diff --git a/Vagrantfile b/Vagrantfile index a53306a..8acd553 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -109,6 +109,9 @@ Vagrant.configure(2) do |config| server.vm.provision :shell, path: "provision_scripts/kube-config.sh", args: "#{ipString} #{masterIP} #{pubCluster}" server.vm.provision :shell, path: "provision_scripts/kubectl.sh", args: "#{masterIP}", privileged: false server.vm.provision "file", source: "provision_files/kube-start.sh", destination: "/home/vagrant/kube-start.sh" + server.vm.provision "file", source: "provision_files/id_rsa", destination: "/home/vagrant/.ssh/id_rsa" + server.vm.provision "file", source: "provision_files/id_rsa.pub", destination: "/home/vagrant/.ssh/id_rsa.pub" + server.vm.provision :shell, inline: "chmod 400 /home/vagrant/.ssh/id_rsa" end end diff --git a/local/assets/cloud-config/coreos.yml b/local/assets/cloud-config/coreos.yml index 48869a6..2c8c690 100644 --- a/local/assets/cloud-config/coreos.yml +++ b/local/assets/cloud-config/coreos.yml @@ -34,13 +34,12 @@ coreos: # Setting max log size to 10M Environment="DOCKER_OPTS=--log-driver=json-file --log-opt max-size=10m" -{{ if index .env "ssh_authorized_keys" }} +{{ if index .env.metadata "ssh_authorized_keys" }} ssh_authorized_keys: - {{ range $element := .env.ssh_authorized_keys }} - - {{$element}} + {{ range $element := .env.metadata.ssh_authorized_keys }} + - {{ $element}} {{ end }} -{{ else }} +{{ end }} users: - name: core passwd: {{ .boot.metadata.root_pass }} -{{ end }} diff --git a/local/assets/ignition/etcd-proxy.yml b/local/assets/ignition/etcd-proxy.yml index 6cfa766..4f5cdd2 100644 --- a/local/assets/ignition/etcd-proxy.yml +++ b/local/assets/ignition/etcd-proxy.yml @@ -11,12 +11,13 @@ systemd: Environment="ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379" Environment="ETCD_INITIAL_CLUSTER={{ range $i, $node := .env.metadata.etcd_ignition_nodes }}{{ if $i }},{{end}}{{$node.name}}=http://{{$node.ip}}:2380{{end}}" -{{ if index .env "ssh_authorized_keys" }} passwd: users: - name: core + password_hash: {{ .boot.metadata.root_pass }} + {{- if index .host.metadata "ssh_authorized_keys" }} ssh_authorized_keys: - {{ range $element := .env.metadata.ssh_authorized_keys }} + {{- range $element := .host.metadata.ssh_authorized_keys }} - {{$element}} {{end}} -{{end}} + {{end}} diff --git a/local/assets/ignition/etcd.yml b/local/assets/ignition/etcd.yml index fd714da..9fbe644 100644 --- a/local/assets/ignition/etcd.yml +++ b/local/assets/ignition/etcd.yml @@ -14,12 +14,13 @@ systemd: Environment="ETCD_INITIAL_CLUSTER={{ range $i, $node := .env.metadata.etcd_ignition_nodes }}{{ if $i }},{{end}}{{$node.name}}=http://{{$node.ip}}:2380{{end}}" Environment="ETCD_NAME={{.host.name}}" -{{ if index .env "ssh_authorized_keys" }} passwd: users: - name: core + password_hash: {{ .boot.metadata.root_pass }} + {{- if index .env.metadata "ssh_authorized_keys" }} ssh_authorized_keys: - {{ range $element := .env.metadata.ssh_authorized_keys }} + {{- range $element := .env.metadata.ssh_authorized_keys }} - {{$element}} {{end}} -{{end}} + {{end}} diff --git a/local/boot/coreos-ignition-cluster.yml b/local/boot/coreos-ignition-cluster.yml index 17c77db..14fb6f3 100644 --- a/local/boot/coreos-ignition-cluster.yml +++ b/local/boot/coreos-ignition-cluster.yml @@ -10,3 +10,4 @@ unattended: metadata: fleet_role: etcd + root_pass: $1$De/uvwHY$77ZDxv9lNwZJbwFziq4Ix0 diff --git a/local/boot/coreos-ignition-proxy.yml b/local/boot/coreos-ignition-proxy.yml index 46d9242..0ff8041 100644 --- a/local/boot/coreos-ignition-proxy.yml +++ b/local/boot/coreos-ignition-proxy.yml @@ -10,3 +10,4 @@ unattended: metadata: fleet_metadata: role=etcd-proxy + root_pass: $1$De/uvwHY$77ZDxv9lNwZJbwFziq4Ix0 diff --git a/local/boot/coreos.yml b/local/boot/coreos.yml deleted file mode 100644 index 562b5e4..0000000 --- a/local/boot/coreos.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -id: coreos -name: CoreOS host - -operating_system: coreos-1053.2.0-stable - -unattended: - type: cloud-config - use: coreos.yml - -metadata: - root_pass: $6$YOxumbTJ$gSPlIcL5UWKe1DrD2kOdmlJFl2GSTJcELatcwmwOyY3APhvuCCfR4GsF4Efs09/4k4G6rpacytLxJooDuFLuy. diff --git a/local/sites/test-site/env.yml b/local/sites/test-site/env.yml index eb2df46..8ac891b 100644 --- a/local/sites/test-site/env.yml +++ b/local/sites/test-site/env.yml @@ -4,12 +4,13 @@ id: test-site subnets: - id: vagrant1 cidr: 10.10.10.0/24 - gateway: 10.10.10.3 + gateway: 10.10.10.1 dns: - 8.8.8.8 ntp: - 10.10.10.1 - +policy: + force_provision: true agents: - name: test-agent asset_server: @@ -23,6 +24,8 @@ agents: metadata: name: detroit-preprod kind: pre-prod + ssh_authorized_keys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDI0kPZ6jtnDXy7cVJQLpWxOlPefYBt6p2CdxEV/f4zppkaVPLl2Nc4IhBQdEQqjgxTFonnIEQ29gQug5IpyrjQ6GvNDjzZ/Oq/Vwj52h6OLr9RcUaU3OZkDp5uyo1Wrg8HqAD5bcZwgJgo+7T2eQTdFECnv1IDHJrTVF48paA9mf600zoKvncKKo6jixRDFc9eQb6Mq0Mbh2ABy8V0j5T42qjzJJixNnUZDRflGSKFDl3GEkZuXe3bGUqT865/Pe+sKoWeGagL2cXpwkfhiSM+XQSf/TFKf/h3ABImEqDw4hO7x2W2Dd5s+SAGl+LbsCuxvRUE20m5tlMX4bPpSTAj