Commit 7dd3b9ee authored by Swen Brueseke's avatar Swen Brueseke

add debian9 config

parent 73cb9f5b
d-i debian-installer/locale string en_US
d-i console-keymaps-at/keymap select de
d-i keyboard-configuration/xkb-keymap select de
d-i netcfg/choose_interface select auto
d-i netcfg/get_hostname string localhost
d-i netcfg/get_domain string localdomain
d-i netcfg/wireless_wep string
d-i hw-detect/load_firmware boolean true
d-i mirror/country string manual
d-i mirror/http/hostname string ftp.de.debian.org
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string
d-i passwd/make-user boolean true
d-i passwd/user-fullname string Debian User
d-i passwd/username string debian
d-i passwd/user-password password password
d-i passwd/user-password-again password password
# Root password, we'll lock it later
d-i passwd/root-login boolean true
d-i passwd/root-password password password
d-i passwd/root-password-again password password
d-i clock-setup/utc boolean true
d-i clock-setup/ntp-server string europe.pool.ntp.org
# You may set this to any valid setting for $TZ; see the contents of
# /usr/share/zoneinfo/ for valid values.
d-i time/zone string Europe/Berlin
d-i clock-setup/ntp boolean true
d-i partman-auto/method string regular
d-i partman-basicfilesystems/no_swap boolean false
d-i partman-auto/expert_recipe string \
root :: \
500 10000 1000000000 ext4 \
$primary{ } $bootable{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ / } \
.
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
d-i grub-installer/only_debian boolean true
d-i grub-installer/bootdev string default
d-i apt-setup/non-free boolean true
d-i apt-setup/contrib boolean true
d-i apt-setup/backports boolean true
tasksel tasksel/first multiselect minimal
d-i pkgsel/include string openssh-server cloud-init cloud-initramfs-growroot ntp wget sudo
popularity-contest popularity-contest/participate boolean false
d-i finish-install/reboot_in_progress note
d-i debian-installer/exit/poweroff boolean true
d-i preseed/late_command string in-target wget -O/root/sysprep.sh http://templatebox.proio.com/debian/configs/debian9-sysprep.sh ; in-target sh /root/sysprep.sh
\ No newline at end of file
#!/bin/sh
## SECURITY
# clear the logs
find /var/log -type f -delete
# clean apt
apt-get clean all
# delete ssh host keys and ask cloud-init to regenerate them at first boot
# ssh host keys need to be unique
rm -rf /etc/ssh/*key*
# delete the random seed
rm -f /var/lib/systemd/random-seed
## PERFORMANCE
# make kernel cmd line more vm friendly
sed -i s/'GRUB_CMDLINE_LINUX_DEFAULT="quiet"'/'GRUB_CMDLINE_LINUX_DEFAULT="vga=0x318 console=ttyS0,115200n8 console=hvc0 consoleblank=0 elevator=deadline biosdevname=0 net.ifnames=0"'/g /etc/default/grub
update-grub
# implementing some low level settings ad-labam, on CentOS tuned takes care of this - and more
echo kernel.sched_min_granularity_ns=10000000 >> /etc/sysctl.d/tuned.conf
echo kernel.sched_wakeup_granularity_ns=15000000 >> /etc/sysctl.d/tuned.conf
echo vm.dirty_ratio=40 >> /etc/sysctl.d/tuned.conf
echo vm.swappiness=30 >> /etc/sysctl.d/tuned.conf
# OTHER
# delete the udev rules for network devices
find /etc/udev/rules.d/ -name "*persistent*" -delete
# xs-tools
# workaround as debian installer can't mount a cdrom during install
wget -q http://templatebox.proio.com/xstools650/Linux.tar && tar xf Linux.tar
cd Linux
./install.sh -d debian -m 8 -n
