blob: 69772acc06f9e9abb3e8c2d7781e9a274e0ecf2b [file] [log] [blame]
Dennis Dmitriev75776c52017-12-26 18:22:53 +02001| # All the data below will be stored as a string object
2 #cloud-config, see http://cloudinit.readthedocs.io/en/latest/topics/examples.html
3
4 ssh_pwauth: True
5 users:
6 - name: root
7 sudo: ALL=(ALL) NOPASSWD:ALL
8 shell: /bin/bash
9 ssh_authorized_keys:
10 {% for key in config.underlay.ssh_keys %}
11 - ssh-rsa {{ key['public'] }}
12 {% endfor %}
13
14 disable_root: false
15 chpasswd:
16 list: |
17 root:r00tme
18 expire: False
19
20 bootcmd:
21 # Block access to SSH while node is preparing
22 - cloud-init-per once sudo iptables -A INPUT -p tcp --dport 22 -j DROP
23 # Enable root access
24 - sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin yes/' /etc/ssh/sshd_config
25 - service sshd restart
26 output:
27 all: '| tee -a /var/log/cloud-init-output.log /dev/tty0'
28
29 runcmd:
Dennis Dmitrieved3f4be2018-01-29 17:42:16 +020030 # Prepare network connection
31 - sudo ifup ens3
32 #- sudo route add default gw {gateway} {interface_name}
33 - sudo ifup ens4
34 - sudo ifup ens5
35 - sudo ifup ens6
36
Dennis Dmitriev75776c52017-12-26 18:22:53 +020037 - rm /etc/resolv.conf
38 - touch /etc/resolv.conf
39 - export LOCAL_DNS_IP=$(ifconfig ens3 | grep "inet addr" | cut -d ':' -f 2 | cut -d ' ' -f 1)
40 - echo "nameserver $LOCAL_DNS_IP" >> /etc/resolv.conf;
41 - echo "nameserver 172.18.208.44" >> /etc/resolv.conf;
Dennis Dmitrievd86ffa12018-03-15 22:07:51 +020042 - echo "supersede domain-name-servers $LOCAL_DNS_IP, 172.18.208.44" >> /etc/dhcp/dhclient.conf
Dennis Dmitriev75776c52017-12-26 18:22:53 +020043 - export TERM=linux
44 - export LANG=C
45
Dennis Dmitriev75776c52017-12-26 18:22:53 +020046 # Create swap
47 - fallocate -l 4G /swapfile
48 - chmod 600 /swapfile
49 - mkswap /swapfile
50 - swapon /swapfile
51 - echo "/swapfile none swap defaults 0 0" >> /etc/fstab
52
53
54 ############## Cloud repo01 node ##################
55 - which wget >/dev/null || (apt-get update; apt-get install -y wget);
56 - echo "deb [arch=amd64] http://apt.mirantis.com/xenial {{ REPOSITORY_SUITE }} salt extra" > /etc/apt/sources.list.d/mcp_salt.list;
57 - wget -O - http://apt.mirantis.com/public.gpg | apt-key add -;
Tatyana Leontovich4453dd62018-06-26 18:44:31 +030058 - echo "deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/{{ SALT_VERSION }} xenial main" > /etc/apt/sources.list.d/saltstack.list;
59 - wget -O - https://repo.saltstack.com/apt/ubuntu/16.04/amd64/{{ SALT_VERSION }}/SALTSTACK-GPG-KEY.pub | apt-key add -;
Dennis Dmitriev75776c52017-12-26 18:22:53 +020060
61 - eatmydata apt-get clean && apt-get update
62
63 # Install common packages
64 - eatmydata apt-get install -y salt-minion python-pip git curl tmux byobu iputils-ping traceroute htop tree ntp;
65 - openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=gerrit.mcp.mirantis.local.test" -keyout /root/ssl-nginx.key -out /root/ssl-nginx.crt;
66 - cd /tmp;
67 - git clone https://github.com/TatyankaLeontovich/salt-formula-nginx;
68 - git clone https://github.com/TatyankaLeontovich/salt-dnsmasq;
69 - git clone https://github.com/TatyankaLeontovich/underpillar;
70 - mkdir -p /srv/pillar/;
71 - mkdir -p /srv/salt;
72 - cd /srv/salt;
73 - ln -s /tmp/salt-formula-nginx/nginx;
74 - ln -s /tmp/salt-dnsmasq/dnsmasq;
75 - cp /tmp/underpillar/pillar/*.sls /srv/pillar/;
76 - cp /tmp/underpillar/states/*.sls /srv/salt/;
77 - cp /srv/pillar/top_localdns.sls /srv/pillar/top.sls;
78 - cp /srv/salt/top_localdns.sls /srv/salt/top.sls;
79 - find /srv/pillar/ -type f -exec sed -i "s/==LOCAL_DNS_IP==/${LOCAL_DNS_IP}/g" {} +
80 - find /srv/pillar/ -type f -exec sed -i "s/==HOST_APT==/{{ os_env('HOST_APT', 'apt.mirantis.com') }}/g" {} +
81 - find /srv/pillar/ -type f -exec sed -i "s/==HOST_SALTSTACK==/{{ os_env('HOST_SALTSTACK', 'repo.saltstack.com') }}/g" {} +
82 - find /srv/pillar/ -type f -exec sed -i "s/==HOST_ARCHIVE_UBUNTU==/{{ os_env('HOST_ARCHIVE_UBUNTU', 'archive.ubuntu.com') }}/g" {} +
83 - find /srv/pillar/ -type f -exec sed -i "s/==HOST_MIRROR_MCP_MIRANTIS==/{{ os_env('HOST_MIRROR_MCP_MIRANTIS', 'mirror.mcp.mirantis.net') }}/g" {} +
84 - find /srv/pillar/ -type f -exec sed -i "s/==HOST_MIRROR_FUEL_INFRA==/{{ os_env('HOST_MIRROR_FUEL_INFRA', 'mirror.fuel-infra.org') }}/g" {} +
85 - find /srv/pillar/ -type f -exec sed -i "s/==HOST_PPA_LAUNCHPAD==/{{ os_env('HOST_PPA_LAUNCHPAD', 'ppa.launchpad.net') }}/g" {} +
86 - find /srv/pillar/ -type f -exec sed -i "s/==HOST_GERRIT_MCP_MIRANTIS==/{{ os_env('HOST_GERRIT_MCP_MIRANTIS', 'gerrit.mcp.mirantis.net') }}/g" {} +
87 - salt-call --local --state-output=mixed state.sls dnsmasq;
88 - salt-call --local --state-output=mixed state.sls nginx;
89 ########################################################
90 # Node is ready, allow SSH access
91 - echo "Allow SSH access ..."
92 - sudo iptables -D INPUT -p tcp --dport 22 -j DROP
93 ########################################################
94
95 write_files:
96 - path: /etc/network/interfaces
97 content: |
98 auto ens3
99 iface ens3 inet dhcp
100 auto ens4
101 iface ens4 inet dhcp
102 auto ens5
103 iface ens5 inet dhcp
104 auto ens6
105 iface ens6 inet dhcp
106
107 - path: /root/.ssh/config
108 owner: root:root
109 permissions: '0600'
110 content: |
111 Host *
112 ServerAliveInterval 300
113 ServerAliveCountMax 10
114 StrictHostKeyChecking no
115 UserKnownHostsFile /dev/null