Last active
May 3, 2024 20:22
-
-
Save ThinGuy/4a4981d56cc27676cdcdf7797d2bbe5a to your computer and use it in GitHub Desktop.
Automated Install of Project Sunbeam - Tested under MAAS 3.3.4 and 3.4.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is a cloud-init script to deploy Sunbeam (aka Microstack) on multiple | |
| # nodes using MAAS. | |
| # | |
| # WARNING: | |
| # This cloud-init example uses pre-generated host ssh keys to make things easier on the administrator | |
| # when working on differnet nodes across the cluster. | |
| # !!!THEY ARE NOT REQUIRED!!! and can be removed. | |
| # | |
| # See: https://cloudinit.readthedocs.io/en/latest/reference/examples.html#configure-instance-s-ssh-keys | |
| # | |
| # If you choose to use this method, generate your own keys | |
| # | |
| # | |
| # THIS IS FOR ALL NODES IN CLUSTER | |
| # BE SURE TO CHANGE THE FOLLOWING ELEMENTS TO MATCH YOU ENVIRONMENT: | |
| # ssh_keys: | |
| # rsa_private: | |
| # rsa_public: | |
| # dsa_private: | |
| # dsa_public: | |
| # ecdsa_private: | |
| # ecdsa_public: | |
| # resolv_conf: -> nameservers: | |
| # resolv_conf: -> searchdomains: | |
| # resolv_conf: -> domain: | |
| # ubuntu_advantage: -> token: | |
| # ubuntu_advantage: -> config: -> http_proxy: | |
| # ubuntu_advantage: -> config: -> https_proxy: | |
| # ubuntu_advantage: -> config: -> global_apt_http_proxy: | |
| # ubuntu_advantage: -> config: -> global_apt_https_proxy: | |
| # timezone: | |
| # locale: | |
| # users: -> passwd: | |
| # users: -> ssh_import_id: | |
| # apt: -> primary -> uri: | |
| # apt: -> security -> uri: | |
| # apt: -> sources_list: | |
| # Snip @ # cloud-config, do not copy the lines above. | |
| #cloud-config | |
| final_message: "Canonical Sunbeam: Openstack Cluster Installation completed in $UPTIME" | |
| resolv_conf: | |
| nameservers: ['172.27.44.1', '172.27.46.1'] | |
| searchdomains: | |
| - atx.orangebox.me | |
| - orangebox.me | |
| domain: atx.orangebox.me | |
| options: | |
| rotate: true | |
| timeout: 1 | |
| timezone: 'America/Los_Angeles' | |
| locale: 'en_US.UTF-8' | |
| allow_public_ssh_keys: true | |
| ssh_quiet_keygen: true | |
| ssh_publish_hostkeys: | |
| enabled: true | |
| ssh_deletekeys: false | |
| ssh_keys: | |
| rsa_private: | | |
| -----BEGIN OPENSSH PRIVATE KEY----- | |
| b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn | |
| NhAAAAAwEAAQAAAYEAvXsRi8QQCS1l03ngGbMke1wOqZLjx54+W8HYpebyOhd3TxT2FYnB | |
| uN5mOUMI7aMaoPVDuK6px0i/bI6PHMT+Lq42iYXr1TvHjiucs3WLmlBkblzf0m4BJzImu2 | |
| Yu19GTJthtjBFdr+MRnimGu98y48cBfN1EuFTSZ0mksD7IUtXWO/kNUDhXbJiJ6a+1+7tM | |
| W/DhnKkpVlInJt5c4sDRx2ol6rw2gBcUtgdXyWHjV4CLMnld/ef/3sLLjzgaUVYA9//lmc | |
| UEWcg1+lwTbaah92p28EOlGxsD4VQW/VkEY5/tjcViZ5ySx+5Yzz+TgOxPx+4SteBScPvu | |
| m6ewWZc2CL4rfRdGB+aqf6cqqA8EpUNpvrtiwbm1T6Tti/rn8JGKgGOeULMa+mSSRyfQym | |
| xhNyQQo1PnJq9bU1l/vlD4bwwxid2aUyZ3QZmJtA56bYbs84zoCgaF1u3qzNdwzVs6uf6P | |
| poHZuPG1Rsr1J+U8QAA0mFOmcOwRzkJM1xLBt3UBAAAFiBahwkEWocJBAAAAB3NzaC1yc2 | |
| EAAAGBAL17EYvEEAktZdN54BmzJHtcDqmS48eePlvB2KXm8joXd08U9hWJwbjeZjlDCO2j | |
