Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
PaNOSC
Data Analysis Services
packme
Commits
c52562f7
Commit
c52562f7
authored
Jan 15, 2020
by
eric pellegrini
Browse files
added config and templates file
parent
7c2c7a81
Changes
14
Hide whitespace changes
Inline
Side-by-side
config.yml
0 → 100644
View file @
c52562f7
templates
:
base-ill
:
{}
base-ntp
:
extends
:
base-ill
base-autofs
:
extends
:
base-ntp
# visa-all-apps:
# extends: base-autofs
# packages: ['*']
templates/base-autofs/manifest.yml
0 → 100644
View file @
c52562f7
parameters
:
base_image
:
"
base-ntp"
vm_name
:
base-autofs
build_output_directory
:
builds
ssh_username
:
root
packer
:
description
:
"
Template
for
ILL
+
ntp
+
autofs"
builders
:
-
name
:
qemu
type
:
qemu
vm_name
:
"
{{
parameters.vm_name
}}"
boot_command
:
none
iso_checksum_type
:
none
iso_checksum_url
:
none
disk_image
:
True
iso_url
:
"
./builds/{{
parameters.base_image
}}-qemu-base/{{
parameters.base_image
}}"
ssh_username
:
"
{{
parameters.ssh_username
}}"
ssh_password
:
"
{{
environment.root_password
}}"
shutdown_command
:
"
shutdown
-P
now"
output_directory
:
"
{{
parameters.build_output_directory
}}/{{
parameters.vm_name
}}-qemu-base"
provisioners
:
-
type
:
shell
inline
:
[
"
apt
install
-y
autofs
cifs-utils
autofs5
autofs-ldap
autofs5-ldap
sssd"
,
]
-
type
:
file
source
:
system/etc/ssh/sshd_config
destination
:
/etc/ssh/sshd_config
-
type
:
file
source
:
system/etc/sssd/sssd.conf
destination
:
/etc/sssd/sssd.conf
-
type
:
file
source
:
system/etc/nsswitch.conf
destination
:
/etc/nsswitch.conf
-
type
:
file
source
:
system/etc/auto.net
destination
:
/etc/auto.net
-
type
:
file
source
:
system/etc/auto.net4
destination
:
/etc/auto.net4
-
type
:
file
source
:
system/etc/default/autofs
destination
:
/etc/default/autofs
-
type
:
file
source
:
system/etc/ntp.conf
destination
:
/etc/ntp.conf
-
type
:
shell
inline
:
[
"
chmod
600
/etc/sssd/sssd.conf"
]
templates/base-autofs/system/etc/auto.net
0 → 100644
View file @
c52562f7
#!/bin/bash
# This file must be executable to work! chmod 755!
# Look at what a host is exporting to determine what we can mount.
# This is very simple, but it appears to work surprisingly well
key
=
"
$1
"
# add "nosymlink" here if you want to suppress symlinking local filesystems
# add "nonstrict" to make it OK for some filesystems to not mount
# choose one of the two lines below depending on the NFS version in your
# environment
opts
=
"-fstype=nfs4,sec=sys,hard,intr,nodev,nosuid,async"
for
P
in
/bin /sbin /usr/bin /usr/sbin
do
for
M
in
showmount kshowmount
do
if
[
-x
$P
/
$M
]
then
SMNT
=
$P
/
$M
break
2
fi
done
done
[
-x
$SMNT
]
||
exit
1
# Newer distributions get this right
SHOWMOUNT
=
"
$SMNT
--no-headers -e
$key
"
$SHOWMOUNT
|
LC_ALL
=
C
cut
-d
' '
-f1
|
LC_ALL
=
C
sort
-u
|
\
awk
-v
key
=
"
$key
"
-v
opts
=
"
$opts
"
--
'
BEGIN { ORS=""; first=1 }
{ if (first) { print opts; first=0 }; print " \\\n\t" $1, key ":" $1 }
END { if (!first) print "\n"; else exit 1 }
'
|
sed
's/#/\\#/g'
templates/base-autofs/system/etc/auto.net4
0 → 100644
View file @
c52562f7
#!/bin/bash
# This file must be executable to work! chmod 755!
# Look at what a host is exporting to determine what we can mount.
# This is very simple, but it appears to work surprisingly well
key
=
"
$1
"
# add "nosymlink" here if you want to suppress symlinking local filesystems
# add "nonstrict" to make it OK for some filesystems to not mount
# choose one of the two lines below depending on the NFS version in your
# environment
opts
=
"-fstype=nfs4,sec=sys,hard,intr,nodev,nosuid,async"
for
P
in
/bin /sbin /usr/bin /usr/sbin
do
for
M
in
showmount kshowmount
do
if
[
-x
$P
/
$M
]
then
SMNT
=
$P
/
$M
break
2
fi
done
done
[
-x
$SMNT
]
||
exit
1
# Newer distributions get this right
SHOWMOUNT
=
"
$SMNT
--no-headers -e
$key
"
$SHOWMOUNT
|
LC_ALL
=
C
cut
-d
' '
-f1
|
LC_ALL
=
C
sort
-u
|
\
awk
-v
key
=
"
$key
"
-v
opts
=
"
$opts
"
--
'
BEGIN { ORS=""; first=1 }
{ if (first) { print opts; first=0 }; print " \\\n\t" $1, key ":" $1 }
END { if (!first) print "\n"; else exit 1 }
'
|
sed
's/#/\\#/g'
templates/base-autofs/system/etc/default/autofs
0 → 100644
View file @
c52562f7
#
# Define default options for autofs.
#
# MASTER_MAP_NAME - default map name for the master map.
#
#MASTER_MAP_NAME="/etc/auto.master"
MASTER_MAP_NAME="ldap:ou=auto.master,ou=automount,ou=system,dc=ill,dc=fr"
#
# TIMEOUT - set the default mount timeout (default 600).
#
TIMEOUT=300
#
# NEGATIVE_TIMEOUT - set the default negative timeout for
# failed mount attempts (default 60).
#
#NEGATIVE_TIMEOUT=60
#
# MOUNT_WAIT - time to wait for a response from mount(8).
# Setting this timeout can cause problems when
# mount would otherwise wait for a server that
# is temporarily unavailable, such as when it's
# restarting. The defailt of waiting for mount(8)
# usually results in a wait of around 3 minutes.
#
#MOUNT_WAIT=-1
#
# UMOUNT_WAIT - time to wait for a response from umount(8).
#
#UMOUNT_WAIT=12
#
# BROWSE_MODE - maps are browsable by default.
#
BROWSE_MODE="no"
#
# MOUNT_NFS_DEFAULT_PROTOCOL - specify the default protocol used by
# mount.nfs(8). Since we can't identify
# the default automatically we need to
# set it in our configuration.
#
#MOUNT_NFS_DEFAULT_PROTOCOL=3
#
# APPEND_OPTIONS - append to global options instead of replace.
#
#APPEND_OPTIONS="yes"
#
# LOGGING - set default log level "none", "verbose" or "debug"
#
LOGGING="verbose"
#
# Define server URIs
#
# LDAP_URI - space seperated list of server uris of the form
# <proto>://<server>[/] where <proto> can be ldap
# or ldaps. The option can be given multiple times.
# Map entries that include a server name override
# this option.
#
# This configuration option can also be used to
# request autofs lookup SRV RRs for a domain of
# the form <proto>:///[<domain dn>]. Note that a
# trailing "/" is not allowed when using this form.
# If the domain dn is not specified the dns domain
# name (if any) is used to construct the domain dn
# for the SRV RR lookup. The server list returned
# from an SRV RR lookup is refreshed according to
# the minimum ttl found in the SRV RR records or
# after one hour, whichever is less.
#
LDAP_URI="ldap://ldap.ill.fr"
#
# LDAP__TIMEOUT - timeout value for the synchronous API calls
# (default is LDAP library default).
#
#LDAP_TIMEOUT=-1
#
# LDAP_NETWORK_TIMEOUT - set the network response timeout (default 8).
#
#LDAP_NETWORK_TIMEOUT=8
#
# Define base dn for map dn lookup.
#
# SEARCH_BASE - base dn to use for searching for map search dn.
# Multiple entries can be given and they are checked
# in the order they occur here.
#
SEARCH_BASE="ou=automount,ou=system,dc=ill,dc=fr"
