEY.pub | apt-key add -; |
| Tatyana Leontovich | 4885f79 | 2017-09-25 15:16:27 +0300 | [diff] [blame] | 61 | |
| 62 | - eatmydata apt-get clean && apt-get update |
| 63 | |
| 64 | # Install common packages |
| 65 | - eatmydata apt-get install -y salt-minion python-pip git curl tmux byobu iputils-ping traceroute htop tree; |
| Tatyana Leontovich | ecd491d | 2017-09-13 13:51:12 +0300 | [diff] [blame] | 66 | - openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=gerrit.mcp.mirantis.local.test" -keyout /root/ssl-nginx.key -out /root/ssl-nginx.crt; |
| Tatyana Leontovich | 4885f79 | 2017-09-25 15:16:27 +0300 | [diff] [blame] | 67 | - cd /tmp; |
| 68 | - git clone https://github.com/TatyankaLeontovich/salt-formula-nginx; |
| 69 | - git clone https://github.com/TatyankaLeontovich/salt-dnsmasq; |
| 70 | - git clone https://github.com/TatyankaLeontovich/underpillar; |
| 71 | - mkdir -p /srv/pillar/; |
| 72 | - mkdir -p /srv/salt; |
| 73 | - cd /srv/salt; |
| 74 | - ln -s /tmp/salt-formula-nginx/nginx; |
| 75 | - ln -s /tmp/salt-dnsmasq/dnsmasq; |
| 76 | - cp /tmp/underpillar/pillar/*.sls /srv/pillar/; |
| 77 | - cp /tmp/underpillar/states/*.sls /srv/salt/; |
| 78 | - cp /srv/pillar/top_localdns.sls /srv/pillar/top.sls; |
| 79 | - cp /srv/salt/top_localdns.sls /srv/salt/top.sls; |
| Tatyana Leontovich | d2996e5 | 2017-10-03 14:19:40 +0300 | [diff] [blame] | 80 | - find /srv/pillar/ -type f -exec sed -i "s/==LOCAL_DNS_IP==/${LOCAL_DNS_IP}/g" {} + |
| Dennis Dmitriev | 3fbbc7f | 2017-12-21 15:42:14 +0200 | [diff] [blame] | 81 | - find /srv/pillar/ -type f -exec sed -i "s/==HOST_APT==/{{ os_env('HOST_APT', 'apt.mirantis.com') }}/g" {} + |
| 82 | - find /srv/pillar/ -type f -exec sed -i "s/==HOST_SALTSTACK==/{{ os_env('HOST_SALTSTACK', 'repo.saltstack.com') }}/g" {} + |
| 83 | - find /srv/pillar/ -type f -exec sed -i "s/==HOST_ARCHIVE_UBUNTU==/{{ os_env('HOST_ARCHIVE_UBUNTU', 'archive.ubuntu.com') }}/g" {} + |
| 84 | - find /srv/pillar/ -type f -exec sed -i "s/==HOST_MIRROR_MCP_MIRANTIS==/{{ os_env('HOST_MIRROR_MCP_MIRANTIS', 'mirror.mcp.mirantis.net') }}/g" {} + |
| 85 | - find /srv/pillar/ -type f -exec sed -i "s/==HOST_MIRROR_FUEL_INFRA==/{{ os_env('HOST_MIRROR_FUEL_INFRA', 'mirror.fuel-infra.org') }}/g" {} + |
| 86 | - find /srv/pillar/ -type f -exec sed -i "s/==HOST_PPA_LAUNCHPAD==/{{ os_env('HOST_PPA_LAUNCHPAD', 'ppa.launchpad.net') }}/g" {} + |
| Dennis Dmitriev | 0f27231 | 2018-10-01 13:29:40 +0300 | [diff] [blame] | 87 | - find /srv/pillar/ -type f -exec sed -i "s/==HOST_GERRIT_MCP_MIRANTIS==/{{ os_env('HOST_GERRIT_MCP_MIRANTIS', 'gerrit.mcp.mirantis.com') }}/g" {} + |
| Tatyana Leontovich | 4885f79 | 2017-09-25 15:16:27 +0300 | [diff] [blame] | 88 | - salt-call --local --state-output=mixed state.sls dnsmasq; |
| 89 | - salt-call --local --state-output=mixed state.sls nginx; |
| 90 | ######################################################## |
| 91 | # Node is ready, allow SSH access |
| 92 | - echo "Allow SSH access ..." |
| 93 | - sudo iptables -D INPUT -p tcp --dport 22 -j DROP |
| 94 | ######################################################## |
| 95 | |
| 96 | write_files: |
| 97 | - path: /etc/network/interfaces |
| 98 | content: | |
| 99 | auto ens3 |
| 100 | iface ens3 inet dhcp |
| 101 | auto ens4 |
| 102 | iface ens4 inet dhcp |
| Tatyana Leontovich | ecd491d | 2017-09-13 13:51:12 +0300 | [diff] [blame] | 103 | auto ens5 |
| 104 | iface ens5 inet dhcp |
| 105 | auto ens6 |
| 106 | iface ens6 inet dhcp |
| Tatyana Leontovich | 4885f79 | 2017-09-25 15:16:27 +0300 | [diff] [blame] | 107 | |
| 108 | - path: /root/.ssh/config |
| 109 | owner: root:root |
| 110 | permissions: '0600' |
| 111 | content: | |
| 112 | Host * |
| 113 | ServerAliveInterval 300 |
| 114 | ServerAliveCountMax 10 |
| 115 | StrictHostKeyChecking no |
| 116 | UserKnownHostsFile /dev/null |