def bootstrap(**kwargs): """ Bootstrap an EC2 instance that has been booted into an AMI from http://www.daemonology.net/freebsd-on-ec2/ """ # the user for the image is `ec2-user`, there is no sudo, but we can su to root w/o password original_host = env.host_string env.host_string = 'ec2-user@%s' % env.instance.uid bootstrap_files = env.instance.config.get('bootstrap-files', 'bootstrap-files') put('%s/authorized_keys' % bootstrap_files, '/tmp/authorized_keys') put(join(bsdploy_path, 'enable_root_login_on_daemonology.sh'), '/tmp/', mode='0775') run("""su root -c '/tmp/enable_root_login_on_daemonology.sh'""") # revert back to root env.host_string = original_host # give sshd a chance to restart sleep(2) run('rm /tmp/enable_root_login_on_daemonology.sh') # allow overwrites from the commandline env.instance.config.update(kwargs) bu = BootstrapUtils() bu.ssh_keys = None bu.upload_authorized_keys = False bu.bootstrap_files_yaml = 'daemonology-files.yml' bu.print_bootstrap_files() bu.create_bootstrap_directories() bu.upload_bootstrap_files({}) # we need to install python here, because there is no way to install it via # ansible playbooks bu.install_pkg('/', chroot=False, packages=['python27'])
def bootstrap(**kwargs): """ Bootstrap an EC2 instance that has been booted into an AMI from http://www.daemonology.net/freebsd-on-ec2/ Note: deprecated, current AMI images are basically pre-bootstrapped, they just need to be configured. """ # the user for the image is `ec2-user`, there is no sudo, but we can su to root w/o password original_host = env.host_string env.host_string = 'ec2-user@%s' % env.instance.uid bootstrap_files = env.instance.config.get('bootstrap-files', 'bootstrap-files') put('%s/authorized_keys' % bootstrap_files, '/tmp/authorized_keys') put(join(bsdploy_path, 'enable_root_login_on_daemonology.sh'), '/tmp/', mode='0775') run("""su root -c '/tmp/enable_root_login_on_daemonology.sh'""") # revert back to root env.host_string = original_host # give sshd a chance to restart sleep(2) run('rm /tmp/enable_root_login_on_daemonology.sh') # allow overwrites from the commandline env.instance.config.update(kwargs) bu = BootstrapUtils() bu.ssh_keys = None bu.upload_authorized_keys = False bu.bootstrap_files_yaml = 'daemonology-files.yml' bu.print_bootstrap_files() bu.create_bootstrap_directories() bu.upload_bootstrap_files({}) # we need to install python here, because there is no way to install it via # ansible playbooks bu.install_pkg('/', chroot=False, packages=['python27'])
def bootstrap(**kwargs): """Digital Oceans FreeBSD droplets are pretty much already pre-bootstrapped, including having python2.7 and sudo etc. pre-installed. the only thing we need to change is to allow root to login (without a password) enable pf and ensure it is running """ bu = BootstrapUtils() # (temporarily) set the user to `freebsd` original_host = env.host_string env.host_string = 'freebsd@%s' % env.instance.uid # copy DO bsdclout-init results: if bu.os_release.startswith('10'): sudo("""cat /etc/rc.digitalocean.d/droplet.conf > /etc/rc.conf""") sudo("""sysrc zfs_enable=YES""") sudo("""sysrc sshd_enable=YES""") # enable and start pf sudo("""sysrc pf_enable=YES""") sudo("""sysrc -f /boot/loader.conf pfload=YES""") sudo('kldload pf', warn_only=True) sudo('''echo 'pass in all' > /etc/pf.conf''') sudo('''echo 'pass out all' >> /etc/pf.conf''') sudo('''chmod 644 /etc/pf.conf''') sudo('service pf start') # overwrite sshd_config, because the DO version only contains defaults # and a line explicitly forbidding root to log in sudo("""echo 'PermitRootLogin without-password' > /etc/ssh/sshd_config""") # additionally, make sure the root user is unlocked! sudo('pw unlock root') # overwrite the authorized keys for root, because DO creates its entries to explicitly # disallow root login bootstrap_files = env.instance.config.get('bootstrap-files', 'bootstrap-files') put(path.abspath(path.join(env['config_base'], bootstrap_files, 'authorized_keys')), '/tmp/authorized_keys', use_sudo=True) sudo('''mv /tmp/authorized_keys /root/.ssh/''') sudo('''chown root:wheel /root/.ssh/authorized_keys''') sudo("""service sshd fastreload""") # revert back to root env.host_string = original_host # give sshd a chance to restart sleep(2) # clean up DO cloudinit leftovers run("rm -f /etc/rc.d/digitalocean") run("rm -rf /etc/rc.digitalocean.d") run("rm -rf /usr/local/bsd-cloudinit/") run("pkg remove -y avahi-autoipd || true") # allow overwrites from the commandline env.instance.config.update(kwargs) bu.ssh_keys = None bu.upload_authorized_keys = False
def bootstrap(**kwargs): """Digital Oceans FreeBSD droplets are pretty much already pre-bootstrapped, including having python2.7 and sudo etc. pre-installed. the only thing we need to change is to allow root to login (without a password) enable pf and ensure it is running """ # (temporarily) set the user to `freebsd` original_host = env.host_string env.host_string = 'freebsd@%s' % env.instance.uid # copy DO bsdclout-init results: sudo("""cat /etc/rc.digitalocean.d/droplet.conf > /etc/rc.conf""") sudo("""sysrc zfs_enable=YES""") sudo("""sysrc sshd_enable=YES""") # enable and start pf sudo("""sysrc pf_enable=YES""") sudo("""sysrc -f /boot/loader.conf pfload=YES""") sudo('kldload pf', warn_only=True) sudo('''echo 'pass in all' > /etc/pf.conf''') sudo('''echo 'pass out all' >> /etc/pf.conf''') sudo('''chmod 644 /etc/pf.conf''') sudo('service pf start') # overwrite sshd_config, because the DO version only contains defaults # and a line explicitly forbidding root to log in sudo("""echo 'PermitRootLogin without-password' > /etc/ssh/sshd_config""") sudo("""service sshd fastreload""") # revert back to root env.host_string = original_host # give sshd a chance to restart sleep(2) # clean up DO cloudinit leftovers run("rm /etc/rc.d/digitalocean") run("rm -r /etc/rc.digitalocean.d") run("rm -r /usr/local/bsd-cloudinit/") run("pkg remove -y avahi-autoipd") # allow overwrites from the commandline env.instance.config.update(kwargs) bu = BootstrapUtils() bu.ssh_keys = None bu.upload_authorized_keys = False
def bootstrap(**kwargs): """Digital Oceans FreeBSD droplets are pretty much already pre-bootstrapped, including having python2.7 and sudo etc. pre-installed. the only thing we need to change is to allow root to login (without a password) enable pf and ensure it is running """ # (temporarily) set the user to `freebsd` original_host = env.host_string env.host_string = "freebsd@%s" % env.instance.uid # copy DO bsdclout-init results: sudo("""cat /etc/rc.digitalocean.d/droplet.conf > /etc/rc.conf""") sudo("""sysrc zfs_enable=YES""") sudo("""sysrc sshd_enable=YES""") # enable and start pf sudo("""sysrc pf_enable=YES""") sudo("""sysrc -f /boot/loader.conf pfload=YES""") sudo("kldload pf", warn_only=True) sudo("""echo 'pass in all' > /etc/pf.conf""") sudo("""echo 'pass out all' >> /etc/pf.conf""") sudo("""chmod 644 /etc/pf.conf""") sudo("service pf start") # overwrite sshd_config, because the DO version only contains defaults # and a line explicitly forbidding root to log in sudo("""echo 'PermitRootLogin without-password' > /etc/ssh/sshd_config""") sudo("""service sshd fastreload""") # revert back to root env.host_string = original_host # give sshd a chance to restart sleep(2) # clean up DO cloudinit leftovers run("rm /etc/rc.d/digitalocean") run("rm -r /etc/rc.digitalocean.d") run("rm -r /usr/local/bsd-cloudinit/") run("pkg remove -y avahi-autoipd") # allow overwrites from the commandline env.instance.config.update(kwargs) bu = BootstrapUtils() bu.ssh_keys = None bu.upload_authorized_keys = False