def bootstrap(**kwargs):
""" Bootstrap an EC2 instance that has been booted into an AMI from http://www.daemonology.net/freebsd-on-ec2/
"""
# the user for the image is `ec2-user`, there is no sudo, but we can su to root w/o password
original_host = env.host_string
env.host_string = 'ec2-user@%s' % env.instance.uid
bootstrap_files = env.instance.config.get('bootstrap-files', 'bootstrap-files')
put('%s/authorized_keys' % bootstrap_files, '/tmp/authorized_keys')
put(join(bsdploy_path, 'enable_root_login_on_daemonology.sh'), '/tmp/', mode='0775')
run("""su root -c '/tmp/enable_root_login_on_daemonology.sh'""")
# revert back to root
env.host_string = original_host
# give sshd a chance to restart
sleep(2)
run('rm /tmp/enable_root_login_on_daemonology.sh')
# allow overwrites from the commandline
env.instance.config.update(kwargs)
bu = BootstrapUtils()
bu.ssh_keys = None
bu.upload_authorized_keys = False
bu.bootstrap_files_yaml = 'daemonology-files.yml'
bu.print_bootstrap_files()
bu.create_bootstrap_directories()
bu.upload_bootstrap_files({})
# we need to install python here, because there is no way to install it via
# ansible playbooks
bu.install_pkg('/', chroot=False, packages=['python27'])
def bootstrap(**kwargs):
""" Bootstrap an EC2 instance that has been booted into an AMI from http://www.daemonology.net/freebsd-on-ec2/
Note: deprecated, current AMI images are basically pre-bootstrapped, they just need to be configured.
"""
# the user for the image is `ec2-user`, there is no sudo, but we can su to root w/o password
original_host = env.host_string
env.host_string = 'ec2-user@%s' % env.instance.uid
bootstrap_files = env.instance.config.get('bootstrap-files',
'bootstrap-files')
put('%s/authorized_keys' % bootstrap_files, '/tmp/authorized_keys')
put(join(bsdploy_path, 'enable_root_login_on_daemonology.sh'),
'/tmp/',
mode='0775')
run("""su root -c '/tmp/enable_root_login_on_daemonology.sh'""")
# revert back to root
env.host_string = original_host
# give sshd a chance to restart
sleep(2)
run('rm /tmp/enable_root_login_on_daemonology.sh')
# allow overwrites from the commandline
env.instance.config.update(kwargs)
bu = BootstrapUtils()
bu.ssh_keys = None
bu.upload_authorized_keys = False
bu.bootstrap_files_yaml = 'daemonology-files.yml'
bu.print_bootstrap_files()
bu.create_bootstrap_directories()
bu.upload_bootstrap_files({})
# we need to install python here, because there is no way to install it via
# ansible playbooks
bu.install_pkg('/', chroot=False, packages=['python27'])
def bootstrap(**kwargs):
"""Digital Oceans FreeBSD droplets are pretty much already pre-bootstrapped,
including having python2.7 and sudo etc. pre-installed.
the only thing we need to change is to allow root to login (without a password)
enable pf and ensure it is running
"""
bu = BootstrapUtils()
# (temporarily) set the user to `freebsd`
original_host = env.host_string
env.host_string = 'freebsd@%s' % env.instance.uid
# copy DO bsdclout-init results:
if bu.os_release.startswith('10'):
sudo("""cat /etc/rc.digitalocean.d/droplet.conf > /etc/rc.conf""")
sudo("""sysrc zfs_enable=YES""")
sudo("""sysrc sshd_enable=YES""")
# enable and start pf
sudo("""sysrc pf_enable=YES""")
sudo("""sysrc -f /boot/loader.conf pfload=YES""")
sudo('kldload pf', warn_only=True)
sudo('''echo 'pass in all' > /etc/pf.conf''')
sudo('''echo 'pass out all' >> /etc/pf.conf''')
sudo('''chmod 644 /etc/pf.conf''')
sudo('service pf start')
# overwrite sshd_config, because the DO version only contains defaults
# and a line explicitly forbidding root to log in
sudo("""echo 'PermitRootLogin without-password' > /etc/ssh/sshd_config""")
