diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2018-01-08 11:07:54 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2018-01-08 11:07:54 +0100 |
| commit | d95d7948b5ed4d922539e22b4d0a06083527523b (patch) | |
| tree | 6de9e8f870747e137b154c9b967011c26283aac5 | |
| parent | kubernetes net role works now (diff) | |
install security updates in installer late_command
| -rw-r--r-- | preseed/hosts/Readme.md | 2 | ||||
| -rw-r--r-- | preseed/hosts/dione_debian-stretch.cfg | 1 | ||||
| -rw-r--r-- | preseed/hosts/helene_debian-stretch.cfg | 1 | ||||
| -rw-r--r-- | roles/vm-install/templates/preseed_debian-stretch.cfg.j2 | 1 | ||||
| -rw-r--r-- | vminstall.yaml | 2 |
5 files changed, 5 insertions, 2 deletions
diff --git a/preseed/hosts/Readme.md b/preseed/hosts/Readme.md index a4b2ece9..c6899a8d 100644 --- a/preseed/hosts/Readme.md +++ b/preseed/hosts/Readme.md @@ -9,7 +9,7 @@ When this is done run the netinst image and intrd with the following boot comman auto=true interface=auto url=http://<ip of your machine>:8000/dione_debian-stretch.cfg netcfg/choose_interface=eno1 netcfg/get_hostname=dione netcfg/get_domain=spreadspace.org This example assumes you want to install the host `dione`. -For debugging you also add the following to the kernel command line: +For debugging you may add the following to the kernel command line: DEBCONF_DEBUG=5 diff --git a/preseed/hosts/dione_debian-stretch.cfg b/preseed/hosts/dione_debian-stretch.cfg index 32a9b274..5a7cffcb 100644 --- a/preseed/hosts/dione_debian-stretch.cfg +++ b/preseed/hosts/dione_debian-stretch.cfg @@ -109,5 +109,6 @@ d-i finish-install/reboot_in_progress note d-i preseed/late_command string \ lvremove -f dione/dummy; \ + in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \ in-target bash -c "sed 's#GRUB_CMDLINE_LINUX_DEFAULT.*#GRUB_CMDLINE_LINUX_DEFAULT=\"quiet nomodeset consoleblank=0\"#' -i /etc/default/grub && update-grub"; \ in-target bash -c "passwd -d root; passwd -l root; umask 077; mkdir -p /root/.ssh/; echo -e 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtmysXjBidEwJek6hBgaENiyVOwroFi19xRZZw+cYYqi6asDfF6B/h6gYNkJGWo0rD5ZaLdau1O210O5Xu+TfK1e2bZbxuFIj2fguUkat9wN6IQIO2m2Wcf4k/eiTmtAE3dp0l5ThMqfxxE8dj76mOOrUHCfJUIVoATGs4X5TLcGcXroAcZ+DFFoDzjxjFYNmIuUNtXDwXTpPc63SAYmRvW0ZYZlvH1qZ6irLh+GtE1dZ1Q5lQZvp6xUYcjInbpcd5Ko3KbG/In7sNmUCI7iaTwC4DPDTcHFj99Ll1jruAbdaQqe+ClZv55dbQ+92RDF6fsuQBD8FeRz7nYChvCqNPT1KOvcVsDtbW0iJ1PZ05QdE27w23wJj9OE0JWM09P3AH3ttswHaJ+P4s7mSxxK2m6YZcqop3czLlWWoGna0ynd5eV6l/rtvAQUvBOXjKQ5fPQY5d9cF0Z87NBE54HM9a/IKZ2toU2MuYNUpI/DUoAA9ILS4bJm3AUz8wbaC5EiuIhbM6I/u0NANamaQKRrolGNP4ETaQvhABs+S3/NSSBy4DMjtwax2BxyenF6i89vyHPNY+LZzBOn842yUlEGn6Z11MxiE5fhIfMPUclSYi5bQJDf1fvAyAo59/AX8sPqRK+/OCLIgLwdtW6D4OZGXjqrBJe2j/5uZSJEsl6ROyKw== equinox@spreadspace.org' > /root/.ssh/authorized_keys" diff --git a/preseed/hosts/helene_debian-stretch.cfg b/preseed/hosts/helene_debian-stretch.cfg index a711836f..44758e8d 100644 --- a/preseed/hosts/helene_debian-stretch.cfg +++ b/preseed/hosts/helene_debian-stretch.cfg @@ -109,5 +109,6 @@ d-i finish-install/reboot_in_progress note d-i preseed/late_command string \ lvremove -f helene/dummy; \ + in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \ in-target bash -c "sed 's#GRUB_CMDLINE_LINUX_DEFAULT.*#GRUB_CMDLINE_LINUX_DEFAULT=\"quiet nomodeset consoleblank=0\"#' -i /etc/default/grub && update-grub"; \ in-target bash -c "passwd -d root; passwd -l root; umask 077; mkdir -p /root/.ssh/; echo -e 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtmysXjBidEwJek6hBgaENiyVOwroFi19xRZZw+cYYqi6asDfF6B/h6gYNkJGWo0rD5ZaLdau1O210O5Xu+TfK1e2bZbxuFIj2fguUkat9wN6IQIO2m2Wcf4k/eiTmtAE3dp0l5ThMqfxxE8dj76mOOrUHCfJUIVoATGs4X5TLcGcXroAcZ+DFFoDzjxjFYNmIuUNtXDwXTpPc63SAYmRvW0ZYZlvH1qZ6irLh+GtE1dZ1Q5lQZvp6xUYcjInbpcd5Ko3KbG/In7sNmUCI7iaTwC4DPDTcHFj99Ll1jruAbdaQqe+ClZv55dbQ+92RDF6fsuQBD8FeRz7nYChvCqNPT1KOvcVsDtbW0iJ1PZ05QdE27w23wJj9OE0JWM09P3AH3ttswHaJ+P4s7mSxxK2m6YZcqop3czLlWWoGna0ynd5eV6l/rtvAQUvBOXjKQ5fPQY5d9cF0Z87NBE54HM9a/IKZ2toU2MuYNUpI/DUoAA9ILS4bJm3AUz8wbaC5EiuIhbM6I/u0NANamaQKRrolGNP4ETaQvhABs+S3/NSSBy4DMjtwax2BxyenF6i89vyHPNY+LZzBOn842yUlEGn6Z11MxiE5fhIfMPUclSYi5bQJDf1fvAyAo59/AX8sPqRK+/OCLIgLwdtW6D4OZGXjqrBJe2j/5uZSJEsl6ROyKw== equinox@spreadspace.org' > /root/.ssh/authorized_keys" diff --git a/roles/vm-install/templates/preseed_debian-stretch.cfg.j2 b/roles/vm-install/templates/preseed_debian-stretch.cfg.j2 index c20b607b..fcf8ddd1 100644 --- a/roles/vm-install/templates/preseed_debian-stretch.cfg.j2 +++ b/roles/vm-install/templates/preseed_debian-stretch.cfg.j2 @@ -101,4 +101,5 @@ d-i finish-install/reboot_in_progress note d-i preseed/late_command string \ lvremove -f {{ inventory_hostname }}/dummy; \ + in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \ in-target bash -c "passwd -d root; passwd -l root; umask 077; mkdir -p /root/.ssh/; echo -e '{{ sshserver_root_keys }}' > /root/.ssh/authorized_keys" diff --git a/vminstall.yaml b/vminstall.yaml index 6fe1e524..43fcf81b 100644 --- a/vminstall.yaml +++ b/vminstall.yaml @@ -10,7 +10,7 @@ roles: - role: vm-install -- import_playbook: "playbooks/{{ vmname }}.yaml" +- import_playbook: "host_playbooks/{{ vmname }}.yaml" - name: Reboot and wait for VM come back hosts: "{{ vmname }}" |