tweaked userdata and tfvars.example

This commit is contained in:
Karim Naufal 2022-03-03 01:28:51 +01:00
parent ddcaf0fb66
commit 117daeb9c3
2 changed files with 51 additions and 45 deletions

View File

@ -1,57 +1,63 @@
#cloud-config #cloud-config
write_files:
# Configure the private network interface
- content: |
BOOTPROTO='dhcp'
STARTMODE='auto'
path: /etc/sysconfig/network/ifcfg-eth1
# Disable ssh password authentication
- content: |
PasswordAuthentication no
X11Forwarding no
MaxAuthTries 2
AllowTcpForwarding no
AllowAgentForwarding no
AuthorizedKeysFile .ssh/authorized_keys
path: /etc/ssh/sshd_config.d/kube-hetzner.conf
# Setting the right reboot mode
- content: |
REBOOT_METHOD=rebootmgr
path: /etc/transactional-update.conf
# Add ssh authorized keys
ssh_authorized_keys:
%{ for key in sshAuthorizedKeys ~}
- ${key}
%{ endfor ~}
# Resize /var, not /, as that's the last partition in MicroOS image. # Resize /var, not /, as that's the last partition in MicroOS image.
growpart: growpart:
devices: ["/var"] devices: ["/var"]
write_files:
# Configure private network
- content: |
BOOTPROTO='dhcp'
STARTMODE='auto'
path: /etc/sysconfig/network/ifcfg-eth1
# Disable ssh password authentication
- content: |
PasswordAuthentication no
X11Forwarding no
MaxAuthTries 2
AllowTcpForwarding no
AllowAgentForwarding no
AuthorizedKeysFile .ssh/authorized_keys
path: /etc/ssh/sshd_config.d/kube-hetzner.conf
# Setting the right reboot mode
- content: |
REBOOT_METHOD=rebootmgr
path: /etc/transactional-update.conf
# Add ssh authorized keys
ssh_authorized_keys:
%{ for key in sshAuthorizedKeys ~}
- ${key}
%{ endfor ~}
# Make sure the hostname is set correctly # Make sure the hostname is set correctly
manage_etc_hosts: "localhost"
preserve_hostname: true
prefer_fqdn_over_hostname: false
hostname: ${hostname} hostname: ${hostname}
preserve_hostname: true
manage_etc_hosts: "localhost"
runcmd: runcmd:
# As above, make sure the hostname is not reset
- sed -i 's#NETCONFIG_NIS_SETDOMAINNAME="yes"#NETCONFIG_NIS_SETDOMAINNAME="no"#g' /etc/sysconfig/network/config
# Activate the private network
- systemctl reload network
# Activate ssh configuration # As above, make sure the hostname is not reset
- systemctl reload sshd - [ sed, -i, 's#preserve_hostname: false#preserve_hostname: true#g', /etc/cloud/cloud.cfg]
- [ sed, -i, 's#NETCONFIG_NIS_SETDOMAINNAME="yes"#NETCONFIG_NIS_SETDOMAINNAME="no"#g', /etc/sysconfig/network/config]
- [ sed, -i, 's#DHCLIENT_SET_HOSTNAME="yes"#DHCLIENT_SET_HOSTNAME="no"#g', /etc/sysconfig/network/dhcp]
# Finishing automatic reboot via Kured setup # We set Google DNS servers
- rebootmgrctl set-strategy off - [ sed, -i, 's#NETCONFIG_DNS_STATIC_SERVERS=""#NETCONFIG_DNS_STATIC_SERVERS="8.8.8.8 8.8.4.4"#g', /etc/sysconfig/network/config]
# Reduce the default number of snapshots from 2-10 number limit, to 4 # Activate the private network
# And from 4-10 number limit important, to 2 - systemctl reload network
- snapper -c root set-config "NUMBER_LIMIT=4"
- snapper -c root set-config "NUMBER_LIMIT_IMPORTANT=2" # Activate ssh configuration
- systemctl reload sshd
# Finishing automatic reboot via Kured setup
- rebootmgrctl set-strategy off
# Reduce the default number of snapshots from 2-10 number limit, to 4
# And from 4-10 number limit important, to 2
- snapper -c root set-config "NUMBER_LIMIT=4"
- snapper -c root set-config "NUMBER_LIMIT_IMPORTANT=2"

View File

@ -1,4 +1,4 @@
# Only the first values starting with a * are obligatory, the rest can remain with their default values, but Values or you want # Only the first values starting with a * are obligatory, the rest can remain with their default values, or you
# could adapt them to your needs. # could adapt them to your needs.
# #
# Note that some values, notably "location" and "public_key" have no effect after the initial cluster has been setup. # Note that some values, notably "location" and "public_key" have no effect after the initial cluster has been setup.