cd .. ; rm -rfv Linux Linux.tar
# CLOUDSTACK
cat << "EOF" > /etc/cloud/cloud.cfg.d/99_cloudstack.cfg
datasource:
CloudStack: {}
None: {}
datasource_list:
- CloudStack
EOF
#cat << EOF > /etc/cloud/cloud.cfg.d/99_swap.cfg
#swap:
# filename: /swap.img
# size: 2147483648
# maxsize: 2147483648
#EOF
# debian cloud-init too old to perform the swap thing on its own as per the above, so working around it
mkdir -p /var/lib/cloud/scripts/per-once/
cat << "EOF" > /var/lib/cloud/scripts/per-once/setupswap.sh
#!/bin/sh
mkdir -p /var/cache/swap
fallocate -l 2G /var/cache/swap/swap.img
chmod 0600 /var/cache/swap/swap.img
mkswap /var/cache/swap/swap.img
echo /var/cache/swap/swap.img none swap sw 0 0 >> /etc/fstab
swapon -a
EOF
chmod +x /var/lib/cloud/scripts/per-once/setupswap.sh
# by default cloud-init locks the password of the user, rendering cloudstack passwd feature useless, working around it below
cat << "EOF" > /etc/cloud/cloud.cfg.d/99_unlock.cfg
system_info:
# This will affect which distro class gets used
distro: debian
# Default user name + that default users groups (if added/used)
default_user:
name: debian
lock_passwd: False
sudo: ["ALL=(ALL) NOPASSWD:ALL"]
EOF
# passwd auth
cat << "EOF" > /etc/cloud/cloud.cfg.d/80_pwauth.cfg
ssh_pwauth: 1
EOF
# let's set the password early from dhclient, before cloud-init gets to it
cat << "EOF" > /etc/dhcp/dhclient-exit-hooks.d/cloudstack-passwd
#!/bin/sh
# Set user password from CloudStack virtual router
user="debian"
vr="$new_dhcp_server_identifier"
logger="logger -s -p daemon.warn -t cloudstack-passwd"
if command -v wget > /dev/null; then
grab="wget -q -t 3 -T 20 -O -"
elif command -v curl > /dev/null; then
grab="curl -s --retry 3 -m 20"
fi
if [ -z "$vr" ]; then
$logger "Unable to get virtual router address"
elif [ -z "$grab" ]; then
$logger "Neither curl nor wget installed"
else
# Grab password
password=$($grab --header "DomU_Request: send_my_password" ${vr}:8080 || true)
password=$(echo $password | tr -d '\r')
case "$password" in
saved_password)
$logger "Password already set"
;;
""|bad_request)
$logger "Incorrect answer from ${vr}"
;;
*)
echo "$user:$password" | chpasswd && \
$grab --header "DomU_Request: saved_password" ${vr}:8080 > /dev/null || true
;;
esac
fi
cloudstackpasswd_config () {
:
}
cloudstackpasswd_restore () {
:
}
:
exit 0
EOF
# PROIO
## proio specifics
cat << "EOF" > /etc/cloud/cloud.cfg.d/98_megonacloud.cfg
growpart:
mode: auto
devices: ['/']
ignore_growroot_disabled: false
manage_etc_hosts: true
final_message: "Megona CLOUD The system is finally up, after $UPTIME seconds"
output:
all: ">> /var/log/cloud-init-output.log"
EOF
mkdir -p /var/lib/cloud/scripts/per-boot/
cat << "EOF" > /var/lib/cloud/scripts/per-boot/edithostsfile.sh
#!/bin/sh
#
# Created by : Swen Brueseke <info@megona.de>
# Created : 31.03.2016
# Version : 1.0
#
# Information : This script will replace "localdomain" in /etc/hosts
# with domain-name from dhcp leases file on Debian.
#
# How to use : save this script to /var/lib/cloud/scripts/per-boot/
# and cloud-init will run it every boot.
# This was tested with cloud-init 0.7.7 on Debian 8
#
var1=$(awk '/domain-name/{print $3}' /var/lib/dhcp/dhclient.eth0.leases | sed 's/[";]//g' | tail -1)
sed -i "s/localdomain/$var1/g" /etc/hosts
EOF
chmod +x /var/lib/cloud/scripts/per-boot/edithostsfile.sh
# lock root account
usermod --lock root
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment