comfy 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (133) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +11 -0
  3. data/.rspec +2 -0
  4. data/.travis.yml +46 -0
  5. data/Gemfile +4 -0
  6. data/LICENSE +13 -0
  7. data/README.md +131 -0
  8. data/Rakefile +18 -0
  9. data/bin/comfy +4 -0
  10. data/comfy.gemspec +36 -0
  11. data/config/comfy.yml +20 -0
  12. data/lib/comfy/command_executioner.rb +225 -0
  13. data/lib/comfy/creator.rb +200 -0
  14. data/lib/comfy/errors/invalid_distribution_version_error.rb +1 -0
  15. data/lib/comfy/errors/no_such_distribution_version_error.rb +1 -0
  16. data/lib/comfy/errors/packer_error.rb +1 -0
  17. data/lib/comfy/errors/packer_execution_error.rb +1 -0
  18. data/lib/comfy/errors/packer_validation_error.rb +1 -0
  19. data/lib/comfy/errors.rb +4 -0
  20. data/lib/comfy/extensions/yell.rb +8 -0
  21. data/lib/comfy/settings.rb +15 -0
  22. data/lib/comfy/templater.rb +62 -0
  23. data/lib/comfy/version.rb +3 -0
  24. data/lib/comfy.rb +18 -0
  25. data/lib/templates/centos/centos.cfg.erb +47 -0
  26. data/lib/templates/centos/centos.description +20 -0
  27. data/lib/templates/centos/files/10-ipv6.conf +5 -0
  28. data/lib/templates/centos/files/check-mk-agent-meta-checks-2.0-1.noarch.rpm +0 -0
  29. data/lib/templates/centos/files/check-mk-agent-meta-key-1.0-1.noarch.rpm +0 -0
  30. data/lib/templates/centos/files/cloud.cfg +101 -0
  31. data/lib/templates/centos/files/fail2ban.local +3 -0
  32. data/lib/templates/centos/files/getty@ttyS0.service +47 -0
  33. data/lib/templates/centos/files/grub +11 -0
  34. data/lib/templates/centos/files/iptables-multiport.local +6 -0
  35. data/lib/templates/centos/files/jail.local +17 -0
  36. data/lib/templates/centos/files/krb5.conf +181 -0
  37. data/lib/templates/centos/files/ntp.conf +61 -0
  38. data/lib/templates/centos/files/pakiti-2.1.5-1.noarch.rpm +0 -0
  39. data/lib/templates/centos/files/sshd_config +152 -0
  40. data/lib/templates/centos/files/xen-domU.conf +1 -0
  41. data/lib/templates/centos/scripts/init.sh +83 -0
  42. data/lib/templates/debian/debian.cfg.erb +80 -0
  43. data/lib/templates/debian/debian.description +28 -0
  44. data/lib/templates/debian/files/.bashrc +112 -0
  45. data/lib/templates/debian/files/.gitconfig +7 -0
  46. data/lib/templates/debian/files/10-ipv6.conf +5 -0
  47. data/lib/templates/debian/files/DEPOT-GPG-KEY.cfg +32 -0
  48. data/lib/templates/debian/files/RPM-GPG-KEY-CERIT-SC.cfg +30 -0
  49. data/lib/templates/debian/files/backports.list +2 -0
  50. data/lib/templates/debian/files/cerit-cloudinit.list +2 -0
  51. data/lib/templates/debian/files/cloud.cfg +102 -0
  52. data/lib/templates/debian/files/depot.list +4 -0
  53. data/lib/templates/debian/files/depot_all.pref +6 -0
  54. data/lib/templates/debian/files/depot_check_mk.pref +5 -0
  55. data/lib/templates/debian/files/fail2ban.local +3 -0
  56. data/lib/templates/debian/files/getty@ttyS0.service +47 -0
  57. data/lib/templates/debian/files/grub +34 -0
  58. data/lib/templates/debian/files/inittab +69 -0
  59. data/lib/templates/debian/files/interfaces +15 -0
