summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Farrellee <matt@redhat.com>2013-07-10 14:14:50 -0400
committerMatthew Farrellee <matt@redhat.com>2013-07-12 07:53:24 -0400
commit0092ac37dfb00cc344eed64e3f2ae424475a7303 (patch)
treea79b9992b96427255b86486b8674cae2dc9af73e
parent4cd9ca4df83eace888e8ad627a37a2f605e08a14 (diff)
Use augeas instead of echo / sed to edit ssh/sshd configuration
Notes
Notes (review): Verified+2: Jenkins Approved+1: Sergey Lukjanov <slukjanov@mirantis.com> Code-Review+2: Sergey Lukjanov <slukjanov@mirantis.com> Code-Review+2: Alexander Ignatov <aignatov@mirantis.com> Code-Review+1: Ivan Berezovskiy <iberezovskiy@mirantis.com> Submitted-by: Jenkins Submitted-at: Mon, 15 Jul 2013 14:46:50 +0000 Reviewed-on: https://review.openstack.org/36519 Project: stackforge/savanna-extra Branch: refs/heads/master
-rwxr-xr-xelements/hadoop_fedora/post-install.d/12-setup-hadoop2
-rwxr-xr-xelements/hadoop_fedora/post-install.d/13-connection-setup37
2 files changed, 23 insertions, 16 deletions
diff --git a/elements/hadoop_fedora/post-install.d/12-setup-hadoop b/elements/hadoop_fedora/post-install.d/12-setup-hadoop
index 62ef2c5..b0f80d1 100755
--- a/elements/hadoop_fedora/post-install.d/12-setup-hadoop
+++ b/elements/hadoop_fedora/post-install.d/12-setup-hadoop
@@ -2,7 +2,7 @@
2echo "Hadoop setup begins" 2echo "Hadoop setup begins"
3tmp_dir=/tmp/hadoop 3tmp_dir=/tmp/hadoop
4 4
5install-packages openssh-server wget 5install-packages wget
6echo "Creating hadoop user & group" 6echo "Creating hadoop user & group"
7adduser -G adm,wheel hadoop 7adduser -G adm,wheel hadoop
8 8
diff --git a/elements/hadoop_fedora/post-install.d/13-connection-setup b/elements/hadoop_fedora/post-install.d/13-connection-setup
index af0af49..8f02245 100755
--- a/elements/hadoop_fedora/post-install.d/13-connection-setup
+++ b/elements/hadoop_fedora/post-install.d/13-connection-setup
@@ -1,21 +1,28 @@
1#!/bin/bash 1#!/bin/bash
2
2echo "Adjusting ssh configuration" 3echo "Adjusting ssh configuration"
3 4
4sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config 5# /etc/ssh/sshd_config is provided by openssh-server
5echo "UseDNS no" >> /etc/ssh/sshd_config 6# /etc/ssh/ssh_config is provided by openssh-clients
6echo "PermitTunnel yes" >> /etc/ssh/sshd_config 7# Note0: augtool is provided by augeas-tools on Ubuntu
7echo "SyslogFacility AUTH" >> /etc/ssh/sshd_config 8# Note1: augtool on Ubuntu does not auto-save, pass -s
8echo "PermitRootLogin yes" >> /etc/ssh/sshd_config 9install-packages augeas openssh-server openssh-clients
9echo "StrictModes yes" >> /etc/ssh/sshd_config 10
10echo "RSAAuthentication yes" >> /etc/ssh/sshd_config 11augtool set /files/etc/ssh/sshd_config/PasswordAuthentication yes
11echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config 12augtool set /files/etc/ssh/sshd_config/UseDNS no
12echo "IgnoreRhosts yes" >> /etc/ssh/sshd_config 13augtool set /files/etc/ssh/sshd_config/PermitTunnel yes
14augtool set /files/etc/ssh/sshd_config/SyslogFacility AUTH
15augtool set /files/etc/ssh/sshd_config/PermitRootLogin yes
16augtool set /files/etc/ssh/sshd_config/StrictModes yes
17augtool set /files/etc/ssh/sshd_config/RSAAuthentication yes
18augtool set /files/etc/ssh/sshd_config/PubkeyAuthentication yes
19augtool set /files/etc/ssh/sshd_config/IgnoreRhosts yes
13 20
14echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config 21augtool set /files/etc/ssh/ssh_config/Host/StrictHostKeyChecking no
15echo "GSSAPIDelegateCredentials no" >> /etc/ssh/ssh_config 22augtool set /files/etc/ssh/ssh_config/Host/GSSAPIDelegateCredentials no
16sed -i 's/ GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/ssh_config 23augtool set /files/etc/ssh/ssh_config/Host/GSSAPIAuthentication no
17 24
25# No known augeas lense for cloud-init config
18sed -i 's/ssh_pwauth: 0/ssh_pwauth: 1/' /etc/cloud/cloud.cfg 26sed -i 's/ssh_pwauth: 0/ssh_pwauth: 1/' /etc/cloud/cloud.cfg
19chmod 640 /etc/sudoers 27
20sed -i 's/Defaults requiretty/#Defaults requiretty/' /etc/sudoers 28augtool clear /files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate
21chmod 0440 /etc/sudoers