Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #cloud-config
- hostname: <shortname_host_provisionned>
- fqdn: <fqdn_host_provisionned>
- manage_etc_hosts: true
- identity:
- LinuxPrep:
- domain: <my_domain>
- hostName: <shortname_host_provisionned>
- hwClockUTC: true
- timeZone: Europe/Berlin
- globalIPSettings:
- dnsSuffixList:
- - <my_domain>
- dnsServerList:
- - <dns_server>
- nicSettingMap:
- - adapter:
- dnsDomain: <my_domain>
- dnsServerList:
- - <dns_server>
- ip: <ipaddress>
- subnetMask: <netmask>
- gateway:
- - <gateway>
- ssh_pwauth: true
- groups:
- - admin
- users:
- - default
- - name: infra
- primary-group: admin
- groups: users
- shell: /bin/bash
- sudo: ['ALL=(ALL) ALL']
- lock-passwd: false
- passwd:
- runcmd:
- - |
- # SSH keys setup snippet for Remote Execution plugin
- #
- # Parameters:
- #
- # remote_execution_ssh_keys: public keys to be put in ~/.ssh/authorized_keys
- #
- # remote_execution_ssh_user: user for which remote_execution_ssh_keys will be
- # authorized
- #
- # remote_execution_create_user: create user if it not already existing
- #
- # remote_execution_effective_user_method: method to switch from ssh user to
- # effective user
- #
- # This template sets up SSH keys in any host so that as long as your public
- # SSH key is in remote_execution_ssh_keys, you can SSH into a host. This only
- # works in combination with Remote Execution plugin.
- # The Remote Execution plugin queries smart proxies to build the
- # remote_execution_ssh_keys array which is then made available to this template
- # via the host's parameters. There is currently no way of supplying this
- # parameter manually.
- # See http://projects.theforeman.org/issues/16107 for details.
- user_exists=false
- getent passwd infra >/dev/null 2>&1 && user_exists=true
- if $user_exists; then
- mkdir -p ~infra/.ssh
- cat << EOF >> ~infra/.ssh/authorized_keys
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTW6ISv80g/lgk31eNEdGYfZyo5l3xj0X/feg+T7s4p4S+Xw7LLKO8HjciARQo1A5ur89X4TqGLmv4wcibIrEauDp/t7bXOrA7h+xID7UTo7baubhd5i3NzQaQVlF//kcV+2MoD7ZclsqMtmsAIF71QKW8dNvtU5u/JaiFMF9maNOmOEsEFc8BoFmPQ+kL/ZWqQ4XW+rtnlsXwLbdHqytCB51t/6jktih3NiCOd6eKpqPOf4TyO8OHM5g1qhfDUrnl5T58j9rJjO1xnO9GnnBzj6GCVc9qW3vhLojCRBPUSPAMGboUkrZlatkG6jzPsWX1pHpDBCQ1CzlPnA5jY7aJ foreman-proxy@s201lfaforeman1
- EOF
- chmod 0700 ~infra/.ssh
- chmod 0600 ~infra/.ssh/authorized_keys
- chown -R infra: ~infra/.ssh
- # Restore SELinux context with restorecon, if it's available:
- command -v restorecon && restorecon -RvF ~infra/.ssh || true
- echo "infra ALL = (root) NOPASSWD : ALL
- Defaults:infra !requiretty" > /etc/sudoers.d/infra
- else
- echo 'The remote_execution_ssh_user does not exist and remote_execution_create_user is not set to true. remote_execution_ssh_keys snippet will not install keys'
- fi
- - |
- # Red Hat Registration Snippet
- #
- # Set these parameters if you're using rhnreg_ks:
- #
- # spacewalk_type = 'site' (local Spacewalk/Satellite server)
- # = 'hosted' (RHN hosted)
- # spacewalk_host = <hostname> (hostname of Spacewalk server, optional for
- # RHN hosted)
- #
- # Set these parameters if you're using subscription-manager:
- #
- # subscription_manager = 'true' (you're going to use subscription-manager)
- #
- # subscription_manager_username = <username> (if using hosted RHN)
- #
- # subscription_manager_password = <password> (if using hosted RHN)
- #
- # subscription_manager_certpkg_url = <url> (url of cert package when using
- # when using foreman with katello
- # for example:
- # http://fqdn/pub
- # /katello-ca-consumer-latest.noarch.rpm)
- #
- # subscription_manager_host = <hostname> (deprecated for
- # subscription_manager_certpkg_url:
- # hostname of SAM/Katello
- # installation, if using SAM.
