#cloud-config # \hbrief cloud-init main template for MSP config # \hversion 0.0.11 # \hdate 2016-05-09 # \brief cloud-init template for MSP config # \version 0.2.57 # \date 2016-09-19 # Configuration created for MSP SLES_12 VMT chpasswd: list: | root:Ericsson miepadm:miep1234 expire: False users: bootcmd: - [ sh, -xc, "echo \"#################################################################\" > /etc/issue.ci" ] - [ sh, -xc, "echo \"# #\" >> /etc/issue.ci" ] - [ sh, -xc, "echo \"# * * * Cloud-init configuration is in progress * * * #\" >> /etc/issue.ci" ] - [ sh, -xc, "echo \"# #\" >> /etc/issue.ci" ] - [ sh, -xc, "echo \"# The system will reboot shortly and then be accessible #\" >> /etc/issue.ci" ] - [ sh, -xc, "echo \"# #\" >> /etc/issue.ci" ] - [ sh, -xc, "echo \"#################################################################\" >> /etc/issue.ci" ] - [ sh, -xc, "if [ -f /etc/issue.orig ]; then cp /etc/issue.orig /etc/issue; fi" ] - [ sh, -xc, "if [ ! -f /etc/issue.orig ]; then cp /etc/issue /etc/issue.orig; cp /etc/issue.ci /etc/issue; fi" ] - [ sh, -xc, "/bin/sed -i 's/^DHCLIENT_SET_DEFAULT_ROUTE=\"yes\".*/DHCLIENT_SET_DEFAULT_ROUTE=\"no\"/' /etc/sysconfig/network/dhcp" ] - [ sh, -xc, "/bin/sed -i 's/^NETCONFIG_DNS_POLICY=.*/NETCONFIG_DNS_POLICY=\"STATIC\"/' /etc/sysconfig/network/config" ] runcmd: - [ sh, -xc, "chage -M 99999 root;rm -f /etc/shadow-" ] - [ sh, -xc, "chage -M 99999 miepadm;rm -f /etc/shadow-" ] - [ sh, -xc, "sed -i 's/^ListenAddress.*/ListenAddress 107.112.138.71/' /etc/ssh/sshd_config" ] - [ sh, -xc, "sed -i 's/^ClientAliveCountMax.*/ClientAliveCountMax 300/g' /etc/ssh/sshd_config" ] - [ sh, -xc, "sed -i 's/^ClientAliveInterval.*/ClientAliveInterval 10/g' /etc/ssh/sshd_config" ] - [ sh, -xc, "sed -i '/PermitRootLogin/d' /etc/ssh/sshd_config" ] - [ sh, -xc, "echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config" ] - [ sh, -xc, "sed -i '/KexAlgorithms/s/^/# /' /etc/ssh/sshd_config" ] - [ sh, -xc, "mkdir /opt/miep/tools/miit/www/sles" ] - [ sh, -xc, "rm -f /etc/sysconfig/network/ifcfg-eth1" ] - [ sh, -xc, "mkdir /shared_nfs_datastore" ] - [ sh, -xc, "mount -t ext4 /dev/vdb /shared_nfs_datastore" ] - [ sh, -xc, "mkdir -p /shared_nfs_datastore/miit" ] - [ sh, -xc, "cp -pr /opt/miep/tools/miit/* /shared_nfs_datastore/miit" ] - [ sh, -xc, "rm -rf /opt/miep/tools/miit" ] - [ sh, -xc, "rm -f /etc/udev/rules.d/70-persistent-net.rules" ] - [ sh, -xc, "ln -s /shared_nfs_datastore/miit /opt/miep/tools/miit" ] - [ sh, -xc, "chown -R miepadm:miepgrp /shared_nfs_datastore/miit" ] - [ sh, -xc, "chown -R miepadm:miepgrp /opt/miep/tools/miit" ] - [ sh, -xc, "mkdir -p /opt/miep/tools/miit/www/sles" ] - [ sh, -xc, "mount -o loop /shared_nfs_datastore/SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.iso /opt/miep/tools/miit/www/sles" ] - [ sh, -xc, "/usr/bin/zypper ar /opt/miep/tools/miit/www/sles nfsrpms" ] - [ sh, -xc, "/usr/bin/zypper lr" ] - [ sh, -xc, "/usr/bin/zypper --non-interactive install -y nfs-kernel-server" ] - [ sh, -xc, "/usr/bin/zypper --non-interactive install -y expect" ] - [ sh, -xc, "/usr/bin/zypper --non-interactive install -y dos2unix" ] - [ sh, -xc, "echo '//shared_nfs_datastore 107.112.136.0/21(rw,no_root_squash,sync,subtree_check)' >> /etc/exports" ] - [ sh, -xc, "echo '/dev/vdb /shared_nfs_datastore ext4 acl 1 1' >> /etc/fstab" ] - [ sh, -xc, "echo '@reboot /var/tmp/hostnamefix.sh > /var/tmp/hostnamefix.log' | /usr/bin/crontab -u root -" ] - [ sh, -xc, "systemctl enable nfsserver.service" ] - [ sh, -xc, "systemctl enable rpcbind.service" ] - [ sh, -xc, "systemctl enable apache2.service" ] - [ sh, -xc, "chkconfig mount_sles on" ] - [ sh, -xc, "resize2fs /dev/vdb 200G" ] - [ sh, -xc, "sed -i 's/PASS_MAX_DAYS 60/PASS_MAX_DAYS 99999/' /etc/login.defs" ] - [ sh, -xc, "sleep 61s" ] - [ sh, -xc, "su - miepadm -c \"ssh-keygen -t rsa -q -N '' -f ~/.ssh/id_rsa\"" ] timezone: 'PST8PDT' write_files: - content: | H4sIANk1vFkAA41Sy27bMBC88ysW8TViKaWNC92MAkV9KOIi+QFKWllE+RBIyo9+fZeW7DqxDHR10c4OZ3aXXEDnQgxwjrdOBWiVRmgw1F5VGECCHUyFHlx7YltpMIsuk03jMQS2gPdhZN8ruyUd5yF2CG/fNp/WGwhDFY4houEA6whkZEhNH28EhoANyAiVcxGiMvgI+w4tWAfJGwL6HXpqzCP4wVoy4zciLxaCkVrD6BkeqZXzbLW0UOHooyyVZZOGkzciD8mvebi2TU6vRxvloWQL+l9vstW4CIDvg9bZr0Fq1Spssh/TsgBeO+fjJadzLC+WXNCXT07a1VKn7V7ybcoYOYQeayU1Oe2eYVo6BlaW+exJ1e+esytwyl1fyfo3Yy0KUZbiimaRbNr2Cja1DLH32KpDKhTJ6lSgfVpHL2NCiwvq3RDpSib86YKfXhdLU2QzAS+rn2msz7A6jzXLo3WJJc/zgudPX/lSAPzxjflS9QdTi8IYK0TO97Lf7rlxFd1w3zmLnAabY85hmZPmHn5PeWS8b+2D+M7E/2xtZM5ht639w+8pjwzG/gJrL8X/3wMAAA== path: /etc/hosts owner: root:root permissions: '0644' encoding: 'gzip+base64' - content: | ################################################################################ ## /etc/ntp.conf ## ## Sample NTP configuration file. ## See package 'ntp-doc' for documentation, Mini-HOWTO and FAQ. ## Copyright (c) 1998 S.u.S.E. GmbH Fuerth, Germany. ## ## Author: Michael Andres, ## Michael Skibbe, ## ################################################################################ ## ## Radio and modem clocks by convention have addresses in the ## form 127.127.t.u, where t is the clock type and u is a unit ## number in the range 0-3. ## ## Most of these clocks require support in the form of a ## serial port or special bus peripheral. The particular ## device is normally specified by adding a soft link ## /dev/device-u to the particular hardware device involved, ## where u correspond to the unit number above. ## ## Generic DCF77 clock on serial port (Conrad DCF77) ## Address: 127.127.8.u ## Serial Port: /dev/refclock-u ## ## (create soft link /dev/refclock-0 to the particular ttyS?) ## # server 127.127.8.0 mode 5 prefer server 135.144.38.211 prefer server 155.165.201.253 prefer ## ## Undisciplined Local Clock. This is a fake driver intended for backup ## and when no outside source of synchronized time is available. ## server 127.127.1.0 # local clock (LCL) fudge 127.127.1.0 stratum 10 # LCL is unsynchronized ## ## Add external Servers using ## # rcntp addserver ## ## ## Miscellaneous stuff ## driftfile /var/lib/ntp/drift/ntp.drift # path for drift file logfile /var/log/ntp # alternate log file # logconfig =syncstatus + sysevents # logconfig =all # statsdir /tmp/ # directory for statistics files # filegen peerstats file peerstats type day enable # filegen loopstats file loopstats type day enable # filegen clockstats file clockstats type day enable # # Authentication stuff # keys /etc/ntp.keys # path for keys file trustedkey 1 # define trusted keys requestkey 1 # key (7) for accessing server variables controlkey 1 # by default act only as a basic NTP client restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery # # allow NTP messages only from the loopback restrict 127.0.0.1 restrict ::1 path: /etc/ntp.conf owner: root:root permissions: '0640' - content: | default 107.112.136.1 - - path: /etc/sysconfig/network/routes owner: root:root permissions: '0644' - content: | 107.239.72.10 162 v1v2ReadWriteSecName noAuthNoPriv 135.207.171.152 162 v1v2ReadWriteSecName noAuthNoPriv path: /opt/miep/tools/AttMspCust/CloudInit/trapDestCfg.xml owner: root:root permissions: '0755' - content: | BOOTPROTO='static' IPADDR='107.112.138.71' BROADCAST='107.112.143.255' NETMASK='255.255.248.0' NETWORK='107.112.136.0' STARTMODE='onboot' DEVICE='eth0' USERCONTROL='no' NAME='OAM' DEFROUTE='yes' CHECK_DUPLICATE_IP='yes' SEND_GRATUITOUS_ARP='yes' path: /etc/sysconfig/network/ifcfg-eth0 owner: root:root permissions: '0644' - content: | path: /etc/udev/rules.d/10-local.rules encoding: b64 owner: root:root permissions: '0640' - content: | #!/bin/bash ### BEGIN INIT INFO # Provides: mount_sles # Required-Start: network # Required-Stop: network # Should-Start: # Should-Stop: # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: Mount SLES iso file ### END INIT INFO echo Mount SLES ISO image mount -o loop /shared_nfs_datastore/SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.iso /opt/miep/tools/miit/www/sles path: /etc/init.d/mount_sles owner: root:root permissions: '0755' - content: | grep -qs preserve_hostname /etc/cloud/cloud.cfg if [ $? -eq 0 ] ; then sed -i 's/preserve_hostname: .*/preserve_hostname: true/' /etc/cloud/cloud.cfg fi /bin/hostname | grep -qs novalocal if [ $? -eq 0 ] ; then newHostname=$(/bin/hostname | sed -e 's/.novalocal//') hostnamectl set-hostname $newHostname fi /usr/bin/crontab -u root -l | grep -v hostnamefix.sh | /usr/bin/crontab -u root - path: /var/tmp/hostnamefix.sh owner: root:root permissions: '0755' - content: | ### /etc/resolv.conf file autogenerated by netconfig! # # Before you change this file manually, consider to define the # static DNS configuration using the following variables in the # /etc/sysconfig/network/config file: # NETCONFIG_DNS_STATIC_SEARCHLIST # NETCONFIG_DNS_STATIC_SERVERS # NETCONFIG_DNS_FORWARDER # or disable DNS configuration updates via netconfig by setting: # NETCONFIG_DNS_POLICY='' # # See also the netconfig(8) manual page and other documentation. # # Note: Manual change of this file disables netconfig too, but # may get lost when this file contains comments or empty lines # only, the netconfig settings are same with settings in this # file and in case of a "netconfig update -f" call. # ### Please remove (at least) this line when you modify the file! nameserver 155.165.194.100 nameserver 155.165.201.100 search wapgw.mobilephone.net options attempts:1 options timeout:6 path: /etc/resolv.conf owner: root:root permissions: '0644' - content: | *.* @135.207.171.57:1538 *.* @155.165.162.48:1532 path: /etc/rsyslog.d/remote.conf owner: root:root permissions: '0600' - content: | H4sIANjbQlkAA5WUUW/aMBSF3/0rjqKgtEyUlodNYmonSulaCQqCqnsYE0kTByyCHcWGjAH/fU5CWqJB1PEC5J6c+/n42qTb/37/2O1cG1I5aindGXXnE9tzFIX1qbKoeJV1rfJQ6VVGln0RiKlBCHVnwmMyDJz12TnZpP9R0/qxsswr0xpzC8ieGqmT3YR5ZeDmBuZm329HdoRkLdtJyzejvTGMavJJa4xP4YsIK+8VujxPK5ojZX25u722PR+12XYa0TARbZ14DmsTRowrmJ93VlaRMyei3oT7cqKhHKlERG1CmI+fML+hxiku8QtfoWaUEwAFnLw54AkquaVAfzOppEFoIGki14qJZH9oOU5jZ9mnzTNPONxLKOAEgXB1gB4SYwj/LQMwCTPvaID4jByJr+oe5vd0P4LPAirXUtFFdR9jKtGlAnYgRHh5IkfjWJDj+oIxNa7HcTyuS93DsHE62gJpEetUvGWv5NITIVTDSLhUSozSeSsu3JeSRivm6m3b/wDPntEI2YDul91yFVvRJpz0G2e6q96Z848vtDMc9ofNA3u9h56I+fE1FmTLMFtdyjwctG8fn+7egaPQfWV6ZEpxoyXnehI0b8nMH+PN3UtpD0QF1tag1X7oNN5ZndDRhcbHWf8PNrcvhT0Q5bBlZ+el9wy9D5IJns9OQQ8jUYx+5KLE19bHFnURKn0uaFjvjQZfLq4mz/1+d1TFFtmFFO9f2OKfK8IgO5DCDUnIX5FnXVGsBQAA path: /opt/miep/tools/miit/vmtTools/statusCheck.sh owner: miepadm:miepgrp permissions: '0755' encoding: 'gzip+base64' - content: | H4sIAKm9hFkAA9VWbW/aMBD+3PyKUxSUrVPiUama1CmdEOsLEqxodPvSVmAlBqwmcRQfUKj632c7EKCMDrVVtX6AxM69PM/d2XfNi7N27fI8sInIkCScZQSFiKV65UjGCV7qlW31eczaFIdKcExzgklGHMmRpTRhtpUzOYoxsFNxkuciV/JMUp5KpHFMkYs0sPs0lkrSAt6HK/BmYDtVG27gK+CQpRYAsHAowNZGOwxHGfySdMCOfFLu+HIIVwunN3BVQ2x12uFIYkbDWyV8Y4MxdMcRqhYw5VGvFyqBU11ddodCogxKGm6x4RobzYuz00bzJLDLz57UGLxeRJGB+6mSVKLK1KucV1qVjtvzYzEovJ90aqXy79alp9ZPKlnQ52thOXijsFAjV1/KBc4BFGgsS3uNuMxiOv3w0bo3a/AUh2t0narjXqcuQLFrG3a9I9AJPT4G575ZFNUDMa86FA/Ww6pJVR3brO5gcxlhbdaaibQIhDEJyW3Ec/Ay+GtFTyaTZeESHSSReLq45XL7+ZokkTRkOUpLBTJUEDbOCnE2wv4CdzrVMtO2fBzM5kXkfAMvZfB5pYpWQq8KbBNBJJhMXdQlok5AUZIQRi9ApvgjzeFu3J+9Gj/wSVud0EbK8flUuYRUIFAY05hHBqT2qjgvLjGmr7B5DKxtadz3dZ5fpVJ2YQJ2q1MD49IY2szYOnqYp3ALdp4iy0Na/W/xPw0/FwJD+i7B37KpQpSz/XeJ3lnvnc/nsCv0xw53KnuFfigmKXg/QWOjUXKkn4N8l56glRMRaeUvh4c7KRgqtlNAsSGABZott1JHaULRzEORZDFDFsGE4xDYfHoyPXpPPR5PUZiP9FX1b3NyFIZMyv4ojqdFWED3SmWwsWLQdEyrZPDInaFiPK4NJOr3otawuMOJMqQcl/1aDUvd+sWP08YZHByTiI1JqtAXfmFvOQrNCfB0oGctEKnWBMWbSgYTytH3i4En3Mz3sqGQeixGkcGBOc2+M4n1/sC/S+LXoLbkolkWrVB1QjVPd8OyW4NqaPN4d/UXFX49yz0x7kAZhR5SHoNX3Sra07I668XfW54I1TXX5rLHVWf9AdB7+rd1DAAA path: /opt/miep/tools/miit/vmtTools/siteSetup.sh owner: miepadm:miepgrp permissions: '0755' encoding: 'gzip+base64' scripts_per_once: power_state: mode: reboot message: Server will reboot now timeout: 5