Improve cloud-init templates
* fill files for CentOS Partially implements: blueprint image-based-provisioning Change-Id: I794319b0fcdcdfd81fbe2f290faa6a0cb171c7fc
This commit is contained in:
parent
a6d5da023d
commit
7a6909f074
|
@ -0,0 +1,100 @@
|
|||
#cloud-boothook
|
||||
#!/bin/bash
|
||||
|
||||
function add_str_to_file_if_not_exists {
|
||||
file=$1
|
||||
str=$2
|
||||
val=$3
|
||||
if ! grep -q "^ *${str}" $file; then
|
||||
echo $val >> $file
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
cloud-init-per instance disable_selinux_on_the_fly setenforce 0
|
||||
|
||||
cloud-init-per instance disable_selinux sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/sysconfig/selinux
|
||||
|
||||
|
||||
# configure udev rules
|
||||
|
||||
# udev persistent net
|
||||
cloud-init-per instance udev_persistent_net1 service network stop
|
||||
|
||||
DEFAULT_GW={{ common.master_ip }}
|
||||
ADMIN_MAC={{ common.admin_mac }}
|
||||
ADMIN_IF=$(echo {{ common.udevrules }} | sed 's/[,=]/\n/g' | grep "$ADMIN_MAC" | cut -d_ -f2 | head -1)
|
||||
INSTALL_IF=$(ifconfig | grep "$ADMIN_MAC" | head -1 | cut -d' ' -f1)
|
||||
NETADDR=( $(ifconfig $INSTALL_IF | grep -oP "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}") )
|
||||
if [ ! -z "$(grep $ADMIN_IF /etc/sysconfig/network-scripts/ifcfg-$ADMIN_IF | grep dhcp)" ] ; then
|
||||
echo -e "# FROM COBBLER SNIPPET\nDEVICE=$ADMIN_IF\nIPADDR=${NETADDR[0]}\nNETMASK=${NETADDR[2]}\nBOOTPROTO=none\nONBOOT=yes\nUSERCTL=no\n" > /etc/sysconfig/network-scripts/ifcfg-"$ADMIN_IF"
|
||||
fi
|
||||
|
||||
cloud-init-per instance set_gateway echo GATEWAY="$DEFAULT_GW" | tee -a /etc/sysconfig/network
|
||||
|
||||
#Add static udev rules
|
||||
cloud-init-per instance udev_persistent_net2 echo {{ common.udevrules }} | tr ' ' '\n' | grep udevrules | tr '[:upper:]' '[:lower:]' | sed -e 's/udevrules=//g' -e 's/,/\n/g' | sed -e "s/^/SUBSYSTEM==\"net\",\ ACTION==\"add\",\ DRIVERS==\"?*\",\ ATTR{address}==\"/g" -e "s/_/\",\ ATTR{type}==\"1\",\ KERNEL==\"eth*\",\ NAME=\"/g" -e "s/$/\"/g" | tee /etc/udev/rules.d/70-persistent-net.rules
|
||||
|
||||
cloud-init-per instance udev_persistent_net3 udevadm control --reload-rules
|
||||
cloud-init-per instance udev_persistent_net4 udevadm trigger --attr-match=subsystem=net
|
||||
cloud-init-per instance udev_persistent_net5 service network start
|
||||
|
||||
# end of udev
|
||||
|
||||
# configure black module lists
|
||||
# virt-what should be installed
|
||||
if [ ! -f /etc/modprobe.d/blacklist-i2c_piix4.conf ]; then
|
||||
([[ $(virt-what) = "virtualbox" ]] && echo "blacklist i2c_piix4" >> /etc/modprobe.d/blacklist-i2c_piix4.conf || :)
|
||||
modprobe -r i2c_piix4
|
||||
fi
|
||||
|
||||
cloud-init-per instance conntrack_ipv4 echo nf_conntrack_ipv4 | tee -a /etc/rc.modules
|
||||
cloud-init-per instance conntrack_ipv6 echo nf_conntrack_ipv6 | tee -a /etc/rc.modules
|
||||
cloud-init-per instance chmod_rc_modules chmod +x /etc/rc.modules
|
||||
cloud-init-per instance conntrack_max echo "net.nf_conntrack_max=1048576" | tee -a /etc/sysctl.conf
|
||||
|
||||
cloud-init-per instance conntrack_ipv4_load modprobe nf_conntrack_ipv4
|
||||
cloud-init-per instance conntrack_ipv6_load modprobe nf_conntrack_ipv6
|
||||
cloud-init-per instance conntrack_max_set sysctl -w "net.nf_conntrack_max=1048576"
|
||||
|
||||
cloud-init-per instance mkdir_coredump mkdir -p /var/log/coredump
|
||||
cloud-init-per instance set_coredump echo -e "kernel.core_pattern=/var/log/coredump/core.%e.%p.%h.%t" | tee -a /etc/sysctl.conf
|
||||
cloud-init-per instance set_chmod chmod 777 /var/log/coredump
|
||||
cloud-init-per instance set_limits echo -e "* soft core unlimited\n* hard core unlimited" | tee -a /etc/security/limits.conf
|
||||
|
||||
|
||||
#NOTE: disabled for centos?
|
||||
#cloud-init-per instance dhclient echo 'supersede routers 0;' | tee /etc/dhcp/dhclient.conf
|
||||
|
||||
# ntp sync
|
||||
cloud-init-per instance service ntp stop | tee /dev/null
|
||||
cloud-init-per instance sync_date ntpdate -t 4 -b {{ common.master_ip }}
|
||||
cloud-init-per instance sync_hwclock hwclock --systohc
|
||||
|
||||
cloud-init-per instance edit_ntp_conf1 sed -i '/^\s*tinker panic/ d' /etc/ntp.conf
|
||||
cloud-init-per instance edit_ntp_conf2 sed -i '1 i tinker panic 0' /etc/ntp.conf
|
||||
cloud-init-per instance edit_ntp_conf3 echo 0 > /var/lib/ntp/drift
|
||||
cloud-init-per instance edit_ntp_conf_0 chown ntp: /var/lib/ntp/drift
|
||||
cloud-init-per instance edit_ntp_conf3 sed -i '/^\s*server/ d' /etc/ntp.conf
|
||||
cloud-init-per instance edit_ntp_conf4 echo "server {{ common.master_ip }} burst iburst" | tee -a /etc/ntp.conf
|
||||
|
||||
|
||||
# Point installed ntpd to Master node
|
||||
cloud-init-per instance set_ntpdate sed -i 's/SYNC_HWCLOCK\s*=\s*no/SYNC_HWCLOCK=yes/' /etc/sysconfig/ntpdate
|
||||
cloud-init-per instance set_ntpd_0 chkconfig ntpd on
|
||||
cloud-init-per instance set_ntpd_1 chkconfig ntpdate on
|
||||
|
||||
cloud-init-per instance removeUseDNS sed -i --follow-symlinks -e '/UseDNS/d' /etc/ssh/sshd_config
|
||||
add_str_to_file_if_not_exists /etc/ssh/sshd_config 'UseDNS' 'UseDNS no'
|
||||
|
||||
cloud-init-per instance gssapi_disable sed -i -e "/^\s*GSSAPICleanupCredentials yes/d" -e "/^\s*GSSAPIAuthentication yes/d" /etc/ssh/sshd_config
|
||||
|
||||
cloud-init-per instance nailgun_agent echo 'flock -w 0 -o /var/lock/agent.lock -c "/opt/nailgun/bin/agent >> /var/log/nailgun-agent.log 2>&1"' | tee /etc/rc.local
|
||||
|
||||
# Copying default bash settings to the root directory
|
||||
cloud-init-per instance skel_bash cp -f /etc/skel/.bash* /root/
|
||||
|
||||
cloud-init-per instance hiera_puppet mkdir -p /etc/puppet /var/lib/hiera
|
||||
cloud-init-per instance touch_puppet touch /var/lib/hiera/common.yaml /etc/puppet/hiera.yaml
|
||||
|
||||
cloud-init-per instance clean_repos find /etc/yum.repos.d/. -name '*.repo' -delete
|
|
@ -0,0 +1,105 @@
|
|||
#cloud-config
|
||||
disable_ec2_metadata: true
|
||||
disable_root: false
|
||||
|
||||
ssh_authorized_keys:
|
||||
- {{ common.ssh_auth_key }}
|
||||
|
||||
# set the locale to a given locale
|
||||
# default: en_US.UTF-8
|
||||
locale: en_US.UTF-8
|
||||
|
||||
timezone: {{ common.timezone }}
|
||||
|
||||
hostname: {{ common.hostname }}
|
||||
fqdn: {{ common.fqdn }}
|
||||
|
||||
# TODO(kozhukalov) name_servers is set as "1.2.3.4,1.2.3.5"
|
||||
resolv_conf:
|
||||
nameservers: [ {{ common.name_servers }} ]
|
||||
searchdomains:
|
||||
- {{ common.search_domain }}
|
||||
# domain: {{ domain }}
|