vagrant@vs-1 etcd_cloud_nodes: - name: etcd1 @@ -40,8 +43,6 @@ metadata: - name: etcdi3 ip: 10.10.10.33 - ssh_authorized_keys: [] - time_zone: UTC centos_baseurl: ftp://127.9.9.9/images/centos/7/2/ centos_updates_url: http://foo.bar.tv/repo/CentOS/7.2/updates/x86_64/RPMS/ diff --git a/local/sites/test-site/inventory.yml b/local/sites/test-site/inventory.yml index 4c355f7..1306ccb 100644 --- a/local/sites/test-site/inventory.yml +++ b/local/sites/test-site/inventory.yml @@ -5,6 +5,10 @@ interfaces: subnet: vagrant1 mac: 00:00:00:00:00:21 ipv4: 10.10.10.21 + bmc: + type: ssh + username: core + keypath: /vagrant/provision_files/id_rsa metadata: mstr: etcd1 role: kube-master @@ -15,6 +19,10 @@ name: etcd2 interfaces: - type: physical subnet: vagrant1 + bmc: + type: ssh + username: core + keypath: /vagrant/provision_files/id_rsa mac: 00:00:00:00:00:22 ipv4: 10.10.10.22 metadata: @@ -27,6 +35,10 @@ name: etcd3 interfaces: - type: physical subnet: vagrant1 + bmc: + type: ssh + username: core + keypath: /vagrant/provision_files/id_rsa mac: 00:00:00:00:00:23 ipv4: 10.10.10.23 metadata: @@ -39,6 +51,10 @@ name: node1 interfaces: - type: physical subnet: vagrant1 + bmc: + type: ssh + username: core + keypath: /vagrant/provision_files/id_rsa mac: 00:00:00:00:00:24 ipv4: 10.10.10.24 metadata: @@ -50,6 +66,10 @@ name: etcdi1 interfaces: - type: physical subnet: vagrant1 + bmc: + type: ssh + username: core + keypath: /vagrant/provision_files/id_rsa mac: 00:00:00:00:00:31 ipv4: 10.10.10.31 metadata: @@ -61,6 +81,10 @@ name: etcdi2 interfaces: - type: physical subnet: vagrant1 + bmc: + type: ssh + username: core + keypath: /vagrant/provision_files/id_rsa mac: 00:00:00:00:00:32 ipv4: 10.10.10.32 metadata: @@ -72,6 +96,10 @@ name: etcdi3 interfaces: - type: physical subnet: vagrant1 + bmc: + type: ssh + username: core + keypath: /vagrant/provision_files/id_rsa mac: 00:00:00:00:00:33 ipv4: 10.10.10.33 metadata: @@ -83,11 +111,17 @@ name: proxy1 interfaces: - type: physical subnet: vagrant1 + bmc: + type: ssh + username: core + keypath: /vagrant/provision_files/id_rsa mac: 00:00:00:00:00:34 ipv4: 10.10.10.34 metadata: name: proxy1 ip: 10.10.10.34 + ssh_authorized_keys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDI0kPZ6jtnDXy7cVJQLpWxOlPefYBt6p2CdxEV/f4zppkaVPLl2Nc4IhBQdEQqjgxTFonnIEQ29gQug5IpyrjQ6GvNDjzZ/Oq/Vwj52h6OLr9RcUaU3OZkDp5uyo1Wrg8HqAD5bcZwgJgo+7T2eQTdFECnv1IDHJrTVF48paA9mf600zoKvncKKo6jixRDFc9eQb6Mq0Mbh2ABy8V0j5T42qjzJJixNnUZDRflGSKFDl3GEkZuXe3bGUqT865/Pe+sKoWeGagL2cXpwkfhiSM+XQSf/TFKf/h3ABImEqDw4hO7x2W2Dd5s+SAGl+LbsCuxvRUE20m5tlMX4bPpSTAj