| GqD1Q7iuqcdIv2yOjxzE/i6uNomF69U7x44rnLN1i5pQZG5c39JuAScyJrtmLtfRkybYbY | |
| wRXa/jEZ4phrvfMuPHAXzdRLhU0mdJpLA+yFLV1jv5DVA4V2yYiemvtfu7TFvw4ZypKVZS | |
| JybeXOLA0cdqJeq8NoAXFLYHV8lh41eAizJ5Xf3n/97Cy484GlFWAPf/5ZnFBFnINfpcE2 | |
| 2mofdqdvBDpRsbA+FUFv1ZBGOf7Y3FYmecksfuWM8/k4DsT8fuErXgUnD77punsFmXNgi+ | |
| K30XRgfmqn+nKqgPBKVDab67YsG5tU+k7Yv65/CRioBjnlCzGvpkkkcn0MpsYTckEKNT5y | |
| avW1NZf75Q+G8MMYndmlMmd0GZibQOem2G7POM6AoGhdbt6szXcM1bOrn+j6aB2bjxtUbK | |
| 9SflPEAANJhTpnDsEc5CTNcSwbd1AQAAAAMBAAEAAAGAAKbnQQ1cJsPuuUMOl9gLdJc0/7 | |
| VfLkUnnsY0eiGozLVe9jkyvZE7RukQ/fpykerBQTOG16BWOjbQXc3BxU4SN9PmoSOCU7oA | |
| bkdNIzrwz4eeSNjt9jnlrB5ajsODvr9cW8Jb4iL/KQdFfL9U1NmoQatiIG1ceqvkC3Hv7K | |
| FSrCJLOeqZ9qAzAM8njlPJ8wNKeHiENjdIyqC+vL4AINGcBy0g00VxhJBPxG6TCUDaeOca | |
| 04IiZijBsyEFdUkyofwDRFDcI/Am3fKivdIHYY7dwWR3HKCgQdgjUN3MKCPSZ408pavwyq | |
| m6Xq3IYLw6vVsQCC8rw6kktTuIqFUwkpIGCVo3UgRKgxLXBG0WAGZL1dZ1t+V7EvbyGYLY | |
| a3btp/2T7xQurDILF50AY7Mfs9bTNwR4rqoJovdozSXB1iUTXTX6pdDrwFyWiY5d92c1k/ | |
| 1rO6mN1DIlPHGSWh4XF55doynbNq1tRw0LLC+KaOpQ2fjPCpoPsAsY4V7vpush8vW/AAAA | |
| wBh81HQzsjfOkmznO4DDKqqod3L4LX0+AYMwnEdmb2J4BCYDXMI2UEnSsW10DJEvGJr25e | |
| ST3mxiOFxzvA8ZieGVye1TtUUmtVOddEx0Ssrfe9zSbLuKIaM7daOYIIDLgSe1GnXmLRa9 | |
| VHPRP8iLrxm/Ec3v0xkmGslt4M7h0IlSf2coyplBKx/Izr/9gtV8R8vXD5Fl3ATKF7tMrs | |
| kM9gZRbbJdjhuvHpBeFiB+xixoNhIzVtg4itLFkjgfie9ylwAAAMEAxXEv52b33alRReRE | |
| Rrt/UTPqk7ErS8T0xBXgqRESaSI228EqbUOcCdAbJjxtmIQPTAiLQYYfxaNL9nD8cmWk9G | |
| SZXxZmvS7QyVMuj+vbht9EHRAIbN+FF8ffqKKclfr3awbRNcwlFnFCWZUqTqV14vS8I3T0 | |
| +hXjFskH2GRtWX65aLwirm/FcSkd8RKd/Z/JAtDgHnLllrdfPfPNXrn1vm2pWBcjy/Oez4 | |
| pOf3GKcmJkAqEbMpavf2ZaOtswN+YzAAAAwQD1rWlL3NnaWAJFeUiGkRgjaH6iHs+OLZNd | |
| 0ueAAzY8vjKKwCUg7IJ8GaKtbnVHbOugj+AyC3JialtGl9/h+dFcuCscvdwKLT8D+dBnRG | |
| JMCLH/q2LoabmiEn1b2rYo8FhwnlxJM9TKTP6HYoNVJabTHzWxkorcgwc20lTRBYI+mYzL | |
| 6KDCaZyl+cLemR189jaUc/PFAdKrJS5An0jxO1+gwLhKSLQ/gGNnHerSxI/8jDQFZ0nY+P | |
| KFj0rB7Mq5O/sAAAASdWJ1bnR1QG9yYW5nZWJveDQ0AQ== | |
| -----END OPENSSH PRIVATE KEY----- | |
| rsa_public: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9exGLxBAJLWXTeeAZsyR7XA6pkuPHnj5bwdil5vI6F3dPFPYVicG43mY5Qwjtoxqg9UO4rqnHSL9sjo8cxP4urjaJhevVO8eOK5yzdYuaUGRuXN/SbgEnMia7Zi7X0ZMm2G2MEV2v4xGeKYa73zLjxwF83US4VNJnSaSwPshS1dY7+Q1QOFdsmInpr7X7u0xb8OGcqSlWUicm3lziwNHHaiXqvDaAFxS2B1fJYeNXgIsyeV395//ewsuPOBpRVgD3/+WZxQRZyDX6XBNtpqH3anbwQ6UbGwPhVBb9WQRjn+2NxWJnnJLH7ljPP5OA7E/H7hK14FJw++6bp7BZlzYIvit9F0YH5qp/pyqoDwSlQ2m+u2LBubVPpO2L+ufwkYqAY55Qsxr6ZJJHJ9DKbGE3JBCjU+cmr1tTWX++UPhvDDGJ3ZpTJndBmYm0DnpthuzzjOgKBoXW7erM13DNWzq5/o+mgdm48bVGyvUn5TxAADSYU6Zw7BHOQkzXEsG3dQE= root@orangebox44 | |
| dsa_private: | | |
| -----BEGIN OPENSSH PRIVATE KEY----- | |
| b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABsQAAAAdzc2gtZH | |
| NzAAAAgQCoSEmJgZrWn1ghxEAjpII+HzY4hWPm7dDaWy4bQtgKyF3iMZtgExtfX+nXGyoV | |
| gR9r3IyTnFESQXm/U9BSOlFGzytOC3iqkJdiMnrFA2ZtA/ZMiaRS3w8QVNJYtqJeJ1iIsb | |
| +yqtUCx7GIwPL2cvyzWWHArcnHd0EwjGxnuzUy0QAAABUAv8DtP3uzbWWmxDR0utLu5rK6 | |
| JUcAAACALzu32kpKx2jcWY9V7rGK2YcLnPQblx9z2a/RhC19XV1D51te3n8vS29F0eo4Fx | |
| 0VEmZPIZ7Q0Af6VOHTfi3MWihIwQnrtGd/Qrdu6qNblur8Ndj+/RJeQUuaD1QIzPpuRoGU | |
| BhKRoHmX/sJQ8f4Tp11r3IALrYAUYHziUjhkXAEAAACAN1D2sdxGhwQ2M0wT3VMi/bJ2Sg | |
| f+L29/NxuQox17dNhC0RRYizn6igAk7QNLySE9WfU9UwTpG1YlSFFp8dnfe6BSr9o35ehw | |
| ATA29lG6LkFg38HdHez3BH/5OIQKvDUhm3Tqgv0ixOESUW/qmiIZMuiS/5zaQPZ0ZtZETb | |
| LtnCQAAAHoElvbbRJb220AAAAHc3NoLWRzcwAAAIEAqEhJiYGa1p9YIcRAI6SCPh82OIVj | |
| 5u3Q2lsuG0LYCshd4jGbYBMbX1/p1xsqFYEfa9yMk5xREkF5v1PQUjpRRs8rTgt4qpCXYj | |
| J6xQNmbQP2TImkUt8PEFTSWLaiXidYiLG/sqrVAsexiMDy9nL8s1lhwK3Jx3dBMIxsZ7s1 | |
| MtEAAAAVAL/A7T97s21lpsQ0dLrS7uayuiVHAAAAgC87t9pKSsdo3FmPVe6xitmHC5z0G5 | |
| cfc9mv0YQtfV1dQ+dbXt5/L0tvRdHqOBcdFRJmTyGe0NAH+lTh034tzFooSMEJ67Rnf0K3 | |
| buqjW5bq/DXY/v0SXkFLmg9UCMz6bkaBlAYSkaB5l/7CUPH+E6dda9yAC62AFGB84lI4ZF | |
| wBAAAAgDdQ9rHcRocENjNME91TIv2ydkoH/i9vfzcbkKMde3TYQtEUWIs5+ooAJO0DS8kh | |
| PVn1PVME6RtWJUhRafHZ33ugUq/aN+XocAEwNvZRui5BYN/B3R3s9wR/+TiECrw1IZt06o | |
| L9IsThElFv6poiGTLokv+c2kD2dGbWRE2y7ZwkAAAAFDTRfUS3IxCBuMGIwgW0BeOhmicf | |
| AAAAEnVidW50dUBvcmFuZ2Vib3g0NAE= | |
| -----END OPENSSH PRIVATE KEY----- | |
| dsa_public: ssh-dss AAAAB3NzaC1kc3MAAACBAKhISYmBmtafWCHEQCOkgj4fNjiFY+bt0NpbLhtC2ArIXeIxm2ATG19f6dcbKhWBH2vcjJOcURJBeb9T0FI6UUbPK04LeKqQl2IyesUDZm0D9kyJpFLfDxBU0li2ol4nWIixv7Kq1QLHsYjA8vZy/LNZYcCtycd3QTCMbGe7NTLRAAAAFQC/wO0/e7NtZabENHS60u7msrolRwAAAIAvO7faSkrHaNxZj1XusYrZhwuc9BuXH3PZr9GELX1dXUPnW17efy9Lb0XR6jgXHRUSZk8hntDQB/pU4dN+LcxaKEjBCeu0Z39Ct27qo1uW6vw12P79El5BS5oPVAjM+m5GgZQGEpGgeZf+wlDx/hOnXWvcgAutgBRgfOJSOGRcAQAAAIA3UPax3EaHBDYzTBPdUyL9snZKB/4vb383G5CjHXt02ELRFFiLOfqKACTtA0vJIT1Z9T1TBOkbViVIUWnx2d97oFKv2jfl6HABMDb2UbouQWDfwd0d7PcEf/k4hAq8NSGbdOqC/SLE4RJRb+qaIhky6JL/nNpA9nRm1kRNsu2cJA== root@orangebox44 | |
| ecdsa_private: | | |
| -----BEGIN OPENSSH PRIVATE KEY----- | |
| b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS | |
| 1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQQTyt2sfAYol2QEPfI1KgqnixHk3dof | |
| 5WHypJgQzqFvnchAJSlktQNOmAENINK+2OojYhZ8gvJkpmg1rh3geznCAAAAsApwPn4KcD | |
| 5+AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBPK3ax8BiiXZAQ9 | |
| 8jUqCqeLEeTd2h/lYfKkmBDOoW+dyEAlKWS1A06YAQ0g0r7Y6iNiFnyC8mSmaDWuHeB7Oc | |
| IAAAAhAOrW4guPUlABXvq0Jv1eiVOLaRhSbuIjPzXIzoosM4TcAAAAEnVidW50dUBvcmFu | |
| Z2Vib3g0NAECAwQF | |
| -----END OPENSSH PRIVATE KEY----- | |
| ecdsa_public: ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBPK3ax8BiiXZAQ98jUqCqeLEeTd2h/lYfKkmBDOoW+dyEAlKWS1A06YAQ0g0r7Y6iNiFnyC8mSmaDWuHeB7OcI= root@orangebox44 | |
| ssh_pwauth: true | |
| groups: | |
| - ubuntu | |
| - microk8s | |
| - power | |
| users: | |
| - name: ubuntu | |
| uid: 1000 | |
| homedir: /home/ubuntu | |
| gecos: Default User | |
| groups: [ubuntu, adm, audio, cdrom, dialout, dip, floppy, kvm, lxd, microk8s, netdev, plugdev, power, sambashare, ssl-cert, sudo, video] | |
| primary_group: ubuntu | |
| # Salted Password: `echo -n ubuntu|mkpasswd --method=SHA-512 --rounds=4096 -s` | |
| # Password is ubuntu | |
| passwd: $6$rounds=4096$V8bRCE.We.C5VJVX$1sDFdMIWfNHn7KV.GTR4FydSQzmdjFtT74iFoWRk/Z9JpD238IQq.8sogRRcybLIjWHyii67ovUrIpbA2RRcf0 | |
| lock_passwd: false | |
| sudo: ALL=(ALL) NOPASSWD:ALL | |
| ssh_import_id: | |