  60. data/lib/templates/debian/files/iptables-multiport.local +6 -0
  61. data/lib/templates/debian/files/jail.local +17 -0
  62. data/lib/templates/debian/files/krb5.conf +181 -0
  63. data/lib/templates/debian/files/meta-misc.list +2 -0
  64. data/lib/templates/debian/files/modules +15 -0
  65. data/lib/templates/debian/files/ntp.conf +61 -0
  66. data/lib/templates/debian/files/pakiti_2.1.5-2_all.deb +0 -0
  67. data/lib/templates/debian/files/sshd_config +131 -0
  68. data/lib/templates/debian/scripts/debian_cloud_script.sh +80 -0
  69. data/lib/templates/docker/docker.cfg.erb +87 -0
  70. data/lib/templates/docker/docker.description +21 -0
  71. data/lib/templates/docker/files/10-ipv6.conf +5 -0
  72. data/lib/templates/docker/files/DEPOT-GPG-KEY.cfg +32 -0
  73. data/lib/templates/docker/files/RPM-GPG-KEY-CERIT-SC.cfg +30 -0
  74. data/lib/templates/docker/files/cloud.cfg +109 -0
  75. data/lib/templates/docker/files/depot.list +4 -0
  76. data/lib/templates/docker/files/depot_all.pref +6 -0
  77. data/lib/templates/docker/files/depot_check_mk.pref +5 -0
  78. data/lib/templates/docker/files/docker.list +1 -0
  79. data/lib/templates/docker/files/fail2ban.local +3 -0
  80. data/lib/templates/docker/files/grub +34 -0
  81. data/lib/templates/docker/files/interfaces +15 -0
  82. data/lib/templates/docker/files/iptables-multiport.local +6 -0
  83. data/lib/templates/docker/files/jail.local +17 -0
  84. data/lib/templates/docker/files/krb5.conf +181 -0
  85. data/lib/templates/docker/files/meta-misc.list +2 -0
  86. data/lib/templates/docker/files/modules +15 -0
  87. data/lib/templates/docker/files/ntp.conf +61 -0
  88. data/lib/templates/docker/files/pakiti_2.1.5-2_all.deb +0 -0
  89. data/lib/templates/docker/files/sshd_config +131 -0
  90. data/lib/templates/docker/files/ttyS0.conf +11 -0
  91. data/lib/templates/docker/scripts/init.sh +65 -0
  92. data/lib/templates/packer.erb +93 -0
  93. data/lib/templates/scientificlinux/files/10-ipv6.conf +5 -0
  94. data/lib/templates/scientificlinux/files/check-mk-agent-meta-checks-2.0-1.noarch.rpm +0 -0
  95. data/lib/templates/scientificlinux/files/check-mk-agent-meta-key-1.0-1.noarch.rpm +0 -0
  96. data/lib/templates/scientificlinux/files/cloud.cfg +101 -0
  97. data/lib/templates/scientificlinux/files/fail2ban.local +3 -0
  98. data/lib/templates/scientificlinux/files/getty@ttyS0.service +47 -0
  99. data/lib/templates/scientificlinux/files/grub +10 -0
  100. data/lib/templates/scientificlinux/files/iptables-multiport.local +6 -0
  101. data/lib/templates/scientificlinux/files/jail.local +17 -0
  102. data/lib/templates/scientificlinux/files/krb5.conf +181 -0
  103. data/lib/templates/scientificlinux/files/ntp.conf +61 -0
  104. data/lib/templates/scientificlinux/files/pakiti-2.1.5-1.noarch.rpm +0 -0
  105. data/lib/templates/scientificlinux/files/sshd_config +150 -0
  106. data/lib/templates/scientificlinux/files/xen-domU.conf +1 -0
  107. data/lib/templates/scientificlinux/scientificlinux.cfg.erb +57 -0
  108. data/lib/templates/scientificlinux/scientificlinux.description +19 -0
  109. data/lib/templates/scientificlinux/scripts/init.sh +92 -0
  110. data/lib/templates/ubuntu/files/10-ipv6.conf +5 -0
  111. data/lib/templates/ubuntu/files/DEPOT-GPG-KEY.cfg +32 -0
  112. data/lib/templates/ubuntu/files/RPM-GPG-KEY-CERIT-SC.cfg +30 -0
  113. data/lib/templates/ubuntu/files/cloud.cfg +109 -0
  114. data/lib/templates/ubuntu/files/depot.list +4 -0
  115. data/lib/templates/ubuntu/files/depot_all.pref +6 -0
  116. data/lib/templates/ubuntu/files/depot_check_mk.pref +5 -0
  117. data/lib/templates/ubuntu/files/fail2ban.local +3 -0
  118. data/lib/templates/ubuntu/files/grub +34 -0
  119. data/lib/templates/ubuntu/files/interfaces +15 -0
  120. data/lib/templates/ubuntu/files/iptables-multiport.local +6 -0
  121. data/lib/templates/ubuntu/files/jail.local +17 -0
  122. data/lib/templates/ubuntu/files/krb5.conf +181 -0
  123. data/lib/templates/ubuntu/files/meta-misc.list +2 -0
  124. data/lib/templates/ubuntu/files/modules +15 -0
  125. data/lib/templates/ubuntu/files/ntp.conf +61 -0
  126. data/lib/templates/ubuntu/files/pakiti_2.1.5-2_all.deb +0 -0
  127. data/lib/templates/ubuntu/files/sshd_config +131 -0
  128. data/lib/templates/ubuntu/files/ttyS0.conf +11 -0
  129. data/lib/templates/ubuntu/scripts/init.sh +54 -0
  130. data/lib/templates/ubuntu/ubuntu.cfg.erb +87 -0
  131. data/lib/templates/ubuntu/ubuntu.description +21 -0
  132. data/schema/distribution_descriptor.schema +241 -0
  133. metadata +374 -0
@@ -0,0 +1,181 @@
1
+ [libdefaults]
2
+ default_realm = META
3
+ forwardable = yes
4
+ forward = yes
5
+ encrypt = yes
6
+ srv_lookup = no
7
+ srv_try_txt = no
8
+ no-addresses = yes
9
+ allow_weak_crypto = true
10
+
11
+ [realms]
12
+ ICS.MUNI.CZ = {
13
+ kdc = kdccesnet.ics.muni.cz
14
+ kdc = kdc1.cesnet.cz
15
+ kdc = kdccesnet.meta.zcu.cz
16
+ admin_server = kdc1.cesnet.cz
17
+ kpasswd_server = kdc1.cesnet.cz
18
+ }
19
+ META = {
20
+ kdc = kdccesnet.ics.muni.cz
21
+ kdc = kdc1.cesnet.cz
22
+ kdc = kdccesnet.meta.zcu.cz
23
+ kdc = sal.ruk.cuni.cz:89
24
+ kdc = jerry.ruk.cuni.cz
25
+ admin_server = kdc1.cesnet.cz
26
+ kpasswd_server = kdc1.cesnet.cz
27
+ krb525_server = kdccesnet.ics.muni.cz
28
+ krb525_server = kdc1.cesnet.cz
29
+ krb525_server = kdccesnet.meta.zcu.cz
30
+ }
31
+ ZCU.CZ = {
32
+ kdc = kerberos1.zcu.cz
33
+ kdc = kerberos2.zcu.cz
34
+ kdc = kerberos3.zcu.cz
35
+ admin_server = kerberos-adm.zcu.cz
36
+ kpasswd_server = kerberos-adm.zcu.cz
37
+ }
38
+ RUK.CUNI.CZ = {
39
+ kdc = sal.ruk.cuni.cz
40
+ kdc = jerry.ruk.cuni.cz:89
41
+ admin_server = sal.ruk.cuni.cz
42
+ kpasswd_server = sal.ruk.cuni.cz
43
+ krb524_server = sal.ruk.cuni.cz
44
+ krb524_server = jerry.ruk.cuni.cz:89
45
+ }
46
+ IS.MUNI.CZ = {
47
+ kdc = ariadna.fi.muni.cz
48
+ }
49
+ SITOLA.FI.MUNI.CZ = {
50
+ kdc = hendrak.fi.muni.cz
51
+ kdc = oberon.fi.muni.cz
52
+ admin_server = oberon.fi.muni.cz
53
+ kpasswd_server = oberon.fi.muni.cz
54
+ }
55
+ ADMIN.META = {
56
+ kdc = kdccesnet.ics.muni.cz
57
+ admin_server = kdccesnet.ics.muni.cz
58
+ kpasswd_server = kdccesnet.ics.muni.cz
59
+ }
60
+ ASR.ICS.MUNI.CZ = {
61
+ kdc = bombur.ics.muni.cz
62
+ admin_server = bombur.ics.muni.cz
63
+ kpasswd_server = bombur.ics.muni.cz
64
+ }
65
+ EINFRA = {
66
+ kdc = kdc1.cesnet.cz
67
+ kdc = kdccesnet.ics.muni.cz
68
+ kdc = kdccesnet.meta.zcu.cz
69
+ admin_server = kdc1.cesnet.cz
70
+ }
71
+ EINFRA-SERVICES = {
72
+ kdc = kdc1.cesnet.cz
73
+ kdc = kdccesnet.ics.muni.cz
74
+ kdc = kdccesnet.meta.zcu.cz
75
+ admin_server = kdc1.cesnet.cz
76
+ }
77
+ EGI = {
78
+ kdc = kdc1.cesnet.cz
79
+ kdc = kdccesnet.ics.muni.cz
80
+ kdc = kdccesnet.meta.zcu.cz
81
+ admin_server = kdc1.cesnet.cz
82
+ }
83
+ SAGRID = {
84
+ kdc = kdc1.cesnet.cz
85
+ admin_server = kdc1.cesnet.cz
86
+ }
87
+ ELIXIR-EUROPE.ORG = {
88
+ kdc = kdc1.cesnet.cz
89
+ admin_server = kdc1.cesnet.cz
90
+ }
91
+
92
+ [capaths]
93
+ RUK.CUNI.CZ = {
94
+ EINFRA-SERVICES = META
95
+ ZCU.CZ = META
96
+ }
97
+ ZCU.CZ = {
98
+ EINFRA-SERVICES = META
99
+ RUK.CUNI.CZ = META
100
+ }
101
+ ICS.MUNI.CZ = {
102
+ EINFRA-SERVICES = META
103
+ }
104
+ EINFRA = {
105
+ ICS.MUNI.CZ = META
106
+ }
107
+ EINFRA-SERVICES = {
108
+ ICS.MUNI.CZ = META
109
+ RUK.CUNI.CZ = META
110
+ ZCU.CZ = META
111
+ }
112
+
113
+ [domain_realm]
114
+ sirion.ics.muni.cz = META
115
+ erebor.ics.muni.cz = META
116
+ acharon.ruk.cuni.cz = META
117
+ androth.zcu.cz = ICS.MUNI.CZ
118
+ .fi.muni.cz = SITOLA.FI.MUNI.CZ
119
+ .ics.muni.cz = ICS.MUNI.CZ
120
+ .cesnet.cz = ICS.MUNI.CZ
121
+ .zcu.cz = ZCU.CZ
122
+ .ruk.cuni.cz = RUK.CUNI.CZ
123
+ .medigrid.cz = ICS.MUNI.CZ
124
+ .video.muni.cz = ICS.MUNI.CZ
125
+ .ncbr.muni.cz = ICS.MUNI.CZ
126
+ .prf.jcu.cz = ICS.MUNI.CZ
127
+ .feec.vutbr.cz = ICS.MUNI.CZ
128
+ atlases.muni.cz = ICS.MUNI.CZ
129
+ .egi.eu = META
130
+ .fzu.cz = META
131
+ .cerit-sc.cz = ICS.MUNI.CZ
132
+ kdc1.cesnet.cz = EINFRA-SERVICES
133
+ .du1.cesnet.cz = EINFRA-SERVICES
134
+ .du2.cesnet.cz = EINFRA-SERVICES
135
+ .du3.cesnet.cz = EINFRA-SERVICES
136
+ ui2.grid.cesnet.cz = EINFRA-SERVICES
137
+ ui1.egee.cesnet.cz = EINFRA-SERVICES
138
+ ui1.grid.cesnet.cz = EINFRA-SERVICES
139
+ .metacentrum.cz = ICS.MUNI.CZ
140
+ .ueb.cas.cz = ICS.MUNI.CZ
141
+ .meta.zcu.cz = META
142
+ .ukb.muni.cz = ICS.MUNI.CZ
143
+ .ceitec.muni.cz = EINFRA-SERVICES
144
+
145
+ [appdefaults]
146
+ krb4_get_tickets = no
147
+ krb4_convert = no
148
+ krb4_convert_524 = no
149
+ pam = {
150
+ debug = false
151
+ forwardable = true
152
+ afs_cells = ics.muni.cz
153
+ minimum_uid=100
154
+ addressless = true
155
+ #Debian
156
+ realm = META
157
+ validate = true
158
+ #SuSE
159
+ ticket_lifetime = 36000
160
+ renew_lifetime = 36000
161
+ proxiable = false
162
+ retain_after_close = false
163
+ try_first_pass = true
164
+ external=true
165
+ force_creds = true
166
+ }
167
+ libkafs = {
168
+ ZCU.CZ = {
169
+ afs-use-524 = 2b
170
+ }
171
+ ICS.MUNI.CZ = {
172
+ afs-use-524 = 2b
173
+ }
174
+ RUK.CUNI.CZ = {
175
+ afs-use-524 = 2b
176
+ }
177
+ }
178
+
179
+ [kadmin]
180
+ default_keys = v5 v4
181
+
@@ -0,0 +1,61 @@
1
+ # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
2
+
3
+ driftfile /var/lib/ntp/ntp.drift
4
+
5
+
6
+ # Enable this if you want statistics to be logged.
7
+ statsdir /var/log/ntpstats/
8
+
9
+ statistics loopstats peerstats clockstats
10
+ filegen loopstats file loopstats type day enable
11
+ filegen peerstats file peerstats type day enable
12
+ filegen clockstats file clockstats type day enable
13
+
14
+
15
+ # You do need to talk to an NTP server or two (or three).
16
+ server tik.cesnet.cz
17
+ server tak.cesnet.cz
18
+ server ntp.muni.cz
19
+ server time.fi.muni.cz
20
+
21
+ # pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
22
+ # pick a different set every time it starts up. Please consider joining the
23
+ # pool: <http://www.pool.ntp.org/join.html>
24
+ #server 0.debian.pool.ntp.org iburst
25
+ #server 1.debian.pool.ntp.org iburst
26
+ #server 2.debian.pool.ntp.org iburst
27
+ #server 3.debian.pool.ntp.org iburst
28
+
29
+
30
+ # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
31
+ # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
32
+ # might also be helpful.
33
+ #
34
+ # Note that "restrict" applies to both servers and clients, so a configuration
35
+ # that might be intended to block requests from certain clients could also end
36
+ # up blocking replies from your own upstream servers.
37
+
38
+ # By default, exchange time with everybody, but don't allow configuration.
39
+ restrict -4 default kod notrap nomodify nopeer noquery
40
+ restrict -6 default kod notrap nomodify nopeer noquery
41
+
42
+ # Local users may interrogate the ntp server more closely.
43
+ restrict 127.0.0.1
44
+ restrict ::1
45
+
46
+ # Clients from this (example!) subnet have unlimited access, but only if
47
+ # cryptographically authenticated.
48
+ #restrict 192.168.123.0 mask 255.255.255.0 notrust
49
+
50
+
51
+ # If you want to provide time to your local subnet, change the next line.
52
+ # (Again, the address is an example only.)
53
+ #broadcast 192.168.123.255
54
+
55
+ # If you want to listen to time broadcasts on your local subnet, de-comment the
56
+ # next lines. Please do this only if you trust everybody on the network!
57
+ #disable auth
58
+ #broadcastclient
59
+
60
+ # Try to avoid NTP amplification attacks
61
+ disable monitor
@@ -0,0 +1,152 @@
1
+ # This is the sshd server system-wide configuration file. See
2
+ # sshd_config(5) for more information.
3
+
4
+ # This sshd was compiled with PATH=/usr/local/bin:/usr/bin
5
+
6
+ # The strategy used for options in the default sshd_config shipped with
7
+ # OpenSSH is to specify options with their default value where
8
+ # possible, but leave them commented. Uncommented options override the
9
+ # default value.
10
+
11
+ # If you want to change the port on a SELinux system, you have to tell
12
+ # SELinux about this change.
13
+ # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
14
+ #
15
+ #Port 22
16
+ AddressFamily inet
17
+ #ListenAddress 0.0.0.0
18
+ #ListenAddress ::
19
+
20
+ # The default requires explicit activation of protocol 1
21
+ #Protocol 2
22
+
23
+ # HostKey for protocol version 1
24
+ #HostKey /etc/ssh/ssh_host_key
25
+ # HostKeys for protocol version 2
26
+ HostKey /etc/ssh/ssh_host_rsa_key
27
+ #HostKey /etc/ssh/ssh_host_dsa_key
28
+ HostKey /etc/ssh/ssh_host_ecdsa_key
29
+
30
+ # Lifetime and size of ephemeral version 1 server key
31
+ #KeyRegenerationInterval 1h
32
+ #ServerKeyBits 1024
33
+
34
+ # Ciphers and keying
35
+ #RekeyLimit default none
36
+
37
+ # Logging
38
+ # obsoletes QuietMode and FascistLogging
39
+ #SyslogFacility AUTH
40
+ SyslogFacility AUTHPRIV
41
+ #LogLevel INFO
42
+
43
+ # Authentication:
44
+
45
+ #LoginGraceTime 2m
46
+ #PermitRootLogin yes
47
+ #StrictModes yes
48
+ #MaxAuthTries 6
49
+ #MaxSessions 10
50
+
51
+ #RSAAuthentication yes
52
+ #PubkeyAuthentication yes
53
+
54
+ # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
55
+ # but this is overridden so installations will only check .ssh/authorized_keys
56
+ AuthorizedKeysFile .ssh/authorized_keys
57
+
58
+ #AuthorizedPrincipalsFile none
59
+
60
+ #AuthorizedKeysCommand none
61
+ #AuthorizedKeysCommandUser nobody
62
+
63
+ # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
64
+ #RhostsRSAAuthentication no
65
+ # similar for protocol version 2
66
+ #HostbasedAuthentication no
67
+ # Change to yes if you don't trust ~/.ssh/known_hosts for
68
+ # RhostsRSAAuthentication and HostbasedAuthentication
69
+ #IgnoreUserKnownHosts no
70
+ # Don't read the user's ~/.rhosts and ~/.shosts files
71
+ #IgnoreRhosts yes
72
+
73
+ # To disable tunneled clear text passwords, change to no here!
