comfy 0.2.0

data/lib/templates/debian/files/krb5.conf

@@ -0,0 +1,181 @@
+[libdefaults]
+        default_realm = META 
+        forwardable = yes
+        forward = yes
+        encrypt = yes
+        srv_lookup = no
+        srv_try_txt = no
+        no-addresses = yes
+	allow_weak_crypto = true
+
+[realms]
+    ICS.MUNI.CZ = {
+	    kdc = kdccesnet.ics.muni.cz
+	    kdc = kdc1.cesnet.cz
+	    kdc = kdccesnet.meta.zcu.cz
+            admin_server = kdc1.cesnet.cz
+            kpasswd_server = kdc1.cesnet.cz
+    }
+    META = {
+            kdc = kdccesnet.ics.muni.cz
+	    kdc = kdc1.cesnet.cz
+	    kdc = kdccesnet.meta.zcu.cz
+            kdc = sal.ruk.cuni.cz:89
+	    kdc = jerry.ruk.cuni.cz
+            admin_server = kdc1.cesnet.cz
+            kpasswd_server = kdc1.cesnet.cz
+	    krb525_server = kdccesnet.ics.muni.cz
+	    krb525_server = kdc1.cesnet.cz 
+	    krb525_server = kdccesnet.meta.zcu.cz 
+    }
+    ZCU.CZ = {
+            kdc = kerberos1.zcu.cz
+            kdc = kerberos2.zcu.cz
+            kdc = kerberos3.zcu.cz
+            admin_server = kerberos-adm.zcu.cz
+            kpasswd_server = kerberos-adm.zcu.cz
+    }
+    RUK.CUNI.CZ = {
+            kdc = sal.ruk.cuni.cz
+            kdc = jerry.ruk.cuni.cz:89
+            admin_server = sal.ruk.cuni.cz
+            kpasswd_server = sal.ruk.cuni.cz
+	    krb524_server = sal.ruk.cuni.cz
+	    krb524_server = jerry.ruk.cuni.cz:89
+    }
+    IS.MUNI.CZ = {
+            kdc = ariadna.fi.muni.cz
+    }
+    SITOLA.FI.MUNI.CZ = {
+            kdc = hendrak.fi.muni.cz
+            kdc = oberon.fi.muni.cz
+            admin_server = oberon.fi.muni.cz
+            kpasswd_server = oberon.fi.muni.cz
+    }
+    ADMIN.META = {
+            kdc = kdccesnet.ics.muni.cz
+            admin_server = kdccesnet.ics.muni.cz
+            kpasswd_server = kdccesnet.ics.muni.cz
+    }
+    ASR.ICS.MUNI.CZ = {
+            kdc = bombur.ics.muni.cz
+            admin_server = bombur.ics.muni.cz
+            kpasswd_server = bombur.ics.muni.cz
+    }
+    EINFRA = {
+            kdc = kdc1.cesnet.cz
+            kdc = kdccesnet.ics.muni.cz
+	    kdc = kdccesnet.meta.zcu.cz
+	    admin_server = kdc1.cesnet.cz
+    }
+    EINFRA-SERVICES = {
+            kdc = kdc1.cesnet.cz
+            kdc = kdccesnet.ics.muni.cz
+	    kdc = kdccesnet.meta.zcu.cz
+   	    admin_server = kdc1.cesnet.cz
+    }
+    EGI = {
+	    kdc = kdc1.cesnet.cz
+	    kdc = kdccesnet.ics.muni.cz
+	    kdc = kdccesnet.meta.zcu.cz