| - "lp:craig-bender" | |
| shell: /bin/bash | |
| ssh_authorized_keys: | |
| - [email protected] AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBEU75cjothFeZVu84a2+TdOfT1eTi4FSLth2ZaPSEhgBzenwxcw1ZC01zOuvc9n0ZCfNCGXdV8e37EENs3phSfQAAAAEc3NoOg== root@hpz600 | |
| - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCcHM9zZP5Ca00FKtNDLk+PXXKeHJjgzGhNoMxKGWUDxq46ei5J0Bwz5G0zya+H1KbDNowBO4Az0cXWV3Zyq+m3KRamQdGH6rmEH9M7v8+OMdD9biJhWVhEOXfB0tSyxTjoipRTkyLdGZRdZ+o0Af7OxNx21Eo84QDR2H+4cBLwFA8l7yFJrY8aR0dPsWMcMBEdTydH13LvMV/dII1J6Fppfi+eDOoy8HpnlAs3411QNgR1IQow3vqpynnkaH68oRi2Db0bOQC6EUe2mCRVqI5Ro4OgtS9JlZJZ8BxikkyxujapH9K3xZYl6HG4lq7WWYIme4uMM2xo8rLMwfWytyjNfWJfRmNsxtUGywBQdIipe2FE7F05nPClmb4U2B5rAJiNjTJNCnhiZMaaF1C8kVExf4ldarZMTBHfQAoDizHrn6m4VPpVKCMM4zuc177QxPPtHSDMpgt2KXegJfXaU3UW4xc0aH8yrCX+4QPe9yQQ464edGf5iLwonheUVXxf58v3yVCDS3b7CBKpgU0xOIcsx8IPYkWfHKlBwtpZR1JVV0LiW9ivXyJJgQLOUGVQ70FeVx+uLT+HuWLc4rVLmzHMBJhpS+cEMGBnOSu5IXYfK2n4v1MrQBMS13SA6NwxZ15mf5FKs0oxFFk3qERTQl9+FhzGjwHq9vojX0vXXyML8w== [email protected] | |
| - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQlMc/o4eUxbL0F0steHR7cY8P7byjFGYg01FPtp9+8bPUtCQd3wE50DKzoQTOJZ7xjn4aVPUabtRLyA87phQGT+txQJuKetzqyDxbKHF6liMmFjBpxazBbhHfwhvUNsa4TYMBb612MXeWqTiaSD/6sc+Ji/XRPijRksD7XCu7RIgfragt8lPuNwOoLPjryECxApG3iATpzVsa+JO+i1iKtzfaqAQGy2YBvtjKP4dWMLAvfX2W+xhVEA07fmCe0cXqX8NEr9Jo+M3sRPNGvhY2hotASw0gooFxzfbBNdzZ3wRyaDPtwRJC9rk3UHmKd0w465U4BiC7aKTbVKZEUTzJZp0MTabso6Orh+dZr2XuyghuFq65h91cg+qUvlAYKMSNJLmESsRNM0s/iBFRxlkIp2ZwKIf+CFmMFp6B3tl6lHTyOZlq34Ug33cVEfCpu9qFfBdX5V/eaQuj4dO9cz5rbbkWXIx+HO7Fq2bZQaqN6Y0hv7NoJOHA3YriSWijiS0dojT/f8DW53DIRCEuGy7OE1+tSE7b3uCYaQpnaoUpl1PxteTWigh+oWSFePLPhFFM26hNfF3g30jAmqahBcuuS4W6l0my5lhsdZbPpiTaMqD8QsfZL1M3YGD1+fT5frAnetGQvlrUx1cV38cePqaihVrUNmgUvLoavhoLoa4rwQ== crAIg@everywhere | |
| - ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBADviK4QkET0s1TxcPH0ezmdLcAtlyvsM1kN5mYkupzoHuscB5cw6rU6MoHVylwzj41/U2zJYFGoWLOCahyg/dfpNQBqep0OdxcDm3aBnswD+Vac49zmOo56cNOJeluPIiHyIF3ys6k3NEGW9sBdNFMVFs4RX8SurFvPTqMSoQoSJ4PQ8Q== [email protected] | |
| - ssh-dss AAAAB3NzaC1kc3MAAACBALDQ3h02cUeIkPqG6oi33pfYRTH/k7Szaf50l/EHz8dS9ZBYyAyFnY5vqvcTyrrgfPxywSQSeKSWSvzI+Sz49b8TEfVHl3nRKp1yEYuTq7OJ+79kk9SkNQcI6f8tWh0hGfDiw3O7C/ZffC+N0ncahHkKDvsUsla5qjuGc9j+JhPRAAAAFQDs4NSEVSZ0EB3F+VdGEr6h0NOyLQAAAIBlOdG/2EymQmaUCqLbReeyA94wOw/Jfr/Zy4Y8x0Ee4m7f8r8FM9mF1xBm0BHDJOWn7BzLE6MUZPS6nt8eP70MT0SkvSi4xgxpl3kpggDmb7TBle/W/1SaVEg03ywLp+BnyDG4HlEyTguYEVVP1rcG+AsGNxinBFO51f/LAsSwiQAAAIBk2uzjqetziyWzND/vuW5QfeEYxkUKKSJR97Pz18WE1ogAldm6Ov9QrSEN5eE2/uGZ9eu/N+jp5HE+YFJivetKj+4EbRKn5JquylfeMPs3jAHkeRGKLBOZrYGNy6+dQ8G5UJ/Bw+MtfNqGXBjP7cB9IReiaSGZHj5HY7u95BCLfw== [email protected] | |
| - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDJF9CZEF5ZWFkiylHXZhX2DQ5lKpO3AWZl7M0/cA/In [email protected] | |
| - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/lkMJv3uV76OmZCx07K56qIWpD3UnkVqXyqpM9abak [email protected]_work_pw_2023_ed25519 | |
