ISTI-provisioning
/
openstack-infrastructure-terraform
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openstack-infrastructure-te.../s2i2s_openstack_vm_data_scr.../almalinux9.sh

33 lines
2.6 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
# The AlmaLinux-9.0-20220718 cloud image loses an early-boot race between
# sshd.service and sshd-keygen.target on first boot: sshd tries to start
# before the host keys exist and fails. cloud-init usually rescues it later,
# but that recovery is not guaranteed (e.g. it is skipped on `server rebuild`,
# which keeps the instance-id). Make it deterministic: (re)generate any
# missing host keys and (re)start sshd. Both commands are idempotent —
# ssh-keygen -A never overwrites existing keys.
/usr/bin/ssh-keygen -A
/usr/bin/systemctl enable sshd
/usr/bin/systemctl restart sshd
dnf -y install python3 policycoreutils-python-utils
/sbin/useradd --system --home-dir /srv/ansible -m --shell /bin/bash -c "Used for the Ansible provisioning tasks" ansible
# SSH keys of users authorized to execute ansible playbooks.
# The ones in the example belong to Andrea Dell'Amico and Tommaso Piccioli.
# Feel free to add yours if you are entitled to run the ansible provisioning on that server
mkdir /srv/ansible/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzcHuDU7PgJwz34AsVG0E2+ZRx17ZKW1uDEGABNk3Z60/c9LTwWKPj6kcIRy6RzFJI5X+IgPJnYouXVmJsIWjVL8IRk8fP1ffJC6Fyf6H7+fCxu/Wwed5OoOCvKeZ0bEmJ1tlXFM6+EnxKqLCvz3fsNy8e4WKMnpS1hT8K6YB7PMjt60S3wOaxds1Lv4NmmgnfGM5uZFYrZCx1/GJCzNSh7AEEEUIVQ1B8xmXbet7whNiwDmiOnXSlt38dkIYT8kNMuRCj/r9wPr7FmoUCOFzUVXTcnuYagKyURrZ8QDyHbK6XQLYXgvCz/lWoErGFbDqpmBHHyvKSeLPxYfJpWJ70w== tom@tom" > /srv/ansible/.ssh/authorized_keys
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ9n6B+J5S7NPnwjejPC2WrvcRzC07WPnAoQ7ZHZ0Mv9JakyWItswzI3Drz/zI0mCamyuye+9dWz9v/ZRwUfBobVyXuptRaZIwxlMC/KsTZofpp3RHOBTteZ4/VM0VhEeiOHu+GuzNE0fRB2gsusWeMMae2cq4TjVAOMcQmJX496L703Smc14gFrP8y/P9jbC5HquuVnPR29PsW4mHidPmjdKkO7QmDfFAj44pEUGeInYOJe708C03NCpsjHw8AVdAJ6Pf16EOdDH+z8D6CByVO3s8UT0HJ85BRoIy6254/hmYLzyd/eRnCXHS/dke+ivrlA3XxG4+DmqjuJR/Jpfx adellam@semovente" >> /srv/ansible/.ssh/authorized_keys
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5al6w7Lsm2hVP5Ak3y1YVuqB02vrCvlNQSjF3+y4U/KwSsLDk0EtK6cZQuplehVK+XkdiIxECTokyvwulfHSMa25p8l4bjUA44TTdeWlHjcFgt2SFXbSeAY/XeoukKlafccKqVF0ySrKIIQj94oWIB15qIZMSg8HVIU6XtpHjlF2w8K+YrzmDnU3hs+f1bHp9gi5Q2JKVqm3ZIiUIvb1bYGNq7rdMf0xjAn1ZGuvmEIRSwqR8YMtyIHnrPsMh+sdnV3PosyUQRt/b74Df/ufvJ2t9QBlOprrCQxWibcjYktDOBP4AT5he3giXjz51FJqx7hEj2ISVSiwln5G/cPor franca@Mac.local" >> /srv/ansible/.ssh/authorized_keys
/bin/chown -R ansible:ansible /srv/ansible
/bin/chmod 700 /srv/ansible/.ssh
mkdir -p /etc/sudoers.d
echo "ansible ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ansible-user
/bin/chmod 600 /etc/sudoers.d/ansible-user
semanage fcontext -a -e /home /srv/ansible ; restorecon -vR /srv/ansible
Reference in New Issue View Git Blame Copy Permalink