#
# Define the LDAP schema to used for lookups
#
# If no schema is set autofs will check each of the schemas
# below in the order given to try and locate an appropriate
# basdn for lookups. If you want to minimize the number of
# queries to the server set the values here.
#
#MAP_OBJECT_CLASS="nisMap"
#ENTRY_OBJECT_CLASS="nisObject"
#MAP_ATTRIBUTE="nisMapName"
#ENTRY_ATTRIBUTE="cn"
#VALUE_ATTRIBUTE="nisMapEntry"
#
# Other common LDAP nameing
#
#MAP_OBJECT_CLASS="automountMap"
#ENTRY_OBJECT_CLASS="automount"
#MAP_ATTRIBUTE="ou"
#ENTRY_ATTRIBUTE="cn"
#VALUE_ATTRIBUTE="automountInformation"
#
#MAP_OBJECT_CLASS="automountMap"
#ENTRY_OBJECT_CLASS="automount"
#MAP_ATTRIBUTE="automountMapName"
#ENTRY_ATTRIBUTE="automountKey"
#VALUE_ATTRIBUTE="automountInformation"
MAP_OBJECT_CLASS="automountMap"
ENTRY_OBJECT_CLASS="automount"
MAP_ATTRIBUTE="ou"
ENTRY_ATTRIBUTE="cn"
VALUE_ATTRIBUTE="automountInformation"
#
# AUTH_CONF_FILE - set the default location for the SASL
# authentication configuration file.
#
AUTH_CONF_FILE="/etc/autofs_ldap_auth.conf"
#
# MAP_HASH_TABLE_SIZE - set the map cache hash table size.
# Should be a power of 2 with a ratio roughly
# between 1:10 and 1:20 for each map.
#
#MAP_HASH_TABLE_SIZE=1024
#
# General global options
#
OPTIONS=""
#
\ No newline at end of file
templates/base-autofs/system/etc/nsswitch.conf
0 → 100644
View file @
c52562f7
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd
:
compat
sss
group
:
compat
sss
shadow
:
compat
sss
gshadow
:
files
hosts
:
files
mdns4_minimal
[
NOTFOUND
=
return
]
dns
myhostname
networks
:
files
protocols
:
db
files
services
:
db
files
sss
ethers
:
db
files
rpc
:
db
files
netgroup
:
nis
sss
sudoers
:
files
sss
automount
ldap
\ No newline at end of file
templates/base-autofs/system/etc/ssh/sshd_config
0 → 100644
View file @
c52562f7
# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
PubkeyAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
templates/base-autofs/system/etc/sssd/sssd.conf
0 → 100644
View file @
c52562f7
[
nss
]
filter_groups
=
root
filter_users
=
root
reconnection_retries
=
3
entry_cache_timeout
=
300
entry_cache_nowait_percentage
=
75
entry_negative_timeout
=
0
[
pam
]
reconnection_retries
=
3
debug
-
level
=
5
[
sssd
]
config_file_version
=
2
reconnection_retries
=
3
sbus_timeout
=
30
services
=
nss
,
pam
domains
=
ILL
[
domain
/
ILL
]
debug_level
=
0
# Providers
id_provider
=
ldap
access_provider
=
ldap
auth_provider
=
ldap
# LDAP settings
ldap_schema
=
rfc2307
ldap_uri
=
ldaps
://
ldap
.
ill
.
fr
ldap_search_base
=
dc
=
ill
,
dc
=
fr
ldap_user_search_base
=
ou
=
illaccount
,
dc
=
ill
,
dc
=
fr
ldap_user_object_class
=
posixAccount
ldap_access_order
=
filter
ldap_access_filter
= (
ILLHost
=
unix
)
ldap_group_search_base
=
ou
=
Group
,
dc
=
ill
,
dc
=
fr
ldap_group_member
=
memberUid
ldap_group_object_class
=
posixGroup
ldap_group_name
=
cn
templates/base-ill/http/preseed-base-ill.cfg
0 → 100644
View file @
c52562f7
# Localisation configuration
d-i debian-installer/locale string en_US
d-i debian-installer/language string en
d-i debian-installer/country string US
openssh-server openssh-server/permit-root-login boolean true
# Mirror configuration
#d-i mirror/http/proxy string http://193.49.43.123:8888/
d-i mirror/country string manual
d-i mirror/http/hostname string fr.archive.ubuntu.com
d-i mirror/http/directory string /ubuntu
# Time andclock configuration
d-i clock-setup/utc boolean true
d-i time/zone string Europe/Paris
d-i clock-setup/ntp boolean false
# Console setup
d-i console-setup/ask_detect boolean false
# Keyboard configuraton
d-i keyboard-configuration/xkb-keymap select us
d-i keyboard-configuration/layoutcode string us
d-i keyboard-configuration/layout string USA
d-i keyboard-configuration/variant string USA
# Bootloader configuration
d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true
# Partitioning configuration
d-i partman-auto/disk string /dev/vda
d-i partman-auto/method string regular
d-i partman/alignment select cylinder
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-md/device_remove_md boolean true
d-i partman-lvm/confirm boolean true
d-i partman/mount_style select label
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
# Individual additional packages to install
tasksel tasksel/first multiselect ubuntu-server
d-i pkgsel/include string ca-certificates openssh-server cryptsetup build-essential libssl-dev libreadline-dev zlib1g-dev linux-source dkms cloud-init
d-i pkgsel/install-language-support boolean false
d-i pkgsel/update-policy select unattended-upgrades
d-i pkgsel/upgrade select full-upgrade
# Create ubuntu user account and allow root login
d-i passwd/root-login boolean true
d-i passwd/make-user boolean false
d-i user-setup/allow-password-weak boolean true
d-i finish-install/reboot_in_progress note
d-i preseed/late_command string \
in-target /bin/sed -i 's/^#PermitRootLogin.*/PermitRootLogin yes/g' /etc/ssh/sshd_config; \
in-target /bin/sed -i 's/^#PasswordAuthentication.*/PasswordAuthentication yes/g' /etc/ssh/sshd_config; \
