github.com/SUSE/skuba@v1.4.17/ci/infra/vmware/cloud-init/common.tpl

github.com/SUSE/skuba@v1.4.17/ci/infra/vmware/cloud-init/common.tpl (about)

     1  #cloud-config
     2  
     3  # set locale
     4  locale: en_US.UTF-8
     5  
     6  # set timezone
     7  timezone: Etc/UTC
     8  
     9  ssh_authorized_keys:
    10  ${authorized_keys}
    11  
    12  ntp:
    13    enabled: true
    14    ntp_client: chrony
    15    config:
    16      confpath: /etc/chrony.conf
    17    servers:
    18  ${ntp_servers}
    19  
    20  # need to disable gpg checks because the cloud image has an untrusted repo
    21  zypper:
    22    repos:
    23  ${repositories}
    24    config:
    25      gpgcheck: "off"
    26      solver.onlyRequires: "true"
    27      download.use_deltarpm: "true"
    28  
    29  # need to remove the standard docker packages that are pre-installed on the
    30  # cloud image because they conflict with the kubic- ones that are pulled by
    31  # the kubernetes packages
    32  # WARNING!!! Do not use cloud-init packages module when SUSE CaaSP Registraion
    33  # Code is provided. In this case repositories will be added in runcmd module
    34  # with SUSEConnect command after packages module is ran
    35  #packages:
    36  
    37  # set hostname
    38  hostname: ${hostname}
    39  
    40  runcmd:
    41    # Since we are currently inside of the cloud-init systemd unit, trying to
    42    # start another service by either `enable --now` or `start` will create a
    43    # deadlock. Instead, we have to use the `--no-block-` flag.
    44    # The template machine should have been cleaned up, so no machine-id exists
    45    - dbus-uuidgen --ensure
    46    - systemd-machine-id-setup
    47    # With a new machine-id generated the journald daemon will work and can be restarted
    48    # Without a new machine-id it should be in a failed state
    49    - systemctl restart systemd-journald
    50    # Workaround for bsc#1138557 . Disable root and password SSH login
    51    - sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
    52    - sed -i -e '/^#ChallengeResponseAuthentication/s/^.*$/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config
    53    - sed -i -e '/^#PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
    54    - sshd -t || echo "ssh syntax failure"
    55    - systemctl restart sshd
    56    # Set node's hostname from DHCP server
    57    - sed -i -e '/^DHCLIENT_SET_HOSTNAME/s/^.*$/DHCLIENT_SET_HOSTNAME=\"${hostname_from_dhcp}\"/' /etc/sysconfig/network/dhcp
    58    - systemctl restart wicked
    59  ${register_scc}
    60  ${register_rmt}
    61  ${commands}
    62  
    63  final_message: "The system is finally up, after $UPTIME seconds"