You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
148 lines
7.3 KiB
148 lines
7.3 KiB
#cloud-config
|
|
package_update: true
|
|
package_upgrade: true
|
|
package_reboot_if_required: true
|
|
packages:
|
|
- curl
|
|
- htop
|
|
- bash-completion
|
|
- unzip
|
|
- wireguard
|
|
|
|
sources:
|
|
unstable.list:
|
|
source: "deb http://deb.debian.org/debian/ unstable main"
|
|
|
|
users:
|
|
- name: root
|
|
passwd: $6$rounds=4096$zxwQ89gSkYwu$D3RYAcxIt7cztPuxzoP/MEAZzDIkyCGDknqylYa1IC1LV6nhNfZvgYWYrUQ0Z4GbtVZmsOsEQM2ZfrLCfMSSf0
|
|
- name: sapian
|
|
passwd: $6$rounds=4096$staQ0MMD$ZiARFuOmBxUMncJK3zAMDFGV3p8YtfvLc0lhT2rsWw6R2.Z7.q2vCq8yzzmF.NfKOoxtv8E.EzanyTipxC6LK/
|
|
|
|
ssh_authorized_keys:
|
|
- ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyumXwdCn27ELM56o1aHOUwybRcX3Rk76ny3TOMzjiCjapntTaPtcPZ9/84g5tjZmDlUNitRZF0XV76xJ2JJ0PU4Mx7nka6nnvmywFTAIx/PFLQtj4iQH/7osOEy6lKaYKJT9bFEhZ0llb6JtF+kPTZ7NV7EKvXx/U6pXVM8h7KShx1H/8GJroR8Uc5IdWApSwslG19DOjMZMyhe+PfWQw+SG1MC32OcuH43fuUdNRIDL6tTaFkGH2upX9ALO75CQ/8NDRoSCne0MnDHKFipi86AU0Dr2GmCC4rRx6L9J4tAejViKIjVsLy/aHnHknVgipu1ajCfhTpRjqh3/fWUEow== sebastian.rojo@sapian.com.co
|
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCeAesfotBI9sbnKBsaycSJ2y0ln7OSGxtdEvN+BISLJPWbjLRqrv69ftlUotW5NABxqXn9mYT3RT031C/pdr/OAqyGnMkkb5/pzmOrKdW3vT7hcAAQQtzrA2LdxJdBUKMIE51XafQbQGKwZtKl9kxcX3QQkyvwDGyYhvi3RYcy5FfUFbifyQojB8o0gLro7pEfR660GE5rUvjUdqSc0V3vPTb7hsUI0x8AvCCOpZ6VVI9uKWxGlncO5B6Vjjefq9FKXxied0Dj5psyjZ9A6WfhFhoyU0NLbYfeQpVog7jV63fiUxXNnp7fcOudHnbScaol4H61EUldnf+d8QgP985/ oscar.garcia@sapian.com.co
|
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCupLxala6Hc1bRfAwtGELlfn3ermP9UEzploYwKsiAxmlz3jfr9fWxZW4lJVrTyNKTD+yFvstOjaYHksQdVB1Tx9m6Po5FvqAd7jKX92nPPhxLBcnSHTdk/1MlfoOavm5ljHBsr9QFp7EFQW6q6HRL+/Cj1bA4pHRYZoRF6v3SFwAJ2nlMxn9xxaoR7/s8VlwHxA+l8ygTUV66jIN0yvEdAnhZcqKSWhrzy7zyTO0EmhhaPoKO62BcGhUR+Eh7DidA9Lw3gPMwBRdfIUAvYzmZynlJ9iw2o82BTMgoiuBXrNK3ae0WH2/J9eJ6j3BPXhSRKVoGGgPkZ8p99Aoh61eP victor.patino@sapian.com.co
|
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9gp+O2kB7x9m2OFGs6pcM8UQg6FiZ03qWeKNoCiHOvmdOuIQ+MYx+Pzt6Za26Z3CC53V/d5Ou5iaE9ACN4Yy6vvAaJGuFlOy0BqjAr8uD96Hg+oBWA5Y8px7gCn8A21DbGqjY1yFcKN2pBQHA5KAS2U637VYP6GsWnpl37HmixCUQ0tWIhW85E7mGqIPXdEMh3zBQFvs5JHAgg4RqZ3DcT3AqKis/9YAeO2ly1NsuSavlBc9S4SZ2JXklZZTBQuqGphVhX9DBF81Kf/cGKQJ3xPPXkRhQ8m5KIkwb/D+j0GbQ6d3S4YVB0jOCTrt5ZwGHodL/UR7XsLDqv30c8W4Z alexander.morales@sapian.com.co
|
|
|
|
write_files:
|
|
- path: /etc/systemd/network/dummy0.netdev
|
|
content: |
|
|
[NetDev]
|
|
Name=dummy0
|
|
Kind=dummy
|
|
- path: /etc/systemd/network/dummy0.network
|
|
content: |
|
|
[Match]
|
|
Name=dummy0
|
|
|
|
[Network]
|
|
Address=169.254.1.1/32
|
|
- path: /etc/puppetlabs/puppet/puppet.conf
|
|
content: |
|
|
[agent]
|
|
use_srv_records = true
|
|
srv_domain = puppetmaster.sapian.com.co
|
|
server = puppetmaster.sapian.com.co
|
|
report = true
|
|
pluginsync = true
|
|
|
|
- path: /etc/docker/daemon.json
|
|
content: |
|
|
{
|
|
"bip": "10.162.205.1/24",
|
|
"mtu": 1436,
|
|
"log-driver": "json-file",
|
|
"log-opts": {"max-size": "10m", "max-file": "3"}
|
|
}
|
|
- path: /etc/apt/preferences.d/debian_unstable.pref
|
|
content: |
|
|
Package: *
|
|
Pin: release a=unstable
|
|
Pin-Priority: 90
|
|
|
|
Package: wireguard
|
|
Pin: release a=unstable
|
|
Pin-Priority: 150
|
|
|
|
Package: wireguard-dkms
|
|
Pin: release a=unstable
|
|
Pin-Priority: 150
|
|
|
|
Package: wireguard-tools
|
|
Pin: release a=unstable
|
|
Pin-Priority: 150
|
|
- path: /etc/sysctl.d/50_ipv4_forward.conf
|
|
content: |
|
|
net.ipv4.ip_forward=1
|
|
net.ipv4.conf.all.proxy_arp=1
|
|
|
|
puppet:
|
|
install: true
|
|
agent:
|
|
server: "puppetmaster.sapian.com.co"
|
|
certname: "%i.%f"
|
|
environment: sapian
|
|
ca_cert: |
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIFizCCA3OgAwIBAgIBATANBgkqhkiG9w0BAQsFADArMSkwJwYDVQQDDCBQdXBw
|
|
ZXQgQ0E6IGZvcmVtYW4uc2FwaWFuLmNvbS5jbzAeFw0xNTAxMDQyMTM4MDlaFw0y
|
|
MDAxMDQyMTM4MDlaMCsxKTAnBgNVBAMMIFB1cHBldCBDQTogZm9yZW1hbi5zYXBp
|
|
YW4uY29tLmNvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArREPRvV4
|
|
beAYHpl/60pomh3tPd05W5CquU8kV68KVSupD1IMYhtBRlkxRDqJei/B2quzaVbF
|
|
TsNzK+xDD2iHH5eu/rz6EpHsFE8Gw7sqAKWr57Erqy7eDHzeOJlW3EuhTBGjymyg
|
|
jxBtBZcmOwGfFoXGSj7gA/9nKxoUB9FNxI34jMqWhQbSTv9f4whnu3Dmb3PFkwDI
|
|
TSdWKp/e8SjgyA1dqH14ujBv80FeqFKLPQJ4KLj3drf3CLi65aMZ6JH/HvLuCwi3
|
|
AfFp1kteLwQus7WdT235Y3pj8AJtw6BhhgKr4l8rAoFg8Y6Ezat0q1rpkeVGSKIy
|
|
ltTEMVNvw5oLnHj2acAfk9awZpscQU1Exg/gfcMX0W0Svj/ODk/GENDknfYP2gwp
|
|
6F9bf4qvtkkfENB9TQG4Vlpm3kZtRdFyMFapxu5qoAsk0CYY8R0RvdKMx8X07PVW
|
|
RI0owurJe+qsAYcXm4ALha7AHkU53AqaKuM/72EpoZrHUBTNUVGBJ5V8E1/w2dzo
|
|
gh96mXuPXiJSq6TDKlLUPk7rsU37V0Mmi+d5ahwkhi1vz5n64AmI4CH3cbpOMjiC
|
|
Wwrqs4+HHVKVZnr7CLfjDsRwDLB6LS2Zl/OaXirRiqUW7+SV0UiofD565Zkkbxj5
|
|
K6tWa/YRnHSYzIHwJ+4GkiC+yURHFMwf3KkCAwEAAaOBuTCBtjA1BglghkgBhvhC
|
|
AQ0EKFB1cHBldCBSdWJ5L09wZW5TU0wgSW50ZXJuYWwgQ2VydGlmaWNhdGUwDgYD
|
|
VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNryk9mlB2Gq
|
|
bQRcS6RnTf40W5QVMD0GA1UdIwQ2MDShL6QtMCsxKTAnBgNVBAMMIFB1cHBldCBD
|
|
QTogZm9yZW1hbi5zYXBpYW4uY29tLmNvggEBMA0GCSqGSIb3DQEBCwUAA4ICAQAy
|
|
YV/UO0cjwYmzo4drr0gS51if7f+kWSmppnQQKzj/P+mnijvNppEm1Mw3H+HuN+GC
|
|
PJY/7JpgO54uE0ZIgxkT6eqhmRPuthQBvb0vsHgG9sFRcyaeL90lstMHAKM+q6xJ
|
|
OQcBihqXqU1CmIirQN04b9LoAmyWQlt5TiP34s9iCtPLfUVtHadzqFCee081NKRg
|
|
tnhVVaP09S2h70x4xN6LD13khykyUl1nJ+x7losB4BJqiEL/PcmvamJKLKnXEQpz
|
|
xDQh9vOw1QJu04ncbkfOO5xPG7lrS1yEkQHEpCEFivdTetz+BbIpz2DFBZdOa7VQ
|
|
2JTcC2/+hoOiN0prHYE8RV26+gSJOpJkCfh8AMeuJTA6fTYZJv7RdINGUk06MwFG
|
|
BF4IGttkNInmk3rmwmpbplbW/uI6MX32JfE5CAly/YmtD7cCmc9BrtwRwLhTHSQT
|
|
Uzo5bA1ZPulJ5T5IMPpuGO3QKQkXRvbDsmltHKYZuqB3KFW3KQRwfaFskV7Qw78k
|
|
bfutEqyoTADFxFleuKG6nB4B8JUheb4/I2XwV+QjHjqJ0vok/GMPD41LevJxOKNE
|
|
e1WHXT3p9L6o9hnwdMLXiIvGrcxbZ9QA9aAOmIfOgefTdM2IvWKNT6N7rQo415Cq
|
|
QGT4Jayl7m4NMv26tEexEWtvMZEb9BlYNYz5MO6VoA==
|
|
-----END CERTIFICATE-----
|
|
|
|
bootcmd:
|
|
- ngcp-network --set-interface=ens4 --ip=auto --netmask=auto --advertised-ip=$(curl -H 'Metadata-Flavor: Google' -s http://metadata/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip) --dhcp=yes
|
|
- ngcpcfg apply 'update advertised-ip on boot'
|
|
|
|
# runcmd:
|
|
# - systemctl enable systemd-networkd
|
|
# - systemctl start systemd-networkd
|
|
# - curl -fsSL https://get.docker.com/ | sh
|
|
# - curl -fsSL https://get.docker.com/gpg | sudo apt-key add -
|
|
# - [ systemctl, daemon-reload ]
|
|
# - [ systemctl, enable, docker.service ]
|
|
# - [ systemctl, start, --no-block, docker.service ]
|
|
# - [ systemctl, daemon-reload ]
|
|
# - docker run --name cadvisor --volume=/:/rootfs:ro --volume=/var/run:/var/run:ro --volume=/sys:/sys:ro --volume=/var/lib/docker/:/var/lib/docker:ro --volume=/dev/disk/:/dev/disk:ro --publish=9104:8080 --detach=true google/cadvisor:latest
|
|
# - curl -L https://github.com/docker/compose/releases/download/1.25.0/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
|
|
# - chmod +x /usr/local/bin/docker-compose
|
|
# - curl -o /usr/src/puppet5-release-buster.deb -k https://apt.puppetlabs.com/puppet5-release-buster.deb
|
|
# - dpkg -i /usr/src/puppet5-release-buster.deb
|
|
# - curl -o /usr/src/ngcp-installer-latest.deb -k http://deb.sipwise.com/spce/ngcp-installer-mr7.5.3.deb
|
|
# - dpkg -i /usr/src/ngcp-installer-latest.deb
|
|
# - apt update
|
|
# - [ apt, remove, "-y", "puppet", "facter"]
|
|
# - [ apt, install, "-y", "puppet-agent" ]
|
|
# - [ /opt/puppetlabs/bin/puppet, "agent", "--test", "--server", "puppetmaster.sapian.com.co", "--waitforcert", "120"]
|
|
|
|
final_message:
|
|
- "The system is finally up, after $UPTIME seconds"
|
|
- "Run ngcp-installer"
|