forked from kube-hetzner/terraform-hcloud-kube-hetzner
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request kube-hetzner#103 from kube-hetzner/cloud-init2
Switch to cloud-init for host initialization
- Loading branch information
Showing
10 changed files
with
142 additions
and
100 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
#cloud-config | ||
|
||
write_files: | ||
|
||
# Configure the private network interface | ||
- content: | | ||
BOOTPROTO='dhcp' | ||
STARTMODE='auto' | ||
path: /etc/sysconfig/network/ifcfg-eth1 | ||
|
||
# Disable ssh password authentication | ||
- content: | | ||
PasswordAuthentication no | ||
X11Forwarding no | ||
MaxAuthTries 2 | ||
AllowTcpForwarding no | ||
AllowAgentForwarding no | ||
AuthorizedKeysFile .ssh/authorized_keys | ||
path: /etc/ssh/sshd_config.d/kube-hetzner.conf | ||
|
||
# Set reboot method as "kured" | ||
- content: | | ||
REBOOT_METHOD=kured | ||
path: /etc/transactional-update.conf | ||
|
||
# Add ssh authorized keys | ||
ssh_authorized_keys: | ||
%{ for key in sshAuthorizedKeys ~} | ||
- ${key} | ||
%{ endfor ~} | ||
|
||
# Resize /var, not /, as that's the last partition in MicroOS image. | ||
growpart: | ||
devices: ["/var"] | ||
|
||
# Make sure the hostname is set correctly | ||
hostname: ${hostname} | ||
preserve_hostname: true | ||
|
||
runcmd: | ||
|
||
# As above, make sure the hostname is not reset | ||
- [sed, '-i', 's/NETCONFIG_NIS_SETDOMAINNAME="yes"/NETCONFIG_NIS_SETDOMAINNAME="no"/g', /etc/sysconfig/network/config] | ||
- [sed, '-i', 's/DHCLIENT_SET_HOSTNAME="yes"/DHCLIENT_SET_HOSTNAME="no"/g', /etc/sysconfig/network/dhcp] | ||
|
||
# We set Cloudflare DNS servers, followed by Google as a backup | ||
- [sed, '-i', 's/NETCONFIG_DNS_STATIC_SERVERS=""/NETCONFIG_DNS_STATIC_SERVERS="1.1.1.1 1.0.0.1 8.8.8.8"/g', /etc/sysconfig/network/config] | ||
|
||
# Bounds the amount of logs that can survive on the system | ||
- [sed, '-i', 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf] | ||
- [sed, '-i', 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf] | ||
|
||
# Reduces the default number of snapshots from 2-10 number limit, to 4 and from 4-10 number limit important, to 2 | ||
- [sed, '-i', 's/NUMBER_LIMIT="2-10"/NUMBER_LIMIT="4"/g', /etc/snapper/configs/root] | ||
- [sed, '-i', 's/NUMBER_LIMIT_IMPORTANT="4-10"/NUMBER_LIMIT_IMPORTANT="3"/g', /etc/snapper/configs/root] | ||
|
||
# Disables unneeded services | ||
- [systemctl, disable, '--now', 'rebootmgr.service'] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters