API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 25th, 2017
315
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.88 KB | None | 0 0
raw download clone embed print report
  1. #cloud-config
  2. hostname: <shortname_host_provisionned>
  3. fqdn: <fqdn_host_provisionned>
  4. manage_etc_hosts: true
  5.  
  6.  
  7. identity:
  8. LinuxPrep:
  9. domain: <my_domain>
  10. hostName: <shortname_host_provisionned>
  11. hwClockUTC: true
  12. timeZone: Europe/Berlin
  13.  
  14. globalIPSettings:
  15. dnsSuffixList:
  16. - <my_domain>
  17. dnsServerList:
  18. - <dns_server>
  19.  
  20. nicSettingMap:
  21.  
  22. - adapter:
  23. dnsDomain: <my_domain>
  24. dnsServerList:
  25. - <dns_server>
  26. ip: <ipaddress>
  27. subnetMask: <netmask>
  28. gateway:
  29. - <gateway>
  30.  
  31.  
  32. ssh_pwauth: true
  33. groups:
  34. - admin
  35. users:
  36. - default
  37. - name: infra
  38. primary-group: admin
  39. groups: users
  40. shell: /bin/bash
  41. sudo: ['ALL=(ALL) ALL']
  42. lock-passwd: false
  43. passwd:
  44.  
  45.  
  46. runcmd:
  47. - |
  48.  
  49. # SSH keys setup snippet for Remote Execution plugin
  50. #
  51. # Parameters:
  52. #
  53. # remote_execution_ssh_keys: public keys to be put in ~/.ssh/authorized_keys
  54. #
  55. # remote_execution_ssh_user: user for which remote_execution_ssh_keys will be
  56. # authorized
  57. #
  58. # remote_execution_create_user: create user if it not already existing
  59. #
  60. # remote_execution_effective_user_method: method to switch from ssh user to
  61. # effective user
  62. #
  63. # This template sets up SSH keys in any host so that as long as your public
  64. # SSH key is in remote_execution_ssh_keys, you can SSH into a host. This only
  65. # works in combination with Remote Execution plugin.
  66.  
  67. # The Remote Execution plugin queries smart proxies to build the
  68. # remote_execution_ssh_keys array which is then made available to this template
  69. # via the host's parameters. There is currently no way of supplying this
  70. # parameter manually.
  71. # See http://projects.theforeman.org/issues/16107 for details.
  72.  
  73.  
  74.  
  75.  
  76. user_exists=false
  77. getent passwd infra >/dev/null 2>&1 && user_exists=true
  78.  
  79.  
  80. if $user_exists; then
  81.  
  82.  
  83. mkdir -p ~infra/.ssh
  84.  
  85. cat << EOF >> ~infra/.ssh/authorized_keys
  86. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTW6ISv80g/lgk31eNEdGYfZyo5l3xj0X/feg+T7s4p4S+Xw7LLKO8HjciARQo1A5ur89X4TqGLmv4wcibIrEauDp/t7bXOrA7h+xID7UTo7baubhd5i3NzQaQVlF//kcV+2MoD7ZclsqMtmsAIF71QKW8dNvtU5u/JaiFMF9maNOmOEsEFc8BoFmPQ+kL/ZWqQ4XW+rtnlsXwLbdHqytCB51t/6jktih3NiCOd6eKpqPOf4TyO8OHM5g1qhfDUrnl5T58j9rJjO1xnO9GnnBzj6GCVc9qW3vhLojCRBPUSPAMGboUkrZlatkG6jzPsWX1pHpDBCQ1CzlPnA5jY7aJ foreman-proxy@s201lfaforeman1
  87. EOF
  88.  
  89. chmod 0700 ~infra/.ssh
  90. chmod 0600 ~infra/.ssh/authorized_keys
  91. chown -R infra: ~infra/.ssh
  92.  
  93. # Restore SELinux context with restorecon, if it's available:
  94. command -v restorecon && restorecon -RvF ~infra/.ssh || true
  95.  
  96. echo "infra ALL = (root) NOPASSWD : ALL
  97. Defaults:infra !requiretty" > /etc/sudoers.d/infra
  98. else
  99. echo 'The remote_execution_ssh_user does not exist and remote_execution_create_user is not set to true. remote_execution_ssh_keys snippet will not install keys'
  100. fi
  101.  
  102.  
  103. - |
  104.  
  105. # Red Hat Registration Snippet
  106. #
  107. # Set these parameters if you're using rhnreg_ks:
  108. #
  109. # spacewalk_type = 'site' (local Spacewalk/Satellite server)
  110. # = 'hosted' (RHN hosted)
  111. # spacewalk_host = <hostname> (hostname of Spacewalk server, optional for
  112. # RHN hosted)
  113. #
  114. # Set these parameters if you're using subscription-manager:
  115. #
  116. # subscription_manager = 'true' (you're going to use subscription-manager)
  117. #
  118. # subscription_manager_username = <username> (if using hosted RHN)
  119. #
  120. # subscription_manager_password = <password> (if using hosted RHN)
  121. #
  122. # subscription_manager_certpkg_url = <url> (url of cert package when using
  123. # when using foreman with katello
  124. # for example:
  125. # http://fqdn/pub
  126. # /katello-ca-consumer-latest.noarch.rpm)
  127. #
  128. # subscription_manager_host = <hostname> (deprecated for
  129. # subscription_manager_certpkg_url:
  130. # hostname of SAM/Katello
  131. # installation, if using SAM.