+	    admin_server = kdc1.cesnet.cz
+    }
+    SAGRID = {
+            kdc = kdc1.cesnet.cz
+            admin_server = kdc1.cesnet.cz
+    }
+    ELIXIR-EUROPE.ORG = {
+            kdc = kdc1.cesnet.cz
+            admin_server = kdc1.cesnet.cz
+    }
+
+[capaths]
+        RUK.CUNI.CZ = {
+                EINFRA-SERVICES = META
+                ZCU.CZ = META
+        }
+        ZCU.CZ = {
+                EINFRA-SERVICES = META
+                RUK.CUNI.CZ = META
+        }
+        ICS.MUNI.CZ = {
+                  EINFRA-SERVICES = META
+        }
+        EINFRA = {
+                ICS.MUNI.CZ = META
+        }
+        EINFRA-SERVICES = {
+                ICS.MUNI.CZ = META
+                RUK.CUNI.CZ = META
+                ZCU.CZ = META
+        }
+
+[domain_realm]
+        sirion.ics.muni.cz = META
+        erebor.ics.muni.cz = META
+        acharon.ruk.cuni.cz = META
+	androth.zcu.cz = ICS.MUNI.CZ
+        .fi.muni.cz = SITOLA.FI.MUNI.CZ
+        .ics.muni.cz = ICS.MUNI.CZ
+        .cesnet.cz = ICS.MUNI.CZ
+        .zcu.cz = ZCU.CZ
+        .ruk.cuni.cz = RUK.CUNI.CZ
+	.medigrid.cz = ICS.MUNI.CZ
+	.video.muni.cz = ICS.MUNI.CZ
+	.ncbr.muni.cz = ICS.MUNI.CZ
+	.prf.jcu.cz = ICS.MUNI.CZ
+	.feec.vutbr.cz = ICS.MUNI.CZ
+	atlases.muni.cz = ICS.MUNI.CZ
+	.egi.eu = META
+	.fzu.cz = META
+	.cerit-sc.cz = ICS.MUNI.CZ
+	kdc1.cesnet.cz = EINFRA-SERVICES
+	.du1.cesnet.cz = EINFRA-SERVICES
+	.du2.cesnet.cz = EINFRA-SERVICES
+	.du3.cesnet.cz = EINFRA-SERVICES
+	ui2.grid.cesnet.cz = EINFRA-SERVICES
+	ui1.egee.cesnet.cz = EINFRA-SERVICES
+	ui1.grid.cesnet.cz = EINFRA-SERVICES
+	.metacentrum.cz = ICS.MUNI.CZ
+	.ueb.cas.cz = ICS.MUNI.CZ
+	.meta.zcu.cz = META
+	.ukb.muni.cz = ICS.MUNI.CZ
+	.ceitec.muni.cz = EINFRA-SERVICES
+
+[appdefaults]
+    krb4_get_tickets = no
+    krb4_convert = no
+    krb4_convert_524 = no
+    pam = {
+        debug = false
+        forwardable = true
+        afs_cells = ics.muni.cz
+        minimum_uid=100
+        addressless = true
+#Debian
+        realm = META
+        validate = true
+#SuSE
+        ticket_lifetime = 36000
+        renew_lifetime = 36000
+        proxiable = false
+        retain_after_close = false
+        try_first_pass = true
+        external=true
+        force_creds = true
+    }
+    libkafs = {
+    	ZCU.CZ = {
+		afs-use-524 = 2b
+	}
+    	ICS.MUNI.CZ = {
+		afs-use-524 = 2b
+	}
+	RUK.CUNI.CZ = {
+		afs-use-524 = 2b
+	}
+   }
+
+[kadmin]
+	default_keys = v5 v4
+

data/lib/templates/debian/files/meta-misc.list

@@ -0,0 +1,2 @@
+## CERIT-SC's meta-misc repository
+deb http://apt.cerit-sc.cz/meta_misc/ wheezy main

data/lib/templates/debian/files/modules

@@ -0,0 +1,15 @@
+# List of modules that you want to include in your initramfs.
+# They will be loaded at boot time in the order below.
+#
+# Syntax:  module_name [args ...]
+#
+# You must run update-initramfs(8) to effect this change.
+#
+# Examples:
+#
+# raid1
+# sd_mod
+xen-blkfront
+xen-netfront
+xen-kbdfront
+

data/lib/templates/debian/files/ntp.conf

@@ -0,0 +1,61 @@
+# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
+
+driftfile /var/lib/ntp/ntp.drift
+
+
+# Enable this if you want statistics to be logged.
+statsdir /var/log/ntpstats/
+
+statistics loopstats peerstats clockstats
+filegen loopstats file loopstats type day enable
+filegen peerstats file peerstats type day enable
+filegen clockstats file clockstats type day enable
+
+
+# You do need to talk to an NTP server or two (or three).
+server tik.cesnet.cz
+server tak.cesnet.cz
+server ntp.muni.cz
+server time.fi.muni.cz
+
+# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
+# pick a different set every time it starts up.  Please consider joining the
+# pool: <http://www.pool.ntp.org/join.html>
+#server 0.debian.pool.ntp.org iburst
+#server 1.debian.pool.ntp.org iburst
+#server 2.debian.pool.ntp.org iburst
+#server 3.debian.pool.ntp.org iburst
+
+
+# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
+# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
+# might also be helpful.
+#
+# Note that "restrict" applies to both servers and clients, so a configuration
+# that might be intended to block requests from certain clients could also end
+# up blocking replies from your own upstream servers.
+
+# By default, exchange time with everybody, but don't allow configuration.
+restrict -4 default kod notrap nomodify nopeer noquery
+restrict -6 default kod notrap nomodify nopeer noquery
+
+# Local users may interrogate the ntp server more closely.
+restrict 127.0.0.1
+restrict ::1
+
+# Clients from this (example!) subnet have unlimited access, but only if
+# cryptographically authenticated.
+#restrict 192.168.123.0 mask 255.255.255.0 notrust
+
+
+# If you want to provide time to your local subnet, change the next line.
+# (Again, the address is an example only.)
+#broadcast 192.168.123.255
+
+# If you want to listen to time broadcasts on your local subnet, de-comment the
+# next lines.  Please do this only if you trust everybody on the network!
+#disable auth
+#broadcastclient
+
+# Try to avoid NTP amplification attacks
+disable monitor

data/lib/templates/debian/files/sshd_config

@@ -0,0 +1,131 @@
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+#Port 22
+AddressFamily inet
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+# The default requires explicit activation of protocol 1
+#Protocol 2
+
+# HostKey for protocol version 1
+#HostKey /etc/ssh/ssh_host_key
+# HostKeys for protocol version 2
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Lifetime and size of ephemeral version 1 server key
+#KeyRegenerationInterval 1h
+#ServerKeyBits 1024
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+# obsoletes QuietMode and FascistLogging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#RSAAuthentication yes
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile      .ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#RhostsRSAAuthentication no
+# similar for protocol version 2
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication no
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+GSSAPIAuthentication yes
+GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+PrintMotd no # pam does that
+#PrintLastLog yes
+TCPKeepAlive yes
+#UseLogin no
+UsePrivilegeSeparation sandbox          # Default for new installations.
+#PermitUserEnvironment no
+#Compression delayed
+ClientAliveInterval 30
+ClientAliveCountMax 5
+#UseDNS no
+#PidFile /run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem       sftp    /usr/lib/ssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#       X11Forwarding no
+#       AllowTcpForwarding no
+#       PermitTTY no
+#       ForceCommand cvs server

data/lib/templates/debian/scripts/debian_cloud_script.sh

@@ -0,0 +1,80 @@
+#!/bin/bash
+###########################################################
+#############INITIALIZATION SCRIPT FOR DEBIAN##############
+######################CESNET CLOUD#########################
+###########################################################
+
+mv /root/cerit-cloudinit.list /etc/apt/sources.list.d/cerit-cloudinit.list
+apt-key add /root/RPM-GPG-KEY-CERIT-SC.cfg
+rm -f /root/RPM-GPG-KEY-CERIT-SC.cfg
+apt-key add /root/DEPOT-GPG-KEY.cfg
+rm -f /root/DEPOT-GPG-KEY.cfg
+mv /root/backports.list /etc/apt/sources.list.d/backports.list
+mv /root/meta-misc.list /etc/apt/sources.list.d/meta-misc.list
+mv /root/depot.list /etc/apt/sources.list.d/depot.list
+mv /root/depot_all.pref /etc/apt/preferences.d/depot_all.pref
+mv /root/depot_check_mk.pref /etc/apt/preferences.d/depot_check_mk.pref
+
+apt-get update
+apt-get --assume-yes upgrade
+apt-get --assume-yes install sudo
+apt-get --assume-yes install mingetty
+apt-get --assume-yes install cloud-init
+apt-get --assume-yes install qemu-guest-agent
+apt-get --assume-yes install fail2ban ntp
+DEBIAN_FRONTEND=noninteractive apt-get --assume-yes install -q -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" heimdal-clients libpam-heimdal
+apt-get --assume-yes install vim git
+
+
+# Enable services
+if [[ $(lsb_release -rs) == 7.* ]]; then
+  insserv cloud-init-local
+  insserv cloud-init
+  insserv cloud-config
+  insserv cloud-final
+  rm /root/getty\@ttyS0.service
+else
+  systemctl enable ntp
+  systemctl enable cloud-init-local
+  systemctl enable cloud-init
+  systemctl enable cloud-config
+  systemctl enable cloud-final
+  rm /etc/cloud/cloud.cfg.d/90_dpkg.cfg
+  rm /etc/apt/sources.list.d/backports.list
+  mv /root/getty\@ttyS0.service /etc/systemd/system/getty.target.wants/getty@ttyS0.service
+  ln -s /etc/systemd/system/getty\@ttyS0.service /etc/systemd/system/getty.target.wants/getty@ttyS0.service
+fi
+
+mv /root/ntp.conf /etc/ntp.conf
+mv /root/cloud.cfg /etc/cloud/cloud.cfg
+mv /root/krb5.conf /etc/krb5.conf
+mv /root/sshd_config /etc/ssh/sshd_config
+mv /root/interfaces /etc/network/interfaces
+mv /root/10-ipv6.conf /etc/sysctl.d/10-ipv6.conf
+mv /root/grub /etc/default/grub
+mv /root/inittab /etc/inittab
+mv /root/modules /etc/initramfs-tools/modules
+
+# fail2ban
+mv /root/iptables-multiport.local /etc/fail2ban/action.d/iptables-multiport.local
+mv /root/jail.local /etc/fail2ban/jail.local
+mv /root/fail2ban.local /etc/fail2ban/fail2ban.local
+
+# pakiti-2-client
+dpkg -i pakiti_2.1.5-2_all.deb
+rm -f pakiti_2.1.5-2_all.deb
+
+# check-mk-agent
+apt-get --assume-yes install check-mk-agent check-mk-agent-meta-key
+apt-get --assume-yes install check-mk-agent-meta-checks
+
+update-grub
+
+ln -s /dev/null /etc/udev/rules.d/75-persistent-net-generator.rules
+
+update-initramfs -v -u -k `uname -r`
+
+passwd -d root
+
+rm -f ~/.bash_history
+rm -f /var/log/cloud-init*

data/lib/templates/docker/docker.cfg.erb

@@ -0,0 +1,87 @@
+#Contents of the preconfiguration file (for ubuntu 12.04 and 14.04)
+
+# Localization and language
+d-i debian-installer/language string en
+d-i debian-installer/country string US
+d-i debian-installer/locale string en_US
+d-i localechooser/supported-locales en_US
+ 
+# Keyboard
+d-i console-setup/ask_detect boolean false
+d-i console-setup/layoutcode string us
+d-i keymap select us
+d-i keyboard-configuration/xkb-keymap select us
+  
+# Network
+d-i netcfg/choose_interface select auto
+d-i netcfg/get_hostname string ubuntu
+d-i netcfg/get_domain string cesnet.cz
+  
+# Mirror
+d-i mirror/country string manual
+d-i mirror/http/hostname string archive.ubuntu.com
+d-i mirror/http/directory string /ubuntu/
+d-i mirror/http/proxy string
+    
+# Clock and time zone
+d-i clock-setup/utc boolean true
+d-i time/zone string Europe/Prague
+d-i clock-setup/ntp boolean true
+
+# Account 
+#d-i passwd/user-fullname string temporary_user
+#d-i passwd/username string temporary_user
+#d-i passwd/user-password password <%= @data[:password] %>
+#d-i passwd/user-password-again password <%= @data[:password] %>
+#d-i user-setup/encrypt-home boolean false
+#d-i user-setup/allow-password-weak boolean true
+d-i passwd/make-user boolean false
+
+# Root password
+d-i passwd/root-login boolean true
+d-i passwd/root-password password <%= @data[:password] %>
+d-i passwd/root-password-again password <%= @data[:password] %>
+     
+# Partition
+d-i partman-md/device_remove_md boolean true
+d-i partman-lvm/device_remove_lvm boolean true
+    
+d-i partman-auto/choose_recipe select boot-root
+d-i partman-auto/init_automatically_partition select biggest_free
+d-i partman-auto/method string regular
+
+d-i partman-auto/expert_recipe string                         \
+      boot-root ::                                            \
+              500 10000 1000000000 ext4                       \
+		      method{ format } format{ }	      \
+                      use_filesystem{ } filesystem{ ext4 }    \
+                      mountpoint{ / }                         \
+              .                                               
+
+d-i partman/confirm_write_new_label boolean true
+d-i partman/choose_partition select  finish
+d-i partman/confirm_nooverwrite boolean true
+d-i partman/confirm boolean true
+d-i partman-basicfilesystems/no_swap boolean false
+d-i partman-basicfilesystems/no_swap seen true 
+d-i partman/mount_style select uuid
+
+# Grub
+d-i grub-installer/only_debian boolean true
+d-i grub-installer/with_other_os boolean false        
+       
+# Base system installation
+#d-i base-installer/install-recommends boolean false
+d-i base-installer/kernel/image string linux-generic          
+           
+# Package selection
+tasksel tasksel/first multiselect none
+d-i pkgsel/update-policy select none
+d-i pkgsel/include string openssh-server build-essential
+d-i pkgsel/upgrade select none
+
+# SSH hack to allow root login
+d-i preseed/late_command string in-target sed -i "s/PermitRootLogin without-password/PermitRootLogin yes/" /etc/ssh/sshd_config
+
+# Finishing up the installation
+d-i finish-install/reboot_in_progress note

data/lib/templates/docker/docker.description

@@ -0,0 +1,21 @@
+{
+  "name": "Docker",
+  "versions": [{
+      "major_version": "14",
+      "minor_version": "04",
+      "codename": "trusty",
+      "name": "Trusty Tahr",
+      "iso_url": "http://archive.ubuntu.com/ubuntu/dists/trusty/main/installer-amd64/current/images/netboot/mini.iso",
+      "iso_checksum": "bc09966b54f91f62c3c41fc14b76f2baa4cce48595ce22e8c9f24ab21ac8d965"
+    }],
+  "boot_command": "install auto=true priority=critical preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}",
+  "qemu": {
+    "accelerator": "kvm",
+    "qemuargs": [ [ "-m", "1024M" ] ]
+  },
+  "virtualbox": {
+    "guest_os_type": "Ubuntu_64",
+    "vboxmanage": [ ["modifyvm", "{{.Name}}", "--memory", "1024"] ],
+    "guest_additions_mode": "disable"
+  }
+}

data/lib/templates/docker/files/10-ipv6.conf

@@ -0,0 +1,5 @@
+net.ipv6.conf.all.disable_ipv6 = 1
+net.ipv6.conf.default.disable_ipv6 = 1
+net.ipv6.conf.lo.disable_ipv6 = 1
+net.ipv6.conf.eth0.disable_ipv6 = 1
+net.ipv6.conf.eth1.disable_ipv6 = 1

data/lib/templates/docker/files/DEPOT-GPG-KEY.cfg

@@ -0,0 +1,32 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.6 (GNU/Linux)
+
+mQINBEvVSjABEACo7dd0akbgM+C+Oph64KHYaF2Cezsv2Ngc2W/OGZ3dhCdhxbE/
+7dnt4Mm5V5eLzuevgf90Pm/W1k0AAlYPqDmiHlom45G1J+XrQqWhZNPv7HCiAj/X
+7tiXV/Gp4BfQvJJasilAACTkqbsloANRktd9S1k5jRd+zfVvkNEoEUW9/HT6w6Z5
+ZRlYixw/ooDpcX4uK7rHeTtC0udLDwAWY281/zn8XMPEvLo7ql+5kABJIy6iZJ2o
+vyWyo4SwYkYOHPcni4Cy6jCGP9LZR61sweOcsdfc8vsvr120OdFuTpR9X9gm6K20
+tX8PDEy3GzMreVtrI/bJrcVbu+oz7cCycl+8qIkNtX+B2zC7tslE316xfoat7ZIb
+sYQcHXTlvedfMS7NtZ8NfOVernwt3tWffBmyTSrmlrqTGOwes6Vm2xhXZ7/h9K+W
+7zEFTID8idpHqnDdx9DFFuUeQ6IcmAOjE4Xny/bfw0jan3/0+Ncv1FX5NJzf7GdH
+4Xm85v2DNA689jHziJv3X/QLKtP4LEA0JmZD++9hAMd5XJ1lobSJZqytHlOKPjGg
+/eSwBaVgHENbEeHBMAET3QL5J1cFzUqS3HXrCoWh8MSoq3XYLPtLxZrSEX8z5WKh
+pE5FLx0FGSi5MFyHg2WqBDkqSTN3Doe1uh8SoT9vVFuPb1m4cAR1KzPGHwARAQAB
+tFhNZXRhQ2VudHJ1bSBQYWNrYWdlIFJlcG9zaXRvcnkgKE1ldGFDZW50cnVtIFBh
+Y2thZ2UgUmVwb3NpdG9yeSBQR1Aga2V5KSA8bWV0YUBjZXNuZXQuY3o+iQI8BBMB
+AgAmAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AFAlF5lz0FCQtH540ACgkQVc75
+6MPItRlf1Q/+IonUahNhAYQLhkdZvIPyT099KBviqMYXs1DJO940wIfX26ijz/v0
+fiEWvD1TlCx7xmegUj0u8EoB4TE4DYl1cPUZyQF+B2m9dLBT7umEypvZpuHjcBZe
+LpBL2K04gJYtiDe8yMTWChlrg+gcSaF+FkB/K9YYyjlkfIXp15WHSlNXN+aiB/3P
+8GMJiRPU0g3ScnwBfrLAXUX8stlBFzk2OVcrWmXQoHha/1cEn7w8JEEN4dOQIuKs
+Y7rItaS80HFpfwP10cU/l6ohMOh5cpf36qWPVKsez+wgeO8ah/7ZOtEG3QTktk6x
+bWzSGJ55beYm88iBvQuYJ6Xk8cpXsuFmaRED09mvXvoRYhUKovt+m7W8dW1s4h0y
+/x3ER7jPiUSdGkepag1J+WQtzrsSPgWLt5x8C026iQcvK6e72lbLDSX9cA8QdPAM
+Vnc5cPF4Jxz1lW0OHKKW5nMKPUTp/YZMfZcQTM2rkpLEZHAdC3WgbnM3N+gGY3vN
+qpBTPoFAWVZTsM9BQ8A/bJJBgDXg0SSnChHe4hxwQJuXR+tAO8OSk2z8xCdeRZqK
+9WAMviqmYvoCZMI4F/QJfKlSAoHrfhQPWOo2iS3aKUlBJgWxaejiJAwNwKDujnU5
+F0Y8sXypxJudVbi6/Q9BE/tGOTKwtaFiB5Gon+mGrvvnJWTGe7VjzriIRgQQEQIA
+BgUCS9VRAAAKCRCKeUuOc6DkdYCfAJ9MhgOfaAlSRnaSfZ7sfzrIept/DQCfXiGM
+kO6S6OD1WngSJiCst3UTkW4=
+=nY1A
+-----END PGP PUBLIC KEY BLOCK-----

data/lib/templates/docker/files/RPM-GPG-KEY-CERIT-SC.cfg

@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.10 (GNU/Linux)
+
+mQINBE7TvwsBEAC5gE01wDGBypwfjQGPwHK83ZyTzVwdATmtyQWbyJETgTPKSlSQ
+NhQAF7uBgqDGKUxvAXxmTXaJT+gDV5Wqdt09ani6+Fvac/IOD/FYczpPtOaufX4x
+GRAwAMRZd4HNIb+oVLkomI1A6bOFHKy1n4i8vVkemgxpgklJVD8EE+GMlMEG1vTB
+SuwIjqxiaixhw2ri7XlgxWnRL1f5tRCrHGNnuQ+gHpTqvM3u9wbNls6jpQYJOyIo
+rr6yd0F3w/ixavejmepyGrEPB0REsUiCMHUKK5evJiyyj6z9hxhkWhtb1DComfOp
+SGp39wet4gj37oSsdSiGOl4VFIh7YcWwRl3WBzs9jmWoBKPARvYcOl55BFda8Npt
+1rzX16xxd23FStYXUy4qsn4jbdR02Um+TnxZsBR+k5Szcm66AaFLFDlV1C4FMIqt
++zd3VrXbv9ATPN30ZGoauekgoh3TylVk5gAiraRT4zJA+WvX9dhMxepNcJcZXw5G
+VY2z1APEWmkempwufWtLeuv5EfIb6qAfyQVoy7O1CB/juKNy8kyaAyzxDcMjbdEa
+h+qocJYhbh6tPdwqEsOfKUwYPdeqbeWzRpnifjiBVpWWWkTtRd+m5LHsXqHWupGL
+Jzt4LZXwS2woN3oGqBXz4Ogq32dK5wdhAIoUNsY9kUkgdlB28nHZlJlAnwARAQAB
+tDJDRVJJVC1TQyBQYWNrYWdlIFJlcG9zaXRvcnkgPHBhY2thZ2VzQGNlcml0LXNj
+LmN6PokCPgQTAQIAKAUCTtO/CwIbAwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYCAwEC
+HgECF4AACgkQ3DqaO9m5+z0ajQ//YcM8xgHeNr7CQpextlJ2MJWfgdl2W09vwHkp
+ldYCxaXz8TEMs76EwYeW2El6sqosQigCnkIGGBLzc3Iv9A9nNnRyFFt4dtoouML5
+wNgwaWq9qve1RecjQG7WFx+O0mmo3pdqLA3a4u3oDdMBCqXJwlONI0E4wxpszKM0
+J03+A5z1fRtmoqFAQKxddmI0FtAXKyt5GQFvX/mxO+vJ5xtHLll9+doU6ojcM92Y
+c8tf66vCyGWFAIl25qbvCrvIARLo2EqpOsjB+DfhlXs5qLnXFMrSxRBwOfl2X6LJ
+sEEzPPKhrdpj6DjVs08UEXYLbXvuS1/cOXqngDDRUaamcTsz3tGF1iMu4gKBLg6R
+3+ZOm8Lf/FP/irdaWB97zSVeJWhyquaHSDzPp+/IWQCOc5qWTjgfYBhuQ6QN1Lmz
+kTSdnGqU47xif7dHAw2W+QmIFzND+iUAcoMKvQdlwzosoTN1raApBXjtcMvwn3cv
+c+1NOQ1CxAEOycv9Vlja+I/vxJqNbSy2BO9FpiGM6aTFYwpr1RNC/o/a28Xqr+hZ
+SRueBQW8kkvrwPoE2sHqEmR0j76MssiEWLsxnyrJH8/u42xlv8aOAqf6Q7osShMj
+CROefhLCidIbW10erf5FjHkukcysuTO4FJcsnJHWy+F0jgubYza/mQLK6qY9ShIq
+OEkYIXo=
+=oPbY
+-----END PGP PUBLIC KEY BLOCK-----