74
+ #PermitEmptyPasswords no
75
+ PasswordAuthentication no
76
+
77
+ # Change to no to disable s/key passwords
78
+ #ChallengeResponseAuthentication yes
79
+ ChallengeResponseAuthentication no
80
+
81
+ # Kerberos options
82
+ #KerberosAuthentication no
83
+ #KerberosOrLocalPasswd yes
84
+ #KerberosTicketCleanup yes
85
+ #KerberosGetAFSToken no
86
+ #KerberosUseKuserok yes
87
+
88
+ # GSSAPI options
89
+ GSSAPIAuthentication yes
90
+ GSSAPICleanupCredentials yes
91
+ #GSSAPIStrictAcceptorCheck yes
92
+ #GSSAPIKeyExchange no
93
+
94
+ # Set this to 'yes' to enable PAM authentication, account processing,
95
+ # and session processing. If this is enabled, PAM authentication will
96
+ # be allowed through the ChallengeResponseAuthentication and
97
+ # PasswordAuthentication. Depending on your PAM configuration,
98
+ # PAM authentication via ChallengeResponseAuthentication may bypass
99
+ # the setting of "PermitRootLogin without-password".
100
+ # If you just want the PAM account and session checks to run without
101
+ # PAM authentication, then enable this but set PasswordAuthentication
102
+ # and ChallengeResponseAuthentication to 'no'.
103
+ # WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
104
+ # problems.
105
+ #UsePAM no
106
+ UsePAM yes
107
+
108
+ #AllowAgentForwarding yes
109
+ #AllowTcpForwarding yes
110
+ #GatewayPorts no
111
+ #X11Forwarding no
112
+ X11Forwarding yes
113
+ #X11DisplayOffset 10
114
+ #X11UseLocalhost yes
115
+ PrintMotd yes
116
+ #PrintLastLog yes
117
+ #TCPKeepAlive yes
118
+ #UseLogin no
119
+ UsePrivilegeSeparation sandbox # Default for new installations.
120
+ #PermitUserEnvironment no
121
+ #Compression delayed
122
+ ClientAliveInterval 30
123
+ ClientAliveCountMax 5
124
+ #ShowPatchLevel no
125
+ #UseDNS yes
126
+ #PidFile /var/run/sshd.pid
127
+ #MaxStartups 10:30:100
128
+ #PermitTunnel no
129
+ #ChrootDirectory none
130
+ #VersionAddendum none
131
+
132
+ # no default banner path
133
+ #Banner none
134
+
135
+ # Accept locale-related environment variables
136
+ AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
137
+ AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
138
+ AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
139
+ AcceptEnv XMODIFIERS
140
+
141
+ # override default of no subsystems
142
+ Subsystem sftp /usr/libexec/openssh/sftp-server
143
+
144
+ # Uncomment this if you want to use .local domain
145
+ #Host *.local
146
+ # CheckHostIP no
147
+
148
+ # Example of overriding settings on a per-user basis
149
+ #Match User anoncvs
150
+ # X11Forwarding no
151
+ # AllowTcpForwarding no
152
+ # ForceCommand cvs server
@@ -0,0 +1 @@
1
+ add_drivers+="xen-blkfront xen-netfront xen-kbdfront"
@@ -0,0 +1,83 @@
1
+ #!/usr/bin/env bash
2
+
3
+ # add EPEL repository
4
+ yum -y install http://ftp.astral.ro/mirrors/fedora/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
5
+ # update already installed packages
6
+ yum -y update
7
+ # install new packages
8
+ yum -y install cloud-init
9
+ yum -y install fail2ban ntp
10
+ yum -y install qemu-guest-agent
11
+ yum -y install krb5-libs krb5-workstation pam_krb5
12
+ yum -y install vim git
13
+
14
+ # set cloud-init to start after boot
15
+ systemctl enable cloud-init-local
16
+ systemctl enable cloud-init
17
+ systemctl enable cloud-config
18
+ systemctl enable cloud-final
19
+
20
+ # NTPd start after boot
21
+ systemctl enable ntpd.service
22
+
23
+ # move configuration file to their right place
24
+ mv /root/cloud.cfg /etc/cloud/cloud.cfg
25
+ mv /root/krb5.conf /etc/krb5.conf
26
+ mv /root/sshd_config /etc/ssh/sshd_config
27
+ mv /root/10-ipv6.conf /etc/sysctl.d/10-ipv6.conf
28
+ mv /root/grub /etc/default/grub
29
+ mv /root/getty\@ttyS0.service /etc/systemd/system/getty\@ttyS0.service
30
+ grub2-mkconfig -o /boot/grub2/grub.cfg
31
+ ln -s /etc/systemd/system/getty\@ttyS0.service /etc/systemd/system/getty.target.wants/getty@ttyS0.service
32
+ mv /root/ntp.conf /etc/ntp.conf
33
+ mv /root/xen-domU.conf /etc/dracut.conf.d/xen-domU.conf
34
+
35
+ # fail2ban
36
+ mv /root/iptables-multiport.local /etc/fail2ban/action.d/iptables-multiport.local
37
+ mv /root/jail.local /etc/fail2ban/jail.local
38
+ mv /root/fail2ban.local /etc/fail2ban/fail2ban.local
39
+
40
+ # pakiti-2-client
41
+ rpm -i pakiti-2.1.5-1.noarch.rpm
42
+ rm -f pakiti-2.1.5-1.noarch.rpm
43
+
44
+ # check-mk-agent
45
+ yum -y install check-mk-agent
46
+ rpm -i check-mk-agent-meta-key-1.0-1.noarch.rpm
47
+ rpm -i check-mk-agent-meta-checks-2.0-1.noarch.rpm
48
+ rm -f check-mk-agent-meta-key-1.0-1.noarch.rpm
49
+ rm -f check-mk-agent-meta-checks-2.0-1.noarch.rpm
50
+ sed -i s/"disable\s*= no"/'disable = yes'/g /etc/xinetd.d/check-mk-agent
51
+
52
+ # remove hardware address (MAC) and UUID from NIC configuration files
53
+ sed -i '/^HWADDR/d' /etc/sysconfig/network-scripts/ifcfg-eth*
54
+ sed -i '/^UUID/d' /etc/sysconfig/network-scripts/ifcfg-eth*
55
+
56
+ # make sure nothing is messing with NICs' MAC adresses
57
+ unlink /etc/udev/rules.d/70-persistent-net.rules
58
+ ln -s /dev/null /etc/udev/rules.d/70-persistent-net.rules
59
+ unlink /etc/udev/rules.d/70-persistent-cd.rules
60
+ ln -s /dev/null /etc/udev/rules.d/70-persistent-cd.rules
61
+
62
+ # create configuration for second NIC if it's missing
63
+ if [ ! -f /etc/sysconfig/network-scripts/ifcfg-eth1 ]; then
64
+ sed 's/eth0/eth1/g' /etc/sysconfig/network-scripts/ifcfg-eth0 > /etc/sysconfig/network-scripts/ifcfg-eth1
65
+ fi
66
+
67
+ # enable built-in networking
68
+ # using both commands because of unfinished systemd support in system
69
+ systemctl enable network
70
+ chkconfig network on
71
+
72
+ # disable NetworkManager
73
+ systemctl disable NetworkManager
74
+
75
+ #regenerate initrd files
76
+ dracut -f
77
+
78
+ # disable root login with password
79
+ passwd -d root
80
+
81
+ # clean bash history and cloud init logs
82
+ rm -f ~/.bash_history
83
+ rm -f /var/log/cloud-init*
@@ -0,0 +1,80 @@
1
+ #Contents of the preconfiguration file (for wheezy)
2
+
3
+ # Localization and language
4
+ d-i debian-installer/locale string en_US
5
+
6
+ # Keyboard
7
+ d-i console-keymaps-at/keymap select us
8
+ d-i keyboard-configuration/xkb-keymap select us
9
+
10
+ # Network
11
+ d-i netcfg/choose_interface select auto
12
+ d-i netcfg/get_hostname string debian
13
+ d-i netcfg/get_domain string cesnet.cz
14
+ d-i netcfg/wireless_wep string
15
+ d-i hw-detect/load_firmware boolean true
16
+
17
+ #Mirror
18
+ d-i mirror/country string manual
19
+ d-i mirror/http/hostname string ftp.debian.org
20
+ d-i mirror/http/directory string /debian
21
+ d-i mirror/http/proxy string
22
+
23
+ # Clock and time zone
24
+ d-i clock-setup/utc boolean true
25
+ d-i time/zone string Europe/Prague
26
+ d-i clock-setup/ntp boolean true
27
+
28
+ # Account
29
+ d-i passwd/make-user boolean false
30
+
31
+ # Root password
32
+ d-i passwd/root-password password <%= @data[:password] %>
33
+ d-i passwd/root-password-again password <%= @data[:password] %>
34
+
35
+ # Partition
36
+ d-i partman-md/device_remove_md boolean true
37
+ d-i partman-lvm/device_remove_lvm boolean true
38
+
39
+ d-i partman-auto/choose_recipe select boot-root
40
+ d-i partman-auto/init_automatically_partition select biggest_free
41
+ d-i partman-auto/method string regular
42
+
43
+ d-i partman-auto/expert_recipe string \
44
+ boot-root :: \
45
+ 500 10000 1000000000 ext4 \
46
+ method{ format } format{ } \
47
+ use_filesystem{ } filesystem{ ext4 } \
48
+ mountpoint{ / } \
49
+ .
50
+
51
+ d-i partman/confirm_write_new_label boolean true
52
+ d-i partman/choose_partition select finish
53
+ d-i partman/confirm_nooverwrite boolean true
54
+ d-i partman/confirm boolean true
55
+ d-i partman-basicfilesystems/no_swap boolean false
56
+ d-i partman-basicfilesystems/no_swap seen true
57
+ d-i partman/mount_style select uuid
58
+
59
+ # Grub
60
+ d-i grub-installer/only_debian boolean true
61
+ d-i grub-installer/with_other_os boolean true
62
+ d-i grub-installer/bootdev string /dev/vda
63
+
64
+ # Apt setup
65
+ d-i apt-setup/non-free boolean true
66
+ d-i apt-setup/contrib boolean true
67
+
68
+ # Package selection
69
+ tasksel tasksel/first multiselect none
70
+ d-i pkgsel/include string openssh-server build-essential
71
+ #d-i pkgsel/include string openssh-server git-buildpackage
72
+
73
+ # SSH hack to allow root login
74
+ d-i preseed/late_command string in-target sed -i "s/PermitRootLogin without-password/PermitRootLogin yes/" /etc/ssh/sshd_config; \
75
+ in-target echo "blacklist ipv6" >> /etc/modprobe.d/blacklist.conf
76
+
77
+ popularity-contest popularity-contest/participate boolean false
78
+ # Finishing up the installation
79
+ d-i finish-install/reboot_in_progress note<span style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px; white-space: normal;" class="Apple-style-span"> </span>
80
+
@@ -0,0 +1,28 @@
1
+ {
2
+ "name": "Debian",
3
+ "versions": [{
4
+ "major_version": "7",
5
+ "minor_version": "9",
6
+ "patch_version": "0",
7
+ "codename": "wheezy",
8
+ "iso_url": "http://cdimage.debian.org/cdimage/archive/7.9.0/amd64/iso-cd/debian-7.9.0-amd64-netinst.iso",
9
+ "iso_checksum": "b6a19b4cf1d046e5eba1ae235a94824bca5a7c8f092a28216396c9d585ef709d"
10
+ },{
11
+ "major_version": "8",
12
+ "minor_version": "2",
13
+ "patch_version": "0",
14
+ "codename": "jessie",
15
+ "iso_url": "http://cdimage.debian.org/debian-cd/8.2.0/amd64/iso-cd/debian-8.2.0-amd64-netinst.iso",
16
+ "iso_checksum": "d393d17ac6b3113c81186e545c416a00f28ed6e05774284bb5e8f0df39fcbcb9"
17
+ }],
18
+ "boot_command": "install auto=true priority=critical preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}",
19
+ "qemu": {
20
+ "accelerator": "kvm",
21
+ "qemuargs": [ [ "-m", "1024M" ] ]
22
+ },
23
+ "virtualbox": {
24
+ "guest_os_type": "Debian_64",
25
+ "vboxmanage": [ ["modifyvm", "{{.Name}}", "--memory", "1024"] ],
26
+ "guest_additions_mode": "disable"
27
+ }
28
+ }