  132. # hostname is used to determine the
  133. # consumer cert url.)
  134. #
  135. # subscription_manager_org = <org name> (organization name, if using
  136. # SAM/Katello)
  137. #
  138. # subscription_manager_repos = <repos> (comma separated list of repos (like
  139. # rhel-6-server-optional-rpms) to
  140. # enable after registration)
  141. #
  142. # subscription_manager_pool = <pool> (specific pool to be used for
  143. # registration)
  144. #
  145. # http-proxy = <host> (proxy hostname to be used for registration)
  146. #
  147. # http-proxy-port = <port> (proxy port to be used for registration)
  148. #
  149. # http-proxy-user = <user> (proxy user to be used for registration)
  150. #
  151. # http-proxy-password = <password> (proxy password to be
  152. # used for registration)
  153. #
  154. #
  155. # Set this parameter regardless of which registration method you're using:
  156. #
  157. # activation_key = <key> (activation key string, not needed if using
  158. # subscription-manager with hosted RHN)
  159. #
  160.  
  161.  
  162.  
  163.  
  164.  
  165. # Discovered Activation Key 1-9d278e0d1b9658baca6f55debdb35edc
  166. rhn_activation_key="1-9d278e0d1b9658baca6f55debdb35edc"
  167. rm -rf /etc/sysconfig/rhn/systemid
  168.  
  169. satellite_hostname="<my_spacewalk_server>"
  170. rhn_cert_file="RHN-ORG-TRUSTED-SSL-CERT"
  171.  
  172. echo "Registering to RHN Satellite at [$satellite_hostname]"
  173. echo "Using Registration Key [$rhn_activation_key]"
  174.  
  175. # Obtain our RHN Satellite Certificate
  176. echo "Obtaining RHN SSL certificate"
  177. curl -o /usr/share/rhn/$rhn_cert_file -k https://$satellite_hostname/pub/$rhn_cert_file
  178.  
  179. # Update our up2date configuration file
  180. echo "Updating SSL CA Certificate to /usr/share/rhn/$rhn_cert_file"
  181. sed -i -e "s|^sslCACert=.*$|sslCACert=/usr/share/rhn/$rhn_cert_file|" /etc/sysconfig/rhn/up2date
  182.  
  183. # Update our Satellite Hostname
  184. echo "Updating Satellite Hostname to [$satellite_hostname]"
  185. sed -i -e "s|^serverURL=.*$|serverURL=https://$satellite_hostname/XMLRPC|" /etc/sysconfig/rhn/up2date
  186. sed -i -e "s|^noSSLServerURL=.*$|noSSLServerURL=https://$satellite_hostname/XMLRPC|" /etc/sysconfig/rhn/up2date
  187.  
  188. # Restart messagebus/HAL to try and prevent hardware detection errors in rhnreg_ks
  189. echo "Restarting services..."
  190. service messagebus restart
  191. service hald restart
  192.  
  193. # Now, perform our registration
  194. # (might get hardware errors here, due to dbus/messagebus lameness. These are safe to ignore.)
  195. echo -n "Performing RHN Registration... to <my_spacewalk_server>"
  196. rhnreg_ks --serverUrl=https://<my_spacewalk_server>/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=$rhn_activation_key
  197. echo "done."
  198.  
  199. # Check we registered
  200. echo -n "Checking System Registration... "
  201. if ! rhn_check; then
  202. echo "FAILED"
  203. echo " >> RHN Registration FAILED. Please Investigate. <<"
  204. else
  205. echo "registration successful."
  206. fi
  207.  
  208.  
  209. # End Red Hat Registration Snippet
  210.  
  211. - |
  212.  
  213. - |
  214.  
  215.  
  216.  
  217. if [ -f /usr/bin/dnf ]; then
  218. dnf -y install puppet
  219. else
  220. yum -t -y install puppet
  221. fi
  222.  
  223. cat > /etc/puppet/puppet.conf << EOF
  224.  
  225.  
  226. [main]
  227. vardir = /var/lib/puppet
  228. logdir = /var/log/puppet
  229. rundir = /var/run/puppet
  230. ssldir = \$vardir/ssl
  231.  
  232. [agent]
  233. pluginsync = true
  234. report = true
  235. ignoreschedules = true
  236. ca_server = <my_ca_server>
  237. certname = <fqdn_host_provisionned>
  238. environment = devqualif
  239. server = <my_ca_server>
  240. stringify_facts = false
  241. runinterval = 180
  242.  
  243. EOF
  244.  
  245. puppet_unit=puppet
  246. /usr/bin/systemctl list-unit-files | grep -q puppetagent && puppet_unit=puppetagent
  247. /usr/bin/systemctl enable ${puppet_unit}
  248. /sbin/chkconfig --level 345 puppet on
  249.  
  250. # export a custom fact called 'is_installer' to allow detection of the installer environment in Puppet modules
  251. export FACTER_is_installer=true
  252. # passing a non-existent tag like "no_such_tag" to the puppet agent only initializes the node
  253. /usr/bin/puppet agent --config /etc/puppet/puppet.conf --onetime --tags no_such_tag --server s201lfaforeman1.production-real.fr --no-daemonize
  254.  
  255.  
  256.  
  257. phone_home:
  258. url: http://<my_ca_server>/unattended/built?token=7a2aaca9-1df6-476e-ab8b-0d605a1aade1
  259. post: []
  260. tries: 10
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!