vagrant@vs-1 workflow: coreos-ignition-proxy --- name: centos1 diff --git a/provision_files/id_rsa b/provision_files/id_rsa new file mode 100755 index 0000000..326f7b8 --- /dev/null +++ b/provision_files/id_rsa @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAyNJD2eo7Zw18u3FSUC6VsTpT3n2AbeqdgncRFf3+M6aZGlTy +5djXOCIQUHREKo4MUxaJ5yBENvYELoOSKcq40OhrzQ482fzqv1cI+doeji6/UXFG +lNzmZA6ebsqNVq4PB6gA+W3GcICYKPu09nkE3RRAp79SAxya01RePKWgPZn+tNM6 +Cr53CiqOo4sUQxXPXkG+jKtDG4dgAcvFdI+U+Nqo8ySYsTZ1GQ0X5RkihQ5dxhJG +bl3t2xlKk/Oufz3vrCqFnhmoC9nF6cJH4YkjPl0En/0xSn/4dwASJhKg8OITu8dl +tg3ebPkgBpfi27Arsb0VBNtJubZTF+Gz6UkwIwIDAQABAoIBACD4pLs6gdZBmKEN +0f3oKBuY//wfjt59Dq9E7UE3Gm1QhQKVv+uM1okYzqTm8eoquEtMAAg6e/iqG7Wn +VHAYII/sGQbpt4PyynfvykF7Vljxw+eTOYtnWUxEOi7mgp4gpccUBlTteQ8vjcvs +x6FP7UR+9r6T4tsv7xuTVoWOi+iQ/ZM+dl1gFKOefU/BmKTaD5BDAYfmLeHt+GPa +nF6o5AXCY98EC1BoYhvz7f1d6EyFazSFO7+NMdn2YpRZ5ltEqUYB+0hE6Oeu8QL9 +i9yz9t76ENysEAkiDrK+FlviMOIu/CWuq1RKnIXXu0JDQPJGm9iDxEWdBrbbC0Oz +iaG044ECgYEA5UyAJekwbQZJYVvmcowyELp21B8UBzL393i44rSjfsQ1P4Uoxfov +IuhCqMbwjQJROnqk+CIpoZKwp8lmQPHz7u5MckXyvDHl61pEmP+dnHOwfsv9HHY4 +fD1vChlGRAjrmAemWdfoD8T7XqMNsjlPWaLpybiMfqF1ywxogC4pwpsCgYEA4DTW +j8HagXUN4iOyIsxVRPX0vycsglRjYsgxhjeEex12jP0eByQxUzq8HNzH8xj3k7x5 +q9QUq0ekSvtco0sr0m1HTMWXABufI2mmD7WTgcXkrOBx+tHyB2+B+APW6IHyVegF +/qoLhY6TVQp/pS2F+wAtx43AgqzcjipWDbrG/RkCgYBb7h7WlDYxD7styG2M8T5F +TKzFgKxD8qBN3F2rrqZ59WovzFA7h4GMajgHeLMKpaoxWuh2/yNXvvsKWgmf8iFN +YsbNbdPSteKrSCaGfL0Q86UIQPp6hb9BuFOjZdyw/C6QZkjAbnqAkAYDvDWKhcWV +d2Zp1I6nWk5imNfwxBFEDwKBgCbd4ggfweJJSXPXXk0cAPgobxooD1Y0jNoV/EfZ +HfU9wUxloKv6QTa9atjSCTOCM4D/3lPEOyUKEVgSRRflsx4SZZbQdgHFyAuah/gX +MRABH0g8zGV/uaZCVVSKTdoWlM0BoPBpx/+KHM5UOJaI0r4VZNpAH4xHrSBUBIDy +zQYZAoGAThrecBkXpQq6f50CW8bkYO2bC7X9alKwqDuon0+lxmqLPan4mOBqcaVM +rhnSi1bW8/8p5tGQvcbJsLqiRW0ZpXI1+Q+4kE/RVFd7wEx1oAoqXLvZR8HYub43 +YK/zg16bfTUY/haH/eGdz1XRn506ijVJhn0cboWrFue9k+CGsPo= +-----END RSA PRIVATE KEY----- diff --git a/provision_files/id_rsa.pub b/provision_files/id_rsa.pub new file mode 100644 index 0000000..980ec1e --- /dev/null +++ b/provision_files/id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDI0kPZ6jtnDXy7cVJQLpWxOlPefYBt6p2CdxEV/f4zppkaVPLl2Nc4IhBQdEQqjgxTFonnIEQ29gQug5IpyrjQ6GvNDjzZ/Oq/Vwj52h6OLr9RcUaU3OZkDp5uyo1Wrg8HqAD5bcZwgJgo+7T2eQTdFECnv1IDHJrTVF48paA9mf600zoKvncKKo6jixRDFc9eQb6Mq0Mbh2ABy8V0j5T42qjzJJixNnUZDRflGSKFDl3GEkZuXe3bGUqT865/Pe+sKoWeGagL2cXpwkfhiSM+XQSf/TFKf/h3ABImEqDw4hO7x2W2Dd5s+SAGl+LbsCuxvRUE20m5tlMX4bPpSTAj vagrant@vs-1