refactor: rework cloud-init and communicator integration
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
016f414b08
commit
1f5f4b3685
@ -41,8 +41,8 @@ If required, modify the configuration and scripts files.
|
|||||||
Initialize packer and start a build.
|
Initialize packer and start a build.
|
||||||
|
|
||||||
```Shell
|
```Shell
|
||||||
packer init rocky-9.0/
|
packer init rocky-9/
|
||||||
packer build rocky-9.0/
|
packer build rocky-9/
|
||||||
```
|
```
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
69
rocky-9/data/files/90-proxmox.cfg
Normal file
69
rocky-9/data/files/90-proxmox.cfg
Normal file
@ -0,0 +1,69 @@
|
|||||||
|
users:
|
||||||
|
- default
|
||||||
|
|
||||||
|
disable_root: 0
|
||||||
|
ssh_pwauth: 0
|
||||||
|
|
||||||
|
mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service', '0', '2']
|
||||||
|
resize_rootfs_tmp: /dev
|
||||||
|
ssh_deletekeys: 1
|
||||||
|
ssh_genkeytypes: ['rsa', 'ecdsa', 'ed25519']
|
||||||
|
syslog_fix_perms: ~
|
||||||
|
disable_vmware_customization: false
|
||||||
|
|
||||||
|
cloud_init_modules:
|
||||||
|
- disk_setup
|
||||||
|
- migrator
|
||||||
|
- bootcmd
|
||||||
|
- write-files
|
||||||
|
- [ growpart, always ]
|
||||||
|
- [ resizefs, always ]
|
||||||
|
- set_hostname
|
||||||
|
- update_hostname
|
||||||
|
- [ update_etc_hosts, once-per-instance ]
|
||||||
|
- rsyslog
|
||||||
|
- users-groups
|
||||||
|
- ssh
|
||||||
|
|
||||||
|
cloud_config_modules:
|
||||||
|
- mounts
|
||||||
|
- locale
|
||||||
|
- set-passwords
|
||||||
|
- rh_subscription
|
||||||
|
- yum-add-repo
|
||||||
|
- package-update-upgrade-install
|
||||||
|
- timezone
|
||||||
|
- puppet
|
||||||
|
- chef
|
||||||
|
- salt-minion
|
||||||
|
- mcollective
|
||||||
|
- disable-ec2-metadata
|
||||||
|
- runcmd
|
||||||
|
|
||||||
|
cloud_final_modules:
|
||||||
|
- rightscale_userdata
|
||||||
|
- scripts-per-once
|
||||||
|
- scripts-per-boot
|
||||||
|
- scripts-per-instance
|
||||||
|
- scripts-user
|
||||||
|
- ssh-authkey-fingerprints
|
||||||
|
- keys-to-console
|
||||||
|
- phone-home
|
||||||
|
- final-message
|
||||||
|
- power-state-change
|
||||||
|
|
||||||
|
system_info:
|
||||||
|
default_user:
|
||||||
|
name: cloud-user
|
||||||
|
lock_passwd: true
|
||||||
|
gecos: Cloud User
|
||||||
|
groups: [adm, systemd-journal]
|
||||||
|
sudo: ["ALL=(ALL) NOPASSWD:ALL"]
|
||||||
|
shell: /bin/bash
|
||||||
|
distro: rhel
|
||||||
|
paths:
|
||||||
|
cloud_dir: /var/lib/cloud
|
||||||
|
templates_dir: /etc/cloud/templates
|
||||||
|
ssh_svcname: sshd
|
||||||
|
|
||||||
|
# vim:syntax=yaml
|
9
rocky-9/data/files/93-proxmox.cfg
Normal file
9
rocky-9/data/files/93-proxmox.cfg
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
disable_root: 0
|
||||||
|
ssh_pwauth: 1
|
||||||
|
|
||||||
|
# Set the distro defaults
|
||||||
|
system_info:
|
||||||
|
default_user:
|
||||||
|
name: root
|
||||||
|
shell: /bin/bash
|
||||||
|
lock_passwd: false
|
@ -1,6 +1,15 @@
|
|||||||
### Installs from the first attached CD-ROM/DVD on the system.
|
### Install from the first attached CD-ROM/DVD on the system
|
||||||
cdrom
|
cdrom
|
||||||
|
|
||||||
|
### Configure network information for target system and activate network devices in the installer environment (optional)
|
||||||
|
### --onboot enable device at a boot time
|
||||||
|
### --device device to be activated and / or configured with the network command
|
||||||
|
### --bootproto method to obtain networking configuration for device (default dhcp)
|
||||||
|
### --noipv6 disable IPv6 on this device
|
||||||
|
###
|
||||||
|
### network --bootproto=static --ip=172.16.11.200 --netmask=255.255.255.0 --gateway=172.16.11.200 --nameserver=172.16.11.4 --hostname centos-linux-8
|
||||||
|
network --bootproto=dhcp --device=link --activate --onboot=on
|
||||||
|
|
||||||
### Performs the kickstart installation in text mode.
|
### Performs the kickstart installation in text mode.
|
||||||
### By default, kickstart installations are performed in graphical mode.
|
### By default, kickstart installations are performed in graphical mode.
|
||||||
text
|
text
|
||||||
@ -14,18 +23,8 @@ lang ${vm_guest_os_language}
|
|||||||
### Sets the default keyboard type for the system.
|
### Sets the default keyboard type for the system.
|
||||||
keyboard ${vm_guest_os_keyboard}
|
keyboard ${vm_guest_os_keyboard}
|
||||||
|
|
||||||
### Configure network information for target system and activate network devices in the installer environment (optional)
|
### Set initial root password
|
||||||
### --onboot enable device at a boot time
|
rootpw --iscrypted ${build_password_encrypted}
|
||||||
### --device device to be activated and / or configured with the network command
|
|
||||||
### --bootproto method to obtain networking configuration for device (default dhcp)
|
|
||||||
### --noipv6 disable IPv6 on this device
|
|
||||||
###
|
|
||||||
### network --bootproto=static --ip=172.16.11.200 --netmask=255.255.255.0 --gateway=172.16.11.200 --nameserver=172.16.11.4 --hostname centos-linux-8
|
|
||||||
network --bootproto=dhcp
|
|
||||||
|
|
||||||
### The selected profile will restrict root login.
|
|
||||||
### Add a user that can login and escalate privileges.
|
|
||||||
user --name=${build_username} --iscrypted --password=${build_password_encrypted} --groups=wheel
|
|
||||||
|
|
||||||
### Configure firewall settings for the system.
|
### Configure firewall settings for the system.
|
||||||
### --enabled reject incoming connections that are not in response to outbound requests
|
### --enabled reject incoming connections that are not in response to outbound requests
|
||||||
@ -58,9 +57,9 @@ clearpart --all --initlabel
|
|||||||
|
|
||||||
### Modify partition sizes for the virtual machine hardware.
|
### Modify partition sizes for the virtual machine hardware.
|
||||||
### Create primary system partitions.
|
### Create primary system partitions.
|
||||||
part /boot --fstype xfs --size=1024 --label=BOOTFS
|
part /boot --fstype xfs --size=512 --label=BOOTFS
|
||||||
part /boot/efi --fstype vfat --size=1024 --label=EFIFS
|
part /boot/efi --fstype vfat --size=512 --label=EFIFS
|
||||||
part pv.01 --size=25 --grow
|
part pv.01 --size=19 --grow
|
||||||
|
|
||||||
### Create a logical volume management (LVM) group.
|
### Create a logical volume management (LVM) group.
|
||||||
volgroup vg00 --pesize=4096 pv.01
|
volgroup vg00 --pesize=4096 pv.01
|
||||||
@ -68,15 +67,15 @@ volgroup vg00 --pesize=4096 pv.01
|
|||||||
### Modify logical volume sizes for the virtual machine hardware.
|
### Modify logical volume sizes for the virtual machine hardware.
|
||||||
### Create logical volumes.
|
### Create logical volumes.
|
||||||
logvol swap --fstype swap --name=lv_swap --vgname=vg00 --size=2048 --label=SWAPFS
|
logvol swap --fstype swap --name=lv_swap --vgname=vg00 --size=2048 --label=SWAPFS
|
||||||
logvol / --fstype xfs --name=lv_root --vgname=vg00 --size=8000 --label=ROOTFS
|
logvol / --fstype xfs --name=lv_root --vgname=vg00 --size=6000 --label=ROOTFS
|
||||||
logvol /home --fstype xfs --name=lv_home --vgname=vg00 --size=4000 --label=HOMEFS
|
logvol /home --fstype xfs --name=lv_home --vgname=vg00 --size=3000 --label=HOMEFS
|
||||||
logvol /opt --fstype xfs --name=lv_opt --vgname=vg00 --size=1000 --label=OPTFS
|
logvol /opt --fstype xfs --name=lv_opt --vgname=vg00 --size=1000 --label=OPTFS
|
||||||
logvol /tmp --fstype xfs --name=lv_tmp --vgname=vg00 --size=1000 --label=TMPFS --fsoptions="nosuid,noexec,nodev"
|
logvol /tmp --fstype xfs --name=lv_tmp --vgname=vg00 --size=512 --label=TMPFS --fsoptions="nosuid,noexec,nodev"
|
||||||
logvol /var --fstype xfs --name=lv_var --vgname=vg00 --size=2000 --label=VARFS --fsoptions="nosuid"
|
logvol /var --fstype xfs --name=lv_var --vgname=vg00 --size=2000 --label=VARFS --fsoptions="nosuid"
|
||||||
logvol /var/tmp --fstype xfs --name=lv_vartmp --vgname=vg00 --size=1000 --label=LOGFS --fsoptions="nosuid,noexec,nodev"
|
logvol /var/tmp --fstype xfs --name=lv_vartmp --vgname=vg00 --size=512 --label=LOGFS --fsoptions="nosuid,noexec,nodev"
|
||||||
logvol /var/www --fstype xfs --name=lv_www --vgname=vg00 --size=2000 --label=LOGFS --fsoptions="nosuid,noexec,nodev"
|
logvol /var/www --fstype xfs --name=lv_www --vgname=vg00 --size=1000 --label=LOGFS --fsoptions="nosuid,noexec,nodev"
|
||||||
logvol /var/log --fstype xfs --name=lv_log --vgname=vg00 --size=1000 --label=LOGFS --fsoptions="nosuid,noexec,nodev"
|
logvol /var/log --fstype xfs --name=lv_log --vgname=vg00 --size=1000 --label=LOGFS --fsoptions="nosuid,noexec,nodev"
|
||||||
logvol /var/log/audit --fstype xfs --name=lv_audit --vgname=vg00 --size=1024 --label=AUDITFS --fsoptions="nosuid,noexec,nodev"
|
logvol /var/log/audit --fstype xfs --name=lv_audit --vgname=vg00 --size=512 --label=AUDITFS --fsoptions="nosuid,noexec,nodev"
|
||||||
|
|
||||||
### Modifies the default set of services that will run under the default runlevel.
|
### Modifies the default set of services that will run under the default runlevel.
|
||||||
services --enabled=NetworkManager,sshd,qemu-guest-agent
|
services --enabled=NetworkManager,sshd,qemu-guest-agent
|
||||||
@ -98,6 +97,7 @@ curl
|
|||||||
python3
|
python3
|
||||||
python3-libselinux
|
python3-libselinux
|
||||||
qemu-guest-agent
|
qemu-guest-agent
|
||||||
|
jq
|
||||||
-aic94xx-firmware
|
-aic94xx-firmware
|
||||||
-atmel-firmware
|
-atmel-firmware
|
||||||
-b43-openfwwf
|
-b43-openfwwf
|
||||||
@ -136,9 +136,15 @@ dnf install -y cloud-init
|
|||||||
dnf clean all
|
dnf clean all
|
||||||
|
|
||||||
touch /etc/cloud/cloud-init.disabled
|
touch /etc/cloud/cloud-init.disabled
|
||||||
|
cat >/etc/cloud/cloud.cfg.d/90-proxmox.cfg <<EOF
|
||||||
|
${files_proxmox_default_init}
|
||||||
|
EOF
|
||||||
|
cat >/etc/cloud/cloud.cfg.d/93-proxmox.cfg <<EOF
|
||||||
|
${files_proxmox_init}
|
||||||
|
EOF
|
||||||
echo "Completed cloud-init step!"
|
echo "Completed cloud-init step!"
|
||||||
echo "${build_username} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/${build_username}
|
|
||||||
sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers
|
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
|
||||||
%end
|
%end
|
||||||
|
|
||||||
### Reboot after the installation is complete.
|
### Reboot after the installation is complete.
|
||||||
|
@ -10,13 +10,11 @@ vm_qemu_agent = true
|
|||||||
proxmox_iso_pool = "local:iso"
|
proxmox_iso_pool = "local:iso"
|
||||||
proxmox_iso_file = "Rocky-9.0-x86_64-minimal.iso"
|
proxmox_iso_file = "Rocky-9.0-x86_64-minimal.iso"
|
||||||
|
|
||||||
proxmox_template_description = "Rocky Linux 9.0 Template"
|
proxmox_template_description = "Rocky Linux 9 Template"
|
||||||
proxmox_template_name = "rocky-90-cloud"
|
proxmox_template_name = "rocky-9-cloud"
|
||||||
|
|
||||||
|
|
||||||
// Communicator Settings
|
// Communicator Settings
|
||||||
communicator_port = 22
|
|
||||||
communicator_timeout = "30m"
|
communicator_timeout = "30m"
|
||||||
|
|
||||||
// Provisioner Settings
|
// Provisioner Settings
|
||||||
scripts = ["scripts/rocky-9.x.sh"]
|
build_scripts = ["scripts/rocky-9.sh"]
|
||||||
|
@ -12,20 +12,22 @@ locals {
|
|||||||
buildtime = formatdate("YYYY-MM-DD hh:mm ZZZ", timestamp())
|
buildtime = formatdate("YYYY-MM-DD hh:mm ZZZ", timestamp())
|
||||||
data_source_content = {
|
data_source_content = {
|
||||||
"/ks.cfg" = templatefile("${abspath(path.root)}/data/init.ks.pkrtpl.hcl", {
|
"/ks.cfg" = templatefile("${abspath(path.root)}/data/init.ks.pkrtpl.hcl", {
|
||||||
build_username = var.build_username
|
|
||||||
build_password_encrypted = var.build_password_encrypted
|
build_password_encrypted = var.build_password_encrypted
|
||||||
vm_guest_os_language = var.vm_guest_os_language
|
vm_guest_os_language = var.vm_guest_os_language
|
||||||
vm_guest_os_keyboard = var.vm_guest_os_keyboard
|
vm_guest_os_keyboard = var.vm_guest_os_keyboard
|
||||||
vm_guest_os_timezone = var.vm_guest_os_timezone
|
vm_guest_os_timezone = var.vm_guest_os_timezone
|
||||||
|
files_proxmox_default_init = file("${abspath(path.root)}/data/files/90-proxmox.cfg")
|
||||||
|
files_proxmox_init = file("${abspath(path.root)}/data/files/93-proxmox.cfg")
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
data_source_command = "inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/ks.cfg"
|
data_source_command = "inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/ks.cfg"
|
||||||
}
|
}
|
||||||
|
|
||||||
source "proxmox-iso" "rocky-linux-90" {
|
source "proxmox-iso" "rocky-linux-9" {
|
||||||
// Proxmox Settings
|
// Proxmox Settings
|
||||||
proxmox_url = "${var.proxmox_url}"
|
proxmox_url = "${var.proxmox_url}"
|
||||||
node = "${var.proxmox_node}"
|
node = "${var.proxmox_node}"
|
||||||
|
username = "${var.proxmox_username}"
|
||||||
token = "${var.proxmox_token}"
|
token = "${var.proxmox_token}"
|
||||||
|
|
||||||
// Virtual Machine Settings
|
// Virtual Machine Settings
|
||||||
@ -70,23 +72,20 @@ source "proxmox-iso" "rocky-linux-90" {
|
|||||||
|
|
||||||
// Communicator Settings and Credentials
|
// Communicator Settings and Credentials
|
||||||
communicator = "ssh"
|
communicator = "ssh"
|
||||||
ssh_username = "${var.build_username}"
|
ssh_username = "root"
|
||||||
ssh_password = "${var.build_password}"
|
ssh_password = "${var.build_password}"
|
||||||
ssh_port = "${var.communicator_port}"
|
|
||||||
ssh_timeout = "${var.communicator_timeout}"
|
ssh_timeout = "${var.communicator_timeout}"
|
||||||
|
|
||||||
proxmox_template_description = "${var.proxmox_template_description} on ${local.buildtime}"
|
template_description = "${var.proxmox_template_description} on ${local.buildtime}"
|
||||||
proxmox_template_name = "${var.proxmox_template_name}"
|
template_name = "${var.proxmox_template_name}"
|
||||||
unmount_iso = true
|
unmount_iso = true
|
||||||
}
|
}
|
||||||
|
|
||||||
build {
|
build {
|
||||||
sources = ["source.proxmox-iso.rocky-linux-90"]
|
sources = ["source.proxmox-iso.rocky-linux-9"]
|
||||||
|
|
||||||
provisioner "shell" {
|
provisioner "shell" {
|
||||||
execute_command = "echo '${var.build_password}' | {{.Vars}} sudo -E -S sh -eux '{{.Path}}'"
|
scripts = formatlist("${path.cwd}/%s", var.build_scripts)
|
||||||
scripts = formatlist("${path.cwd}/%s", var.scripts)
|
remote_folder = "/root"
|
||||||
remote_folder = "/home/${var.build_username}"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -13,6 +13,8 @@ variable "proxmox_iso_pool" {
|
|||||||
variable "proxmox_url" {
|
variable "proxmox_url" {
|
||||||
type = string
|
type = string
|
||||||
description = "URL to the Proxmox API, including the full path."
