This repository has been archived by the owner on Jul 14, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcloud-init.yaml
95 lines (82 loc) · 3.84 KB
/
cloud-init.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
#cloud-config
# Cloud-Init Hints:
# * Some default settings are in /etc/cloud/cloud.cfg
# * Some examples at: https://git.launchpad.net/cloud-init/tree/doc/examples
# * Also see: https://git.launchpad.net/cloud-init/tree/doc/examples/cloud-config.txt
# * CloudInit Module sourcecode at: https://git.launchpad.net/cloud-init/tree/cloudinit/config
# Set hostname and Fully Qualified Domain Name
hostname: "demo"
fqdn: "demo.dspace.org"
# Tells cloud-init to manage /etc/hosts (based on /etc/cloud/templates/hosts.tmpl)
# NOTE: This sets the configured 'hostname' into /etc/hosts
manage_etc_hosts: true
# Add apt repositories
apt_sources:
# Enable "multiverse" repos (already enabled by default in the Ubuntu AMI we use)
#- source: deb $MIRROR $RELEASE multiverse
#- source: deb-src $MIRROR $RELEASE multiverse
#- source: deb $MIRROR $RELEASE-updates multiverse
#- source: deb-src $MIRROR $RELEASE-updates multiverse
#- source: deb http://security.ubuntu.com/ubuntu $RELEASE-security multiverse
#- source: deb-src http://security.ubuntu.com/ubuntu $RELEASE-security multiverse
# Enable "partner" repos
- source: deb http://archive.canonical.com/ubuntu $RELEASE partner
- source: deb-src http://archive.canonical.com/ubuntu $RELEASE partner
# Enable PuppetLabs repos (for latest puppet). Disabled as we want Puppet 3.x not 4.x
# GPG Key is from https://docs.puppetlabs.com/guides/puppetlabs_package_verification.html
#- source: deb http://apt.puppetlabs.com $RELEASE main dependencies
# keyid: 1054b7a24bd6ec30 # GPG key ID published on a key server
# filename: puppetlabs.list
#- source: deb-src http://apt.puppetlabs.com $RELEASE main dependencies
# keyid: 1054b7a24bd6ec30 # GPG key ID published on a key server
# filename: puppetlabs.list
# Run 'apt-get update' on first boot
apt_update: true
# Run 'apt-get upgrade' on first boot
apt_upgrade: true
# Reboot after package install/upgrade if needed (e.g. if kernel update)
apt_reboot_if_required: true
# Install additional packages on first boot
packages:
- wget
- git
- ruby # Needed for librarian-puppet
- puppet
- python-pip # Used to install AWS CLI
# run commands
# These commands are written in order to a shell script (/var/lib/cloud/instance/scripts/runcmd)
# which is then executed on first boot
runcmd:
# Tell sudo to respect SSH Agent forwarding
- [sh, -c, "umask 0226; echo 'Defaults env_keep += \"SSH_AUTH_SOCK\"' > /etc/sudoers.d/ssh-auth-sock"]
# Ensure pip is latest version
- pip install --upgrade pip
# Install AWS CLI tools
- pip install awscli
# Update rubygems to latest version
- gem install --no-ri --no-rdoc rubygems-update
- update_rubygems >/dev/null
# Clone our puppet repo to /etc/puppet
- PUPPET_DIR="/etc/puppet"
- rm -rf $PUPPET_DIR/*
- git clone https://github.com/DSpace-Labs/puppet-dspace-demo.git $PUPPET_DIR
# To checkout a different git branch, uncomment below and change branch name
#- cd $PUPPET_DIR && git checkout master
# Install puppet module dependencies (via librarian-puppet)
- gem install --no-ri --no-rdoc librarian-puppet --version 3.0.0
- cd $PUPPET_DIR && HOME=/root librarian-puppet install
# Run puppet
- puppet apply $PUPPET_DIR/manifests/site.pp -v
# boot commands
# These are like 'runcmd', but run very early in the boot process & run on every boot by default.
bootcmd:
# Firewall all EC2 metadata so that only root can access it. Also limits access to IAM roles. (Runs on EVERY boot)
- iptables -A OUTPUT -m owner ! --uid-owner root -d 169.254.169.254 -j DROP
# set the locale
locale: en_US.UTF-8
# timezone: set the timezone for this instance
timezone: UTC
# Log all cloud-init process output (info & errors) to a logfile
output: {all: ">> /var/log/cloud-init-output.log"}
# final_message written to log when cloud-init processes are finished
final_message: "System boot (via cloud-init) is COMPLETE, after $UPTIME seconds. Finished at $TIMESTAMP"