||||
# options:
|
||||
# rotate: true
|
||||
# timeout: 1
|
||||
|
||||
|
||||
# add entries to rsyslog configuration
|
||||
rsyslog:
|
||||
- filename: 10-log2master.conf
|
||||
content: |
|
||||
$template LogToMaster, "<%%PRI%>1 %$NOW%T%TIMESTAMP:8:$%Z %HOSTNAME% %APP-NAME% %PROCID% %MSGID% -%msg%\n"
|
||||
*.* @{{ common.master_ip }};LogToMaster
|
||||
|
||||
|
||||
#TODO(agordeev):
|
||||
#mounts: fill /etc/fstab
|
||||
|
||||
|
||||
runcmd:
|
||||
- sed -i /etc/rc.d/init.d/mcollective -e 's/\(# chkconfig:\s\+[-0-6]\+\) [0-9]\+ \([0-9]\+\)/\1 81 \2/'
|
||||
- /sbin/chkconfig mcollective on
|
||||
|
||||
|
||||
# that module's missing in 0.6.3, but existent for >= 0.7.3
|
||||
write_files:
|
||||
- content: |
|
||||
---
|
||||
url: {{ common.master_url }}
|
||||
path: /etc/nailgun-agent/config.yaml
|
||||
- content: target
|
||||
path: /etc/nailgun_systemtype
|
||||
|
||||
|
||||
yum_repos:
|
||||
{% for repo in common.ks_repos %}
|
||||
{{ repo.name }}:
|
||||
baseurl: {{ repo.url }}
|
||||
enabled: true
|
||||
gpgcheck: false
|
||||
{% endfor %}
|
||||
|
||||
|
||||
mcollective:
|
||||
conf:
|
||||
main_collective: mcollective
|
||||
collectives: mcollective
|
||||
libdir: /usr/share/mcollective/plugins
|
||||
logfile: /var/log/mcollective.log
|
||||
loglevel: debug
|
||||
daemonize: 1
|
||||
#NOTE: direct_addressing is 1 for ubuntu
|
||||
direct_addressing: 1
|
||||
ttl: 4294957
|
||||
securityprovider: psk
|
||||
plugin.psk: {{ mcollective.pskey }}
|
||||
connector: {{ mcollective.connector }}
|
||||
plugin.rabbitmq.vhost: {{ mcollective.vhost }}
|
||||
plugin.rabbitmq.pool.size: 1
|
||||
plugin.rabbitmq.pool.1.host: {{ mcollective.host }}
|
||||
plugin.rabbitmq.pool.1.port: {{ mcollective.port|default(61613) }}
|
||||
plugin.rabbitmq.pool.1.user: {{ mcollective.user }}
|
||||
plugin.rabbitmq.pool.1.password: {{ mcollective.password }}
|
||||
plugin.rabbitmq.heartbeat_interval: 30
|
||||
factsource: yaml
|
||||
plugin.yaml: /etc/mcollective/facts.yaml
|
||||
|
||||
|
||||
puppet:
|
||||
conf:
|
||||
main:
|
||||
logdir: /var/log/puppet
|
||||
rundir: /var/run/puppet
|
||||
ssldir: $vardir/ssl
|
||||
pluginsync: true
|
||||
agent:
|
||||
classfile: $vardir/classes.txt
|
||||
localconfig: $vardir/localconfig
|
||||
server: {{ puppet.master }}
|
||||
report: false
|
||||
configtimeout: 600
|
||||
|
||||
|
||||
final_message: "YAY! The system is finally up, after $UPTIME seconds"
|
||||
|
|
@ -33,6 +33,9 @@ rsyslog:
|
|||
*.* @{{ common.master_ip }};LogToMaster
|
||||
|
||||
|
||||
#TODO(agordeev):
|
||||
#mounts: fill /etc/fstab
|
||||
|
||||
# that module's missing in 0.6.3, but existent for >= 0.7.3
|
||||
write_files:
|
||||
- content: |
|
||||
|
|
Loading…
Reference in New Issue