| - ssh-dss AAAAB3NzaC1kc3MAAACBAKjRfx8vqk3cjzRw/f0TEERFvmrqGu6SgmvuQ53qXUy20ZC553jcnXDXwQnXdvRAmjuBSJVfAcFbKreOJhkwP6/Tl47Mo5seYab9RZ3MRTMXr4bVgSous4m/lrLt4zpWxsbEISa7uqTaogPPUVSNReAiHzYcdWbh8f0luVCbyfb7AAAAFQDLxAZCcO07vZag4qYcUBsshX8YhQAAAIAdB08hFUQ2EHJrHGGGVovUGoo0r6YSy0YEtJ7sSeCSkFP2KTeOujA3uNaQDdxNHaoMc1sYb2OIZlQAsS63X4F36/GbGyVXVoSj9S5QCi74RF6cz+CHay1+UK1yjt/AsrweixccRp6/FKf9ZvEXx4f7+A/h8iGwdN7iHvG3ZesEeAAAAIB0Z7q1Id6cZEGn73AE/O9CJumnY8+HOk/KI+rkWZdDr7G5LR9HS8snhLg458GYVAMVWfEjx6acY+Xdn0Rx+l61WLFimG8lLOOUqqcDJbI1iJYy5MtIjDEKYEFlHAJBfnLQi//x3TJutZUxuLM//f2bvJWTeIMysdGh4/MuaJR7+w== [email protected]_work_pw_2023_dsa | |
| - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCm6mabpLiOlFuA1/M814yyrWc7GO6TqNWXbrqgU1KpRnd4Pjz0hyR8+w99/qst+NfAQWK3LjPQXZYPdvwrD1LVYZg8d05ZDfhixUfMlZq/5tIXUVhNEbA9GUR3iV3sY/Jki0DQMr4JBjxVqxzNNtfYwLwtsY7Sf6jVPxQt2p+YxBn/+IF4RN4g9BS+yaIvkl9e1VR+khQH5j1wMulnKs9xQl6kPZ0iGL+dCHos2KMfHAx6dEFzkH2eGES9X+EBMXfnaxL7CJBragq5Qb7LGxQiIldYLHQTBUlRRc4H9Hr37dRTwk2aLFHhh9h4/tQOTsEXW2igPEyLb75znGsbinB9ob3bOYErkyQJUyeDyGsTI2xKeIEYHHOBtmeS+YvcYCbcXipgsB9liThQ6vyxO5eau4yjUfWI2Rbq+QAhEm1VIDi4ihskrjIqQehx34MfNW/mS0JyJFIv2v8fzf1dOidy7Hax4IX9wVdLqBBgVWPE6DXy9oFB4ajVg1PUcXI1OYBi/wPumF50zsarj5Zs7/hqsdXw2PHioM6XOGCc0kylZm6mtOI1PEAM4QxUZW/5kgJJIfdn+jQCygi3Q+tTdhWKLbJU92dUx4dlMkyROkreJ+U04TT3wjzZsBtaz9KdMSnknEROU+uK+imo2SpU7HOLTSahViCtiKkUfLjtJYKkaw== [email protected]_work_pw_2023_rsa | |
| - ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACEPIilu+9J1BB4T/pJpvkKimj0xQLav0bIDMORuB7LiET62nX4Kv8gkJdAaks0yEhVlTcc6nLArnhHc7wDFC0Y4gESbJsdjpMNXtbbXf23B6LsXNPqV0LATu0gVpKHUzPfhNJz+UJSsICCB1wvlMMeaQZIFSgHilvKhA2sJnq+w/4mYA== [email protected]_work_pw_2023_ecdsa | |
| snap: | |
| commands: | |
| 00: ['snap', 'refresh', 'lxd', '--channel=latest/stable'] | |
| 01: ['snap', 'install', 'juju', '--channel=3.2/stable'] | |
| 02: ['snap', 'install', 'juju-db', '--channel=4.4/stable'] | |
| 03: ['snap', 'install', 'microk8s', '--channel=1.26-strict/stable'] | |
| 04: ['snap', 'install', 'openstack', '--channel=2023.1'] | |
| package_update: true | |
| package_upgrade: true | |
| packages: | |
| - avahi-daemon | |
| - avahi-utils | |
| - curl | |
| - jq | |
| - openssh-server | |
| - openssl | |
| - plocate | |
| - sshpass | |
| - ubuntu-advantage-tools | |
| - unzip | |
| - vim | |
| - wget | |
| - whois | |
| apt: | |
| conf: | | |
| APT { | |
| Get { | |
| Assume-Yes "True"; | |
| Fix-Broken "True"; | |
| Auto-Remove "True"; | |
| Purge "True"; | |
| }; | |
| Acquire { | |
| ForceIPv4 "True"; | |
| }; | |
| }; | |
| primary: | |
| - arches: [amd64] | |
| uri: http://us.archive.ubuntu.com/ubuntu | |
| security: | |
| - arches: [amd64] | |
| uri: http://us.archive.ubuntu.com/ubuntu | |
| sources_list: | | |
| deb [arch=amd64] $PRIMARY $RELEASE main universe restricted multiverse | |
| deb [arch=amd64] $PRIMARY $RELEASE-updates main universe restricted multiverse | |
| deb [arch=amd64] $SECURITY $RELEASE-security main universe restricted multiverse | |
| deb [arch=amd64] $PRIMARY $RELEASE-backports main universe restricted multiverse | |
| bootcmd: | |
| - ['cloud-init-per', 'once', 'msg0', 'sh', '-c', 'echo "\e[1;38;2;0;255;0m=========Starting BOOTCMD=========\e[0m"'] | |
| - ['cloud-init-per', 'once', 'env0', 'set', '-x'] | |
| - ['cloud-init-per', 'once', 'env1', 'cloud-init', 'schema', '--system'] | |
| - ['cloud-init-per', 'once', 'env2', 'export', 'DEBIAN_FRONTEND=noninteractive'] | |
| - ['cloud-init-per', 'once', 'apt0', 'apt-get', '--option=Acquire::ForceIPv4=true', 'update'] | |
| - ['cloud-init-per', 'once', 'apt1', 'apt-get', '--option=Acquire::ForceIPv4=true', 'install', '-fy', '--auto-remove', '--purge'] | |
| - ['cloud-init-per', 'once', 'msg1', 'sh', '-c', 'echo "\e[1;38;2;0;255;0m=========Finished BOOTCMD=========\e[0m"'] | |
| runcmd: | |
| - set -x | |
| - sh -c 'echo "\e[1;38;2;0;255;0m=========Starting RUNCMDs=========\e[0m"' | |
| - export DEBIAN_FRONTEND=noninteractive | |
| - update-alternatives --set editor /usr/bin/vim.basic | |
| - find /etc/ssh/ -type f -iname "*.pub"|xargs bash -c 'su - $(id -un 1000) -c '"'"'tee -a ~/.ssh/authorized_keys'"'"'' | |
| - |- | |
| cat <<CISUDOERS |sed -r 's/[ \t]+$//g'|tee 1>/dev/null -a /etc/sudoers.d/90-cloud-init-users | |
| Defaults$(printf "\t")env_keep+="LXD* SB* CLUSTER* PG* MAAS* RBAC* CANDID* LDS* SSP* DISPLAY EDITOR HOME LANG* LC* PS* *_IP *_PROXY *_proxy" | |
| Defaults$(printf "\t")secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:\$HOME/.local/bin" | |
| CISUDOERS | |
| - sh -c 'echo "\e[1;38;2;233;84;20m=========Starting Sunbeam Basic cluster Installation=========\e[0m"' | |
| - |- | |
| cat <<SBPRESEED |sed -r 's/[ \t]+$//g'|su - $(id -un 1000) -c 'tee ~/sunbeam-preseed.yaml' | |
| addons: | |
| metallb: 10.249.148.200-10.249.148.210 | |
| user: | |
| run_demo_setup: True | |
| username: demo | |
| password: infra123 | |
| cidr: 192.168.122.0/24 | |
| security_group_rules: True | |
| remote_access_location: remote | |
| external_network: | |
| cidr: 10.246.112.0/21 | |
| gateway: 10.246.112.1 | |
| start: 10.246.116.41 | |
| end: 10.246.116.61 | |
| network_type: flat | |
| segmentation_id: 0 | |
| nic: enx1 | |
| microceph_config: | |
| $(hostname -f): | |
| osd_devices: /dev/sdb | |
| SBPRESEED | |
| - su - $(id -un 1000) -c 'mkdir -p /home/$(id -un 1000)/.local/share' | |
| - su - $(id -un 1000) -c 'mkdir -p /home/$(id -un 1000)/.config/openstack' | |
| - su - $(id -un 1000) -c 'printf "y\n"|ssh-keygen -t rsa -b 4096 -f /home/$(id -un 1000)/.ssh/id_rsa -P ""' | |
| - su - $(id -un 1000) -c 'printf "y\n"|ssh-keygen -t ecdsa -b 521 -f /home/$(id -un 1000)/.ssh/id_ecdsa -P ""' | |
| - su - $(id -un 1000) -c 'printf "y\n"|ssh-keygen -t dsa -b 1024 -f /home/$(id -un 1000)/.ssh/id_dsa -P ""' | |
| - su - $(id -un 1000) -c 'printf "y\n"|ssh-keygen -t ed25519 -f /home/$(id -un 1000)/.ssh/id_ed25519 -P ""' | |
| - if [ ! -f /home/$(id -un 1000)/.ssh/config ];then install -o$(id -un 1000) -g$(id -gn 1000) -m0755 -d /home/$(id -un 1000)/.ssh/config;fi | |
| - |- | |
| cat <<SSHEOF |sed -r 's/[ \t]+$//g'|su - $(id -un 1000) -c 'tee -a ~/.ssh/config' | |
| Host node*ob* *.atx.orangebox.me | |
| PreferredAuthentications publickey | |
| PubkeyAuthentication yes | |
| PasswordAuthentication no | |
| User $(id -un 1000) | |
| IdentityFile ~/.ssh/id_rsa | |
| AddKeysToAgent yes | |
| AddressFamily inet | |
| CheckHostIP no | |
| ForwardAgent yes | |
| ForwardX11 yes | |
| ForwardX11Trusted yes | |
| LogLevel FATAL | |
| SendEnv LANG LC_* | |
| StrictHostKeyChecking no | |
| UserKnownHostsFile /dev/null | |
| ServerAliveInterval 60 | |
| ServerAliveCountMax 5 | |
| RequestTTY yes | |
| SSHEOF | |
| - usermod -a -G snap_daemon $(id -un 1000) | |
| - usermod -a -G snap_microk8s $(id -un 1000) | |
| - usermod -a -G microk8s $(id -un 1000) | |
| - su - $(id -un 1000) -c 'curl -sSlL -o /home/$(id -un 1000)/sunbeam-images.tar http://172.27.44.1:7001/sunbeam-images.tar' | |
| - |- | |
| newgrp snap_microk8s <<SBIMAGES | |
| su - $(id -un 1000) -c 'microk8s ctr image import --platform amd64 - < /home/$(id -un 1000)/sunbeam-images.tar' | |
| SBIMAGES | |
| - ((if [ -z "$(avahi-browse -rtp _sunbeam-cluster._tcp|awk -F';' '/=.*;IPv4.*SB_PRIMARY=/{gsub(/\x22/,"",$NF);print $NF}')" ];then ((nohup sh -c 'avahi-publish -s sunbeam-cluster _sunbeam-cluster._tcp 7000 "SB_PRIMARY=$(hostname -f)"') &);else ((nohup sh -c 'avahi-publish -s sunbeam-cluster _sunbeam-cluster._tcp 7000 "SB_SECONDARY=$(hostname -f)"') &);fi) &) | |
| - su - $(id -un 1000) -c 'sunbeam prepare-node-script | bash -x && newgrp snap_daemon' | |
| - sh -c 'echo "\e[1;38;2;233;84;20m=========Finished Basic Sunbeam Cluster Installation=========\e[0m"' | |
| - sh -c 'echo "\e[1;38;2;255;255;255m\e[1;48;2;233;84;20m=========Starting Sunbeam Multinode Cluster Installation=========\e[0m"' | |
| - export $(avahi-browse -rtp _sunbeam-cluster._tcp|awk -F';' '/=.*;IPv4.*SB_PRIMARY=/{gsub(/\x22/,"",$NF);print $NF}') | |
| - if [ "$SB_PRIMARY" = "$(hostname -f)" ];then su - $(id -un 1000) -c 'TZ=UTC export NOW=$(date +%s)sec;sunbeam cluster bootstrap -p ~/sunbeam-preseed.yaml --role control --role compute --role storage;printf "Sunbeam cluster bootstrapped in $(TZ=UTC date --date now-${NOW} '"'"'+%Hh:%Mm:%Ss'"'"')\n"';((nohup sh -c 'avahi-publish -s sunbeam-cluster-ready _sunbeam-cluster-ready._tcp 7000 "SB_PRIMARY=$(hostname -f)"') &);fi | |
| - if [ "$SB_PRIMARY" = "$(hostname -f)" ];then if [ -z "$(avahi-browse -rtp _sunbeam-primary-ready._tcp|awk -F";" '/=.*;IPv4.*SB_PRIMARY_STATUS=join/{gsub(/\x22/,"",$NF);print $NF}')" ];then ((nohup sh -c 'avahi-publish -s sunbeam-primary-ready _sunbeam-primary-ready._tcp 7000 "SB_PRIMARY_STATUS=join"') &);fi;fi | |
| - if [ "$SB_PRIMARY" != "$(hostname -f)" ];then if [ -n "$(avahi-browse -rtp _sunbeam-primary-ready._tcp|awk -F";" '/=.*;IPv4.*SB_PRIMARY_STATUS=join/{gsub(/\x22/,"",$NF);print $NF}')" ];then export SB_TOKEN="$(ssh -qtt $SB_PRIMARY sunbeam cluster add --name $(hostname -f) -f value)";fi;fi | |
| - if [ "$SB_PRIMARY" != "$(hostname -f)" -a -n "$(avahi-browse -rtp _sunbeam-primary-ready._tcp|awk -F";" '/=.*;IPv4.*SB_PRIMARY_STATUS=join/{gsub(/\x22/,"",$NF);print $NF}')" ];then export SB_TOKEN="$(ssh -qtt $SB_PRIMARY 'sunbeam cluster add -f value --name node09ob44.atx.orangebox.me' 2>&1|sed -r '1,6d'|sed -r 's/^[ \t]+|[ \t]+$//g')";sunbeam cluster join -p ~/sunbeam-preseed.yaml --role compute --role storage --role control --token $SB_TOKEN;fi | |
| - sh -c 'echo "\e[1;38;2;255;255;255m\e[1;48;2;233;84;20m=========Finished Sunbeam Multinode Cluster Installation=========\e[0m"' | |
| - sh -c 'echo "\e[1;38;2;0;255;0m=========Finished RUNCMDs=========\e[0m"' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # To speed up installation, Control plane OCI images are downloaded during Cloud-init and then preloaded into Microk8s. | |
| # Image Tarball: https://drive.google.com/file/d/1ijYkFqaWi7Y40y02cWOS12CIWYQvDT_A/view?usp=sharing | |
| # 1. Create directory to share images from | |
| sudo mkdir -p /srv/www | |
| sudo chown -R $(id -un 1000):$(id -gn 1000) /srv/www | |
| # 2. Download Google Download Service Cli | |
| sudo wget -q --show-progress -O /usr/local/bin/goodls https://github.com/tanaikech/goodls/releases/download/$(curl -sSlL https://github.com/tanaikech/goodls/releases/latest|awk '/breadcrumb-item-selected/{print $NF}')/goodls_$(uname|awk '{print tolower($0)}')_amd64 | |
| sudo chmod +x /usr/local/bin/goodls | |
| goodls -u https://drive.google.com/file/d/1ijYkFqaWi7Y40y02cWOS12CIWYQvDT_A/view?usp=sharing -d /srv/www/ | |
| # 3. Start a simple webserver to serve the image tarball | |
| # 3.1 Ad-hoc/Manual Run: | |
| nohup >> /tmp/sunbeam-image-service.service.log 2>&1 bash -c '((cd /srv/www && python3 -m http.server 7001|tee -a /tmp/sunbeam-image-service.service.log) &)' | |
| ### OR #### | |
| # 3.2 Systemd Service: | |
| cat <<SUNBEAM |sed 's/[ \t]*$//g'|sudo tee 1>/dev/null /etc/systemd/system/sunbeamimage.service | |
| [Unit] | |
| Description=Simple Python3 Webserver to host Sunbeam Control Plane Images on port 7001 | |
| After=syslog.target network-online.target nss-lookup.target | |
| Wants=network-online.target | |
| ConditionPathIsDirectory=/srv/www | |
| ConditionPathExists=/srv/www/sunbeam-images.tar | |
| [Service] | |
| Type=simple | |
| User=$(id -un 1000) | |
| PIDFile=/run/sunbeamimage.pid | |
| ExecStartPre=/usr/bin/rm -f /run/sunbeamimage.pid | |
| ExecStart=/bin/bash -c '(cd /srv/www && python3 -m http.server 7001)' | |
| Restart=on-failure | |
| RestartSec=5 | |
| ExecReload=/bin/kill -s HUP $MAINPID | |
| ExecStop=/bin/kill -s QUIT $MAINPID | |
| KillSignal=SIGQUIT | |
| TimeoutStopSec=5 | |
| KillMode=process | |
| StandardOutput=journal | |
| [Install] | |
| WantedBy=multi-user.target | |
| SUNBEAM | |
| sudo systemctl daemon-reload | |
| sudo systemctl enable sunbeamimage.service | |
| sudo systemctl start sunbeamimage.service |
@ThinGuy you are leaking private keys
I appreciate the heads-up, but this is an example from an early build release that used pre-generated SSH private keys to facilitate a zero-touch build.
This evolved to use a different mechanism (avahi) to announce cluster members and join the cluster (initial work is at th end of the script).
FYI: It's a valid use of Cloud-Init.
Again, I appreciate the heads-up and understand that someone could unknowingly have an issue if they use this exact cloud-init file.
I'll add a note.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@ThinGuy you are leaking private keys