From 117daeb9c34a7533bf3fc55f98863cd8319477c9 Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Thu, 3 Mar 2022 01:28:51 +0100 Subject: [PATCH] tweaked userdata and tfvars.example --- modules/host/templates/userdata.yaml.tpl | 94 +++++++++++++----------- terraform.tfvars.example | 2 +- 2 files changed, 51 insertions(+), 45 deletions(-) diff --git a/modules/host/templates/userdata.yaml.tpl b/modules/host/templates/userdata.yaml.tpl index 67349d2..4878c6b 100644 --- a/modules/host/templates/userdata.yaml.tpl +++ b/modules/host/templates/userdata.yaml.tpl @@ -1,57 +1,63 @@ #cloud-config +write_files: + +# Configure the private network interface +- content: | + BOOTPROTO='dhcp' + STARTMODE='auto' + path: /etc/sysconfig/network/ifcfg-eth1 + +# Disable ssh password authentication +- content: | + PasswordAuthentication no + X11Forwarding no + MaxAuthTries 2 + AllowTcpForwarding no + AllowAgentForwarding no + AuthorizedKeysFile .ssh/authorized_keys + path: /etc/ssh/sshd_config.d/kube-hetzner.conf + +# Setting the right reboot mode +- content: | + REBOOT_METHOD=rebootmgr + path: /etc/transactional-update.conf + +# Add ssh authorized keys +ssh_authorized_keys: +%{ for key in sshAuthorizedKeys ~} + - ${key} +%{ endfor ~} + # Resize /var, not /, as that's the last partition in MicroOS image. growpart: devices: ["/var"] -write_files: - # Configure private network - - content: | - BOOTPROTO='dhcp' - STARTMODE='auto' - path: /etc/sysconfig/network/ifcfg-eth1 - - # Disable ssh password authentication - - content: | - PasswordAuthentication no - X11Forwarding no - MaxAuthTries 2 - AllowTcpForwarding no - AllowAgentForwarding no - AuthorizedKeysFile .ssh/authorized_keys - path: /etc/ssh/sshd_config.d/kube-hetzner.conf - - # Setting the right reboot mode - - content: | - REBOOT_METHOD=rebootmgr - path: /etc/transactional-update.conf - - # Add ssh authorized keys - ssh_authorized_keys: - %{ for key in sshAuthorizedKeys ~} - - ${key} - %{ endfor ~} - # Make sure the hostname is set correctly -manage_etc_hosts: "localhost" -preserve_hostname: true -prefer_fqdn_over_hostname: false hostname: ${hostname} +preserve_hostname: true +manage_etc_hosts: "localhost" runcmd: - # As above, make sure the hostname is not reset - - sed -i 's#NETCONFIG_NIS_SETDOMAINNAME="yes"#NETCONFIG_NIS_SETDOMAINNAME="no"#g' /etc/sysconfig/network/config - - # Activate the private network - - systemctl reload network - # Activate ssh configuration - - systemctl reload sshd +# As above, make sure the hostname is not reset +- [ sed, -i, 's#preserve_hostname: false#preserve_hostname: true#g', /etc/cloud/cloud.cfg] +- [ sed, -i, 's#NETCONFIG_NIS_SETDOMAINNAME="yes"#NETCONFIG_NIS_SETDOMAINNAME="no"#g', /etc/sysconfig/network/config] +- [ sed, -i, 's#DHCLIENT_SET_HOSTNAME="yes"#DHCLIENT_SET_HOSTNAME="no"#g', /etc/sysconfig/network/dhcp] - # Finishing automatic reboot via Kured setup - - rebootmgrctl set-strategy off +# We set Google DNS servers +- [ sed, -i, 's#NETCONFIG_DNS_STATIC_SERVERS=""#NETCONFIG_DNS_STATIC_SERVERS="8.8.8.8 8.8.4.4"#g', /etc/sysconfig/network/config] - # Reduce the default number of snapshots from 2-10 number limit, to 4 - # And from 4-10 number limit important, to 2 - - snapper -c root set-config "NUMBER_LIMIT=4" - - snapper -c root set-config "NUMBER_LIMIT_IMPORTANT=2" +# Activate the private network +- systemctl reload network + +# Activate ssh configuration +- systemctl reload sshd + +# Finishing automatic reboot via Kured setup +- rebootmgrctl set-strategy off + +# Reduce the default number of snapshots from 2-10 number limit, to 4 +# And from 4-10 number limit important, to 2 +- snapper -c root set-config "NUMBER_LIMIT=4" +- snapper -c root set-config "NUMBER_LIMIT_IMPORTANT=2" diff --git a/terraform.tfvars.example b/terraform.tfvars.example index 8d3ecab..2710ac1 100644 --- a/terraform.tfvars.example +++ b/terraform.tfvars.example @@ -1,4 +1,4 @@ -# Only the first values starting with a * are obligatory, the rest can remain with their default values, but Values or you want +# Only the first values starting with a * are obligatory, the rest can remain with their default values, or you # could adapt them to your needs. # # Note that some values, notably "location" and "public_key" have no effect after the initial cluster has been setup.