- # hostname is used to determine the
- # consumer cert url.)
- #
- # subscription_manager_org = <org name> (organization name, if using
- # SAM/Katello)
- #
- # subscription_manager_repos = <repos> (comma separated list of repos (like
- # rhel-6-server-optional-rpms) to
- # enable after registration)
- #
- # subscription_manager_pool = <pool> (specific pool to be used for
- # registration)
- #
- # http-proxy = <host> (proxy hostname to be used for registration)
- #
- # http-proxy-port = <port> (proxy port to be used for registration)
- #
- # http-proxy-user = <user> (proxy user to be used for registration)
- #
- # http-proxy-password = <password> (proxy password to be
- # used for registration)
- #
- #
- # Set this parameter regardless of which registration method you're using:
- #
- # activation_key = <key> (activation key string, not needed if using
- # subscription-manager with hosted RHN)
- #
- # Discovered Activation Key 1-9d278e0d1b9658baca6f55debdb35edc
- rhn_activation_key="1-9d278e0d1b9658baca6f55debdb35edc"
- rm -rf /etc/sysconfig/rhn/systemid
- satellite_hostname="<my_spacewalk_server>"
- rhn_cert_file="RHN-ORG-TRUSTED-SSL-CERT"
- echo "Registering to RHN Satellite at [$satellite_hostname]"
- echo "Using Registration Key [$rhn_activation_key]"
- # Obtain our RHN Satellite Certificate
- echo "Obtaining RHN SSL certificate"
- curl -o /usr/share/rhn/$rhn_cert_file -k https://$satellite_hostname/pub/$rhn_cert_file
- # Update our up2date configuration file
- echo "Updating SSL CA Certificate to /usr/share/rhn/$rhn_cert_file"
- sed -i -e "s|^sslCACert=.*$|sslCACert=/usr/share/rhn/$rhn_cert_file|" /etc/sysconfig/rhn/up2date
- # Update our Satellite Hostname
- echo "Updating Satellite Hostname to [$satellite_hostname]"
- sed -i -e "s|^serverURL=.*$|serverURL=https://$satellite_hostname/XMLRPC|" /etc/sysconfig/rhn/up2date
- sed -i -e "s|^noSSLServerURL=.*$|noSSLServerURL=https://$satellite_hostname/XMLRPC|" /etc/sysconfig/rhn/up2date
- # Restart messagebus/HAL to try and prevent hardware detection errors in rhnreg_ks
- echo "Restarting services..."
- service messagebus restart
- service hald restart
- # Now, perform our registration
- # (might get hardware errors here, due to dbus/messagebus lameness. These are safe to ignore.)
- echo -n "Performing RHN Registration... to <my_spacewalk_server>"
- rhnreg_ks --serverUrl=https://<my_spacewalk_server>/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=$rhn_activation_key
- echo "done."
- # Check we registered
- echo -n "Checking System Registration... "
- if ! rhn_check; then
- echo "FAILED"
- echo " >> RHN Registration FAILED. Please Investigate. <<"
- else
- echo "registration successful."
- fi
- # End Red Hat Registration Snippet
- - |
- - |
- if [ -f /usr/bin/dnf ]; then
- dnf -y install puppet
- else
- yum -t -y install puppet
- fi
- cat > /etc/puppet/puppet.conf << EOF
- [main]
- vardir = /var/lib/puppet
- logdir = /var/log/puppet
- rundir = /var/run/puppet
- ssldir = \$vardir/ssl
- [agent]
- pluginsync = true
- report = true
- ignoreschedules = true
- ca_server = <my_ca_server>
- certname = <fqdn_host_provisionned>
- environment = devqualif
- server = <my_ca_server>
- stringify_facts = false
- runinterval = 180
- EOF
- puppet_unit=puppet
- /usr/bin/systemctl list-unit-files | grep -q puppetagent && puppet_unit=puppetagent
- /usr/bin/systemctl enable ${puppet_unit}
- /sbin/chkconfig --level 345 puppet on
- # export a custom fact called 'is_installer' to allow detection of the installer environment in Puppet modules
- export FACTER_is_installer=true
- # passing a non-existent tag like "no_such_tag" to the puppet agent only initializes the node
- /usr/bin/puppet agent --config /etc/puppet/puppet.conf --onetime --tags no_such_tag --server s201lfaforeman1.production-real.fr --no-daemonize
- phone_home:
- url: http://<my_ca_server>/unattended/built?token=7a2aaca9-1df6-476e-ab8b-0d605a1aade1
- post: []
- tries: 10
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement