update stackscript and /steps

UniIsland · Sep 2, 2014 · 77906e6 · 77906e6
1 parent 9f67fb1
commit 77906e6
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 19 deletions.
diff --git a/linode/stackscript/9915-debian_7.5_puppet.sh b/linode/stackscript/9915-debian_7.5_puppet.sh
@@ -7,10 +7,13 @@
 # <udf name="domain_private" label="private domain name" default="ln.planetb612.info">
 # <udf name="username" label="unprivileged user name" default="neo">
 # <udf name="userpass" label="unprivileged user password" default="">
+# <udf name="userpubkey" label="unprivileged user authorized key entry" default="">
 # <udf name="default_debian_release" label="default debian release" default="wheezy">
+# <udf name="puppet_environment" label="puppet environment" default="_default">
 
 ## logging
-exec > /root/stackscript.log 2> /root/stackscript.err.log
+exec | tee /root/stackscript.log
+exec 2> /root/stackscript.err.log
 ## debug info
 echo "Start running StackScript - $(date)"
 env
@@ -20,9 +23,6 @@ echo
 ## hostname
 echo "${HOSTNAME}" > /etc/hostname
 hostname -F /etc/hostname
-## resolver
-sed -i "s/^domain.*/domain ${DOMAIN_PRIVATE}/" /etc/resolv.conf
-sed -i "s/^search.*/search ${DOMAIN_PUBLIC} ${DOMAIN_PRIVATE}/" /etc/resolv.conf
 ## static interfaces
 IP_PRIMARY=$(ifconfig eth0 | awk -F: '/inet addr:/ {print $2}' | awk '{ print $1 }')
 IP_GATEWAY="$(echo $IP_PRIMARY | cut -d. -f1-3).1"
@@ -40,12 +40,16 @@ iface eth0 inet static
   address ${IP_PRIVATE}/17
 
 EOF
-echo -e "\n## FQDN" >> /etc/hosts
-echo "$IP_PRIMARY ${HOSTNAME}.${DOMAIN_PUBLIC}" >> /etc/hosts
-echo "$IP_PRIVATE ${HOSTNAME}.${DOMAIN_PRIVATE} ${HOSTNAME}" >> /etc/hosts
 #/etc/init.d/networking restart
 ifdown -a && ifup -a
 #sed /etc/default/dhcpcd
+## hosts
+echo -e "\n## FQDN" >> /etc/hosts
+echo "$IP_PRIMARY ${HOSTNAME}.${DOMAIN_PUBLIC}" >> /etc/hosts
+echo "$IP_PRIVATE ${HOSTNAME}.${DOMAIN_PRIVATE} ${HOSTNAME}" >> /etc/hosts
+## resolver
+sed -i "s/^domain.*/domain ${DOMAIN_PRIVATE}/" /etc/resolv.conf
+sed -i "s/^search.*/search ${DOMAIN_PRIVATE} ${DOMAIN_PUBLIC}/" /etc/resolv.conf
 
 ## apt
 ## package mirror and settings
@@ -66,18 +70,8 @@ EOF
 echo "APT::Default-Release \"${DEFAULT_DEBIAN_RELEASE}\";" > "/etc/apt/apt.conf.d/24${DEFAULT_DEBIAN_RELEASE}"
 echo 'APT::Install-Recommends "0";' > /etc/apt/apt.conf.d/25norecommends
 ## update and upgrade
-aptitude update
-aptitude -y full-upgrade
-
-# ## non-privileged user
-# ## add user
-# adduser $USERNAME --disabled-password --gecos ""
-# [ -n "$PASSWORD"] && ( echo "$USERNAME:$USERPASS" | chpasswd )
-# usermod -aG sudo $USERNAME
-# ## add ssh public key
-# mkdir -p /home/$USERNAME/.ssh
-# #curl 'url_of_public_key' >> /home/$USERNAME/.ssh/authorized_keys
-# chown -R "$USERNAME":"$USERNAME" /home/$USERNAME/.ssh
+aptitude -q update
+aptitude -yq full-upgrade
 
 ## various system settings
 ## enable tmpfs on /tmp
@@ -86,4 +80,23 @@ sed -i 's/#\?RAMTMP=.*/RAMTMP=yes/' /etc/default/tmpfs
 sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
 /etc/init.d/ssh restart
 
+## non-privileged user
+## add user
+adduser $USERNAME --disabled-password --gecos ""
+[ -n "$USERPASS" ] && ( echo "$USERNAME:$USERPASS" | chpasswd )
+usermod -aG sudo $USERNAME
+## add ssh public key
+mkdir -p /home/$USERNAME/.ssh
+[ -n "$USERPUBKEY" ] && echo "$USERPUBKEY" > /home/$USERNAME/.ssh/authorized_keys
+chown -R "$USERNAME":"$USERNAME" /home/$USERNAME/.ssh
+
+## puppet
+aptitude -yq install puppet
+sed -i 's/^START=.*/START=yes/' /etc/default/puppet
+echo -e "\n[agent]" >> /etc/puppet/puppet.conf
+echo "master = puppet" >> /etc/puppet/puppet.conf
+#PUPPET_ENVIRONMENT=<set by udf>
+echo "environment = $PUPPET_ENVIRONMENT" >> /etc/puppet/puppet.conf
+/etc/init.d/puppet start
+
 echo "Finished - $(date)"
diff --git a/steps/generate_ssl_cert b/steps/generate_ssl_cert
@@ -0,0 +1,17 @@
+# generate private key
+openssl genrsa -nodes -out server.key 2048
+
+# generate csr (certificate signing request)
+openssl req -new -key server.key -out server.csr
+
+# generate private key and csr in one line
+openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr
+
+# create a self-signed certificate
+openssl req -new -x509 -days 3650 -key server.key -out server.crt
+# or
+openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
+
+# one-liner
+openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout server.key -out server.crt
+