in-target update-initramfs -u
# Verbose output and no boot splash screen.
d-i debian-installer/quiet boolean false
d-i debian-installer/splash boolean false
templates/base-ill/manifest.yml
0 → 100644
View file @
c52562f7
parameters
:
vm_name
:
base-ill
proxy
:
http://proxy.ill.fr:8888
no_proxy
:
localhost,127.0.0.1,apt.ill.fr,*.ill.eu,*.ill.fr
dns_servers
:
195.83.126.2 195.83.126.11
gateway
:
192.168.180.254
cpus
:
2
memory
:
4096
disk_size
:
40000
ubuntu_mirror
:
http://archive.ubuntu.com/ubuntu/dists
ubuntu_codename
:
bionic
ubuntu_docker_image
:
ubuntu:18.04
preseed_file_name
:
preseed-base-ill.cfg
ssh_username
:
root
user
:
si-admin
user_fullname
:
si-admin
headless
:
false
build_output_directory
:
builds
packer
:
description
:
"
Base
template
for
ILL"
variables
:
{}
builders
:
-
name
:
qemu
type
:
qemu
vm_name
:
"
{{
parameters.vm_name
}}"
format
:
qcow2
iso_checksum_type
:
sha256
iso_checksum_url
:
"
{{
parameters.ubuntu_mirror
}}/{{
parameters.ubuntu_codename
}}-updates/main/installer-amd64/current/images/SHA256SUMS"
iso_url
:
"
{{
parameters.ubuntu_mirror
}}/{{
parameters.ubuntu_codename
}}-updates/main/installer-amd64/current/images/netboot/mini.iso"
ssh_username
:
"
{{
parameters.ssh_username
}}"
ssh_password
:
"
{{
environment.root_password
}}"
ssh_wait_timeout
:
60m
accelerator
:
kvm
headless
:
"
{{
parameters.headless
}}"
output_directory
:
"
{{
parameters.build_output_directory
}}"
shutdown_command
:
"
shutdown
-P
now"
qemuargs
:
-
-
"
-m"
-
"
{{
parameters.memory
}}"
-
-
"
-smp"
-
"
{{
parameters.cpus
}}"
boot_wait
:
5s
boot_command
:
-
"
<tab>
"
-
"
preseed/url=http://{%
raw
%}{{
.HTTPIP
}}:{{
.HTTPPort
}}{%
endraw
%}/{{
parameters.preseed_file_name
}}
"
-
"
auto-install/enable=true
"
-
"
net.ifnames=0
"
-
"
netcfg/get_hostname={{
parameters.vm_name
}}
"
-
"
netcfg/get_gateway={{
parameters.gateway}}
"
-
"
netcfg/get_nameservers={{
parameters.dns_servers
}}
"
-
"
netcfg/hostname={{
parameters.vm_name
}}
"
-
"
mirror/http/proxy={{
parameters.proxy}}
"
-
"
clock-setup/ntp-server={{
parameters.ntp_servers
}}
"
-
"
passwd/user-fullname={{
parameters.user
}}
"
-
"
passwd/username={{
parameters.user_fullname
}}
"
-
"
passwd/user-password=
{{
environment.user_password
}}
"
-
"
passwd/user-password-again=
{{
environment.user_password
}}
"
-
"
passwd/root-password={{
environment.root_password
}}
"
-
"
passwd/root-password-again={{
environment.root_password
}}
"
-
"
no_proxy={%
raw
%}{{
.HTTPIP
}}{%
endraw
%},{{
parameters.no_proxy
}}
"
-
"
<enter>"
disk_size
:
"
{{
parameters.disk_size
}}"
http_directory
:
"
http"
provisioners
:
-
type
:
file
source
:
"
system/etc/apt/sources.list_{{
parameters.ubuntu_codename
}}"