|
description = "URL to the Proxmox API, including the full path."
|
||||||
|
sensitive = true
|
||||||
|
default = ""
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "proxmox_node" {
|
variable "proxmox_node" {
|
||||||
@ -20,9 +22,18 @@ variable "proxmox_node" {
|
|||||||
description = "Name of a node in the Proxmox cluster on which to start the virtual machine when it is created."
|
description = "Name of a node in the Proxmox cluster on which to start the virtual machine when it is created."
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "proxmox_username" {
|
||||||
|
type = string
|
||||||
|
description = "The username must include the token id after an exclamation mark."
|
||||||
|
sensitive = true
|
||||||
|
default = ""
|
||||||
|
}
|
||||||
|
|
||||||
variable "proxmox_token" {
|
variable "proxmox_token" {
|
||||||
type = string
|
type = string
|
||||||
description = "Token for authenticating API calls."
|
description = "Token for authenticating API calls."
|
||||||
|
sensitive = true
|
||||||
|
default = ""
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "proxmox_storage_format" {
|
variable "proxmox_storage_format" {
|
||||||
@ -111,7 +122,7 @@ variable "vm_mem_size" {
|
|||||||
variable "vm_disk_size" {
|
variable "vm_disk_size" {
|
||||||
type = string
|
type = string
|
||||||
description = "The size for the virtual disk."
|
description = "The size for the virtual disk."
|
||||||
default = "32G"
|
default = "20G"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "vm_disk_controller_type" {
|
variable "vm_disk_controller_type" {
|
||||||
@ -163,15 +174,9 @@ variable "vm_qemu_agent" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Communicator Settings and Credentials
|
// Communicator Settings and Credentials
|
||||||
variable "build_username" {
|
|
||||||
type = string
|
|
||||||
description = "The username to login to the guest operating system."
|
|
||||||
sensitive = true
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "build_password" {
|
variable "build_password" {
|
||||||
type = string
|
type = string
|
||||||
description = "The password to login to the guest operating system."
|
description = "The password to login the guest operating system."
|
||||||
sensitive = true
|
sensitive = true
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -181,10 +186,10 @@ variable "build_password_encrypted" {
|
|||||||
sensitive = true
|
sensitive = true
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "communicator_port" {
|
variable "build_scripts" {
|
||||||
type = number
|
type = list(string)
|
||||||
description = "The port for the communicator protocol."
|
description = "A list of scripts and their relative paths to transfer and execute."
|
||||||
default = 22
|
default = []
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "communicator_timeout" {
|
variable "communicator_timeout" {
|
||||||
@ -192,10 +197,3 @@ variable "communicator_timeout" {
|
|||||||
description = "The timeout for the communicator protocol."
|
description = "The timeout for the communicator protocol."
|
||||||
default = "30m"
|
default = "30m"
|
||||||
}
|
}
|
||||||
|
|
||||||
// Provisioner Settings
|
|
||||||
variable "scripts" {
|
|
||||||
type = list(string)
|
|
||||||
description = "A list of scripts and their relative paths to transfer and execute."
|
|
||||||
default = []
|
|
||||||
}
|
|
||||||
|
@ -3,12 +3,11 @@ set -eo pipefail
|
|||||||
|
|
||||||
#### Update system
|
#### Update system
|
||||||
echo '> Update packages ...'
|
echo '> Update packages ...'
|
||||||
dnf update -y
|
dnf -y -q update
|
||||||
dnf clean all
|
dnf -q clean all
|
||||||
|
|
||||||
### Cleans all audit logs. ###
|
### Cleans all audit logs
|
||||||
echo '> Cleaning all audit logs ...'
|
echo '> Cleaning all audit logs ...'
|
||||||
|
|
||||||
if [ -f /var/log/audit/audit.log ]; then
|
if [ -f /var/log/audit/audit.log ]; then
|
||||||
cat /dev/null >/var/log/audit/audit.log
|
cat /dev/null >/var/log/audit/audit.log
|
||||||
fi
|
fi
|
||||||
@ -21,40 +20,42 @@ if [ -f /var/log/lastlog ]; then
|
|||||||
cat /dev/null >/var/log/lastlog
|
cat /dev/null >/var/log/lastlog
|
||||||
fi
|
fi
|
||||||
|
|
||||||
### Cleans persistent udev rules. ###
|
### Cleans persistent udev rules
|
||||||
echo '> Cleaning persistent udev rules ...'
|
echo '> Cleaning persistent udev rules ...'
|
||||||
if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then
|
if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then
|
||||||
rm /etc/udev/rules.d/70-persistent-net.rules
|
rm /etc/udev/rules.d/70-persistent-net.rules
|
||||||
fi
|
fi
|
||||||
|
|
||||||
### Clean the /tmp directories. ###
|
### Clean the /tmp directories
|
||||||
echo '> Cleaning /tmp directories ...'
|
echo '> Cleaning /tmp directories ...'
|
||||||
rm -rf /tmp/*
|
rm -rf /tmp/*
|
||||||
rm -rf /var/tmp/*
|
rm -rf /var/tmp/*
|
||||||
rm -rf /var/cache/dnf/*
|
rm -rf /var/cache/dnf/*
|
||||||
|
|
||||||
### Clean the SSH keys. ###
|
### Clean the SSH keys
|
||||||
echo '> Cleaning the SSH keys ...'
|
echo '> Cleaning the SSH keys ...'
|
||||||
shred -u /etc/ssh/*_key /etc/ssh/*_key.pub
|
shred -u /etc/ssh/*_key /etc/ssh/*_key.pub
|
||||||
rm -f /etc/ssh/ssh_config.d/allow-root-ssh.conf
|
rm -f /etc/ssh/ssh_config.d/allow-root-ssh.conf
|
||||||
|
rm -rf /root/.ssh/authorized_keys
|
||||||
|
sed -i 's/PermitRootLogin yes/#PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
|
||||||
|
|
||||||
### Clean the machine-id. ###
|
### Clean the machine-id
|
||||||
echo '> Cleaning the machine-id ...'
|
echo '> Cleaning the machine-id ...'
|
||||||
truncate -s 0 /etc/machine-id
|
truncate -s 0 /etc/machine-id
|
||||||
rm -f /var/lib/dbus/machine-id
|
rm -f /var/lib/dbus/machine-id
|
||||||
mkdir -p /var/lib/dbus
|
mkdir -p /var/lib/dbus
|
||||||
ln -s /etc/machine-id /var/lib/dbus/machine-id
|
ln -s /etc/machine-id /var/lib/dbus/machine-id
|
||||||
|
|
||||||
### Clean the shell history. ###
|
### Prepare cloud-init
|
||||||
|
echo '> Preparing cloud-init ...'
|
||||||
|
rm -f /etc/cloud/cloud-init.disabled
|
||||||
|
|
||||||
|
### Clean the shell history
|
||||||
echo '> Cleaning the shell history ...'
|
echo '> Cleaning the shell history ...'
|
||||||
unset HISTFILE
|
unset HISTFILE
|
||||||
history -cw
|
history -cw
|
||||||
echo >~/.bash_history
|
echo >~/.bash_history
|
||||||
rm -f /root/.bash_history
|
rm -f /root/.bash_history
|
||||||
|
|
||||||
### Prepare cloud-init ###
|
### Done
|
||||||
echo '> Preparing cloud-init ...'
|
|
||||||
rm -f /etc/cloud/cloud-init.disabled
|
|
||||||
|
|
||||||
### Done. ###
|
|
||||||
echo '> Done.'
|
echo '> Done.'
|
Loading…
Reference in New Issue
Block a user