# additionally, make sure the root user is unlocked!
sudo('pw unlock root')
# overwrite the authorized keys for root, because DO creates its entries to explicitly
# disallow root login
bootstrap_files = env.instance.config.get('bootstrap-files', 'bootstrap-files')
put(path.abspath(path.join(env['config_base'], bootstrap_files, 'authorized_keys')), '/tmp/authorized_keys', use_sudo=True)
sudo('''mv /tmp/authorized_keys /root/.ssh/''')
sudo('''chown root:wheel /root/.ssh/authorized_keys''')
sudo("""service sshd fastreload""")
# revert back to root
env.host_string = original_host
# give sshd a chance to restart
sleep(2)
# clean up DO cloudinit leftovers
run("rm -f /etc/rc.d/digitalocean")
run("rm -rf /etc/rc.digitalocean.d")
run("rm -rf /usr/local/bsd-cloudinit/")
run("pkg remove -y avahi-autoipd || true")
# allow overwrites from the commandline
env.instance.config.update(kwargs)
bu.ssh_keys = None
bu.upload_authorized_keys = False
def bootstrap(**kwargs):
"""Digital Oceans FreeBSD droplets are pretty much already pre-bootstrapped,
including having python2.7 and sudo etc. pre-installed.
the only thing we need to change is to allow root to login (without a password)
enable pf and ensure it is running
"""
# (temporarily) set the user to `freebsd`
original_host = env.host_string
env.host_string = 'freebsd@%s' % env.instance.uid
# copy DO bsdclout-init results:
sudo("""cat /etc/rc.digitalocean.d/droplet.conf > /etc/rc.conf""")
sudo("""sysrc zfs_enable=YES""")
sudo("""sysrc sshd_enable=YES""")
# enable and start pf
sudo("""sysrc pf_enable=YES""")
sudo("""sysrc -f /boot/loader.conf pfload=YES""")
sudo('kldload pf', warn_only=True)
sudo('''echo 'pass in all' > /etc/pf.conf''')
sudo('''echo 'pass out all' >> /etc/pf.conf''')
sudo('''chmod 644 /etc/pf.conf''')
sudo('service pf start')
# overwrite sshd_config, because the DO version only contains defaults
# and a line explicitly forbidding root to log in
sudo("""echo 'PermitRootLogin without-password' > /etc/ssh/sshd_config""")
sudo("""service sshd fastreload""")
# revert back to root
env.host_string = original_host
# give sshd a chance to restart
sleep(2)
# clean up DO cloudinit leftovers
run("rm /etc/rc.d/digitalocean")
run("rm -r /etc/rc.digitalocean.d")
run("rm -r /usr/local/bsd-cloudinit/")
run("pkg remove -y avahi-autoipd")
# allow overwrites from the commandline
env.instance.config.update(kwargs)
bu = BootstrapUtils()
bu.ssh_keys = None
bu.upload_authorized_keys = False
def bootstrap(**kwargs):
"""Digital Oceans FreeBSD droplets are pretty much already pre-bootstrapped,
including having python2.7 and sudo etc. pre-installed.
the only thing we need to change is to allow root to login (without a password)
enable pf and ensure it is running
"""
# (temporarily) set the user to `freebsd`
original_host = env.host_string
env.host_string = "freebsd@%s" % env.instance.uid
# copy DO bsdclout-init results:
sudo("""cat /etc/rc.digitalocean.d/droplet.conf > /etc/rc.conf""")
sudo("""sysrc zfs_enable=YES""")
sudo("""sysrc sshd_enable=YES""")
# enable and start pf
sudo("""sysrc pf_enable=YES""")
sudo("""sysrc -f /boot/loader.conf pfload=YES""")
sudo("kldload pf", warn_only=True)
sudo("""echo 'pass in all' > /etc/pf.conf""")
sudo("""echo 'pass out all' >> /etc/pf.conf""")
sudo("""chmod 644 /etc/pf.conf""")
sudo("service pf start")
# overwrite sshd_config, because the DO version only contains defaults
# and a line explicitly forbidding root to log in
sudo("""echo 'PermitRootLogin without-password' > /etc/ssh/sshd_config""")
sudo("""service sshd fastreload""")
# revert back to root
env.host_string = original_host
# give sshd a chance to restart
sleep(2)
# clean up DO cloudinit leftovers
run("rm /etc/rc.d/digitalocean")
run("rm -r /etc/rc.digitalocean.d")
run("rm -r /usr/local/bsd-cloudinit/")
run("pkg remove -y avahi-autoipd")
# allow overwrites from the commandline
env.instance.config.update(kwargs)
bu = BootstrapUtils()
bu.ssh_keys = None
bu.upload_authorized_keys = False
