acidprime · February 12, 2021 18:16
diff --git a/ca.sh b/ca.sh
 #!/bin/bash -x
 rm -rf ca
 rm -rf certs
 mkdir -p ca
 openssl genrsa -out ca/ca_key.pem 2048
 openssl rsa -in ca/ca_key.pem -pubout -out ca/ca_pub.pem
 openssl req \
  -x509 \
  -new \
  -nodes \
  -key ca/ca_key.pem \
  -sha256 \
  -days 3000 \
  -out ca/ca_crt.pem \
  -config openssl.conf
 touch ca/inventory.txt
 echo "03" > ca/serial
 openssl ca \
  -create_serial \
  -config openssl.conf \
  -crldays 1460 \
  -gencrl \
  -out ca/ca_crl.pem
diff --git a/code.sh b/code.sh
 #!/bin/bash -x
 yum install git -y
 yum update -y nss curl libcurl
 /opt/puppetlabs/puppet/bin/gem install r10k
 mkdir -p ~/.ssh
 ssh-keyscan github.com > ~/.ssh/known_hosts
 cp /etc/puppetlabs/puppet/ssl/id_rsa ~/.ssh/id_rsa
 /opt/puppetlabs/puppet/bin/r10k \
  deploy environment \
  -p \
  -v debug2 \
  --color \
  -c /etc/puppetlabs/puppet/ssl/r10k.yaml
 /opt/puppetlabs/bin/puppet agent -t

diff --git a/openssl.conf b/openssl.conf
 [ default ]
 ca                      = root-ca

 [ ca ]
 default_ca              = root_ca

 [ root_ca ]
 dir               = /etc/puppetlabs/puppet/ssl/ca
 certs             = $dir/certs
 serial            = $dir/serial
 database          = $dir/inventory.txt
 private_key       = $dir/ca_key.pem
 certificate       = $dir/ca_crt.pem
 crl               = $dir/ca_crl.pem
 unique_subject    = no
 default_md        = sha1
 default_days    = 365
 default_crl_days= 365 
 preserve        = no

 [req]
 default_bits = 2048
 prompt = no
 distinguished_name = req_distinguished_name
 req_extensions     = req_ext

 [ req_distinguished_name ]
 CN = "Puppet CA: puppet.homeops.tech"

 [v3_req]
 # Extensions to add to a certificate request
 basicConstraints = CA:FALSE
 keyUsage = digitalSignature, keyEncipherment
 subjectAltName = @alt_names

 [ req_ext ]
 subjectAltName = @alt_names

 [alt_names]
 DNS.1   = puppet.homeops.tech
 DNS.2   = puppet
diff --git a/puppet.cfg b/puppet.cfg
 # CentOS 7.x kickstart file - puppet.cfg
 # Required settings
 lang en_US.UTF-8
 keyboard us
 rootpw packer
 authconfig --enableshadow --enablemd5
 timezone UTC

 # Optional settings
 install
 cdrom
 user --name=packer --plaintext --password packer
 services --disabled=NetworkManager --enabled=network,sshd
 unsupported_hardware
 network --bootproto=dhcp
 firewall --disabled
 selinux --permissive
 bootloader --location=mbr
 text
 skipx
 zerombr
 clearpart --all --initlabel
 autopart --type=lvm
 firstboot --disabled
 selinux --permissive

 reboot
 network --onboot yes --device ens33 \
  --bootproto=static \
  --ip=192.168.53.53 \
  --netmask=255.255.255.0 \
  --gateway=192.168.53.1 \
  --nameserver=192.168.53.60 \
  --nameserver=192.168.53.70 \
  --noipv6 \
  --hostname=puppet.homeops.tech

 %packages --nobase --ignoremissing --excludedocs
 # packer needs this to copy initial files via scp
 openssh-clients
 @base
 kernel-headers
 kernel-devel
 gcc
 make
 perl
 curl
 wget
 bzip2
 dkms
 patch
 net-tools
 git
 sudo
 nfs-utils
 %end

 %post --log=/var/log/post-install.log
 # Disable 'consistent network device naming' and make things act more or less reasonable in a VM-oriented context.
 echo > /etc/udev/rules.d/70-persistent-net.rules
 echo > /etc/udev/rules.d/75-persistent-net-generator.rules

 sed -i'' -e '/UUID=/d' /etc/sysconfig/network-scripts/ifcfg-ens33
 sed -i'' -e '/HWADDR=/d' /etc/sysconfig/network-scripts/ifcfg-ens33
 sed -i'' -e '/DHCP_HOSTNAME=/d' /etc/sysconfig/network-scripts/ifcfg-ens33
 sed -i'' -e 's/NM_CONTROLLED=.*/NM_CONTROLLED="no"/' /etc/sysconfig/network-scripts/ifcfg-ens33

 echo "Setting up ifcfg-ens33"

 for nic in /etc/sysconfig/network-scripts/ifcfg-eth*; do sed -i /HWADDR/d $nic; done
 sed -i -e '/#UseDNS yes/a UseDNS no' /etc/ssh/sshd_config
 yum -y remove networkmanager

 # Configure Synology LDAP
 authconfig --kickstart --enableshadow --enablemd5 --enableldap --enableldapauth --ldapserver synology.homeops.tech --ldapbasedn dc=homeops,dc=tech

 # configure packer user in sudoers
 echo "%packer ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/packer
 chmod 0440 /etc/sudoers.d/packer
 cp /etc/sudoers /etc/sudoers.orig
 sed -i "s/^\(.*requiretty\)$/#\1/" /etc/sudoers

 # Configure Puppet
 mkdir -p /etc/puppetlabs/puppet/ssl

 echo '#!/bin/sh' > /etc/rc.d/rc.local
 chmod 0755 /etc/rc.d/rc.local
 echo 'mkdir -p /etc/puppetlabs/puppet/ssl' >> /etc/rc.d/rc.local
 echo 'mount -t nfs synology.homeops.tech:/volume1/ssl /etc/puppetlabs/puppet/ssl/' >> /etc/rc.d/rc.local

 echo 'yum clean all' >> /etc/rc.d/rc.local
 echo 'yum update' >> /etc/rc.d/rc.local

 echo '!!!!!Replace with your ca.sh!!!!!'>> /etc/rc.d/rc.local
 echo '!!!!!Replace with your puppetserver.sh!!!!!'>> /etc/rc.d/rc.local
 echo '!!!!!Replace with your code.sh!!!!!'>> /etc/rc.d/rc.local

 echo '/usr/bin/rm -rf /etc/rc.d/rc.local' >> /etc/rc.d/rc.local
 %end
diff --git a/puppet.json b/puppet.json
 {
   "_comment": "Build with `ESXI_PASSWORD=foo packer build puppet.json`",
   "variables": {
     "esxi_password": ""
   },
   "builders": [
     {
       "vm_name": "puppet.homeops.tech",
       "type": "vmware-iso",
       "iso_url": "http://ftp.iij.ad.jp/pub/linux/centos-vault/7.2.1511/isos/x86_64/CentOS-7-x86_64-DVD-1511.iso",
       "iso_checksum": "4c6c65b5a70a1142dadb3c65238e9e97253c0d3a",
       "iso_checksum_type": "sha1",
       "ssh_username": "packer",
       "ssh_password": "packer",
       "ssh_wait_timeout": "10m",
       "disk_size": "100000",
       "tools_upload_flavor": "linux",
       "guest_os_type": "centos-64",
       "remote_type": "esx5",
       "remote_username": "root",
       "remote_password": "",
       "remote_datastore": "synology.homeops.tech",
       "remote_cache_datastore": "datastore1",
       "remote_host": "esxi.homeops.tech",
       "ssh_wait_timeout": "1000s",
       "keep_registered": true,
       "headless": "false",
       "shutdown_command": "sudo /sbin/halt -p",
       "floppy_files": [
           "floppy/puppet.cfg"
         ],
       "boot_command": [
         "<tab> inst.text inst.ks=hd:fd0:/puppet.cfg <enter><wait>"
       ],
       "vmx_data": {
         "ethernet0.networkName": "VM Net",
         "config.version": 8,
         "virtualHW.version": 8,
         "ethernet0.present": "TRUE",
         "ethernet0.virtualDev": "e1000",
         "ethernet0.startConnected": "TRUE",
         "ethernet0.addressType": "generated",
         "ethernet0.generatedAddressOffset": "0",
         "ethernet0.wakeOnPcktRcv": "FALSE",
         "memsize": "3096",
         "cpuid.coresPerSocket": "1",
         "numvcpus": "4",
         "vhv.enable": "TRUE",
         "RemoteDisplay.vnc.enabled": "TRUE",
         "RemoteDisplay.vnc.port":  "5900"
       }
     }
   ]
 }
diff --git a/puppetserver.sh b/puppetserver.sh
 #!/bin/bash -x
 wget https://yum.puppet.com/puppet6-release-el-7.noarch.rpm
 rpm -Uvh puppet6-release-el-7.noarch.rpm
 yum install puppet -y
 yum install puppetserver -y
 puppetserver ca setup
 systemctl start puppetserver
	#!/bin/bash -x
	rm -rf ca
	rm -rf certs
	mkdir -p ca
	openssl genrsa -out ca/ca_key.pem 2048
	openssl rsa -in ca/ca_key.pem -pubout -out ca/ca_pub.pem
	openssl req \
	-x509 \
	-new \
	-nodes \
	-key ca/ca_key.pem \
	-sha256 \
	-days 3000 \
	-out ca/ca_crt.pem \
	-config openssl.conf
	touch ca/inventory.txt
	echo "03" > ca/serial
	openssl ca \
	-create_serial \
	-config openssl.conf \
	-crldays 1460 \
	-gencrl \
	-out ca/ca_crl.pem
	#!/bin/bash -x
	yum install git -y
	yum update -y nss curl libcurl
	/opt/puppetlabs/puppet/bin/gem install r10k
	mkdir -p ~/.ssh
	ssh-keyscan github.com > ~/.ssh/known_hosts
	cp /etc/puppetlabs/puppet/ssl/id_rsa ~/.ssh/id_rsa
	/opt/puppetlabs/puppet/bin/r10k \
	deploy environment \
	-p \
	-v debug2 \
	--color \
	-c /etc/puppetlabs/puppet/ssl/r10k.yaml
	/opt/puppetlabs/bin/puppet agent -t
	[ default ]
	ca = root-ca

	[ ca ]
	default_ca = root_ca

	[ root_ca ]
	dir = /etc/puppetlabs/puppet/ssl/ca
	certs = $dir/certs
	serial = $dir/serial
	database = $dir/inventory.txt
	private_key = $dir/ca_key.pem
	certificate = $dir/ca_crt.pem
	crl = $dir/ca_crl.pem
	unique_subject = no
	default_md = sha1
	default_days = 365
	default_crl_days= 365
	preserve = no

	[req]
	default_bits = 2048
	prompt = no
	distinguished_name = req_distinguished_name
	req_extensions = req_ext

	[ req_distinguished_name ]
	CN = "Puppet CA: puppet.homeops.tech"

	[v3_req]
	# Extensions to add to a certificate request
	basicConstraints = CA:FALSE
	keyUsage = digitalSignature, keyEncipherment
	subjectAltName = @alt_names

	[ req_ext ]
	subjectAltName = @alt_names

	[alt_names]
	DNS.1 = puppet.homeops.tech
	DNS.2 = puppet
	# CentOS 7.x kickstart file - puppet.cfg
	# Required settings
	lang en_US.UTF-8
	keyboard us
	rootpw packer
	authconfig --enableshadow --enablemd5
	timezone UTC

	# Optional settings
	install
	cdrom
	user --name=packer --plaintext --password packer
	services --disabled=NetworkManager --enabled=network,sshd
	unsupported_hardware
	network --bootproto=dhcp
	firewall --disabled
	selinux --permissive
	bootloader --location=mbr
	text
	skipx
	zerombr
	clearpart --all --initlabel
	autopart --type=lvm
	firstboot --disabled
	selinux --permissive

	reboot
	network --onboot yes --device ens33 \
	--bootproto=static \
	--ip=192.168.53.53 \
	--netmask=255.255.255.0 \
	--gateway=192.168.53.1 \
	--nameserver=192.168.53.60 \
	--nameserver=192.168.53.70 \
	--noipv6 \
	--hostname=puppet.homeops.tech

	%packages --nobase --ignoremissing --excludedocs
	# packer needs this to copy initial files via scp
	openssh-clients
	@base
	kernel-headers
	kernel-devel
	gcc
	make
	perl
	curl
	wget
	bzip2
	dkms
	patch
	net-tools
	git
	sudo
	nfs-utils
	%end

	%post --log=/var/log/post-install.log
	# Disable 'consistent network device naming' and make things act more or less reasonable in a VM-oriented context.
	echo > /etc/udev/rules.d/70-persistent-net.rules
	echo > /etc/udev/rules.d/75-persistent-net-generator.rules

	sed -i'' -e '/UUID=/d' /etc/sysconfig/network-scripts/ifcfg-ens33
	sed -i'' -e '/HWADDR=/d' /etc/sysconfig/network-scripts/ifcfg-ens33
	sed -i'' -e '/DHCP_HOSTNAME=/d' /etc/sysconfig/network-scripts/ifcfg-ens33
	sed -i'' -e 's/NM_CONTROLLED=.*/NM_CONTROLLED="no"/' /etc/sysconfig/network-scripts/ifcfg-ens33

	echo "Setting up ifcfg-ens33"

	for nic in /etc/sysconfig/network-scripts/ifcfg-eth*; do sed -i /HWADDR/d $nic; done
	sed -i -e '/#UseDNS yes/a UseDNS no' /etc/ssh/sshd_config
	yum -y remove networkmanager

	# Configure Synology LDAP
	authconfig --kickstart --enableshadow --enablemd5 --enableldap --enableldapauth --ldapserver synology.homeops.tech --ldapbasedn dc=homeops,dc=tech

	# configure packer user in sudoers
	echo "%packer ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/packer
	chmod 0440 /etc/sudoers.d/packer
	cp /etc/sudoers /etc/sudoers.orig
	sed -i "s/^\(.*requiretty\)$/#\1/" /etc/sudoers

	# Configure Puppet
	mkdir -p /etc/puppetlabs/puppet/ssl

	echo '#!/bin/sh' > /etc/rc.d/rc.local
	chmod 0755 /etc/rc.d/rc.local
	echo 'mkdir -p /etc/puppetlabs/puppet/ssl' >> /etc/rc.d/rc.local
	echo 'mount -t nfs synology.homeops.tech:/volume1/ssl /etc/puppetlabs/puppet/ssl/' >> /etc/rc.d/rc.local

	echo 'yum clean all' >> /etc/rc.d/rc.local
	echo 'yum update' >> /etc/rc.d/rc.local

	echo '!!!!!Replace with your ca.sh!!!!!'>> /etc/rc.d/rc.local
	echo '!!!!!Replace with your puppetserver.sh!!!!!'>> /etc/rc.d/rc.local
	echo '!!!!!Replace with your code.sh!!!!!'>> /etc/rc.d/rc.local

	echo '/usr/bin/rm -rf /etc/rc.d/rc.local' >> /etc/rc.d/rc.local
	%end
	{
	"_comment": "Build with `ESXI_PASSWORD=foo packer build puppet.json`",
	"variables": {
	"esxi_password": ""
	},
	"builders": [
	{
	"vm_name": "puppet.homeops.tech",
	"type": "vmware-iso",
	"iso_url": "http://ftp.iij.ad.jp/pub/linux/centos-vault/7.2.1511/isos/x86_64/CentOS-7-x86_64-DVD-1511.iso",
	"iso_checksum": "4c6c65b5a70a1142dadb3c65238e9e97253c0d3a",
	"iso_checksum_type": "sha1",
	"ssh_username": "packer",
	"ssh_password": "packer",
	"ssh_wait_timeout": "10m",
	"disk_size": "100000",
	"tools_upload_flavor": "linux",
	"guest_os_type": "centos-64",
	"remote_type": "esx5",
	"remote_username": "root",
	"remote_password": "",
	"remote_datastore": "synology.homeops.tech",
	"remote_cache_datastore": "datastore1",
	"remote_host": "esxi.homeops.tech",
	"ssh_wait_timeout": "1000s",
	"keep_registered": true,
	"headless": "false",
	"shutdown_command": "sudo /sbin/halt -p",
	"floppy_files": [
	"floppy/puppet.cfg"
	],
	"boot_command": [
	"<tab> inst.text inst.ks=hd:fd0:/puppet.cfg <enter><wait>"
	],
	"vmx_data": {
	"ethernet0.networkName": "VM Net",
	"config.version": 8,
	"virtualHW.version": 8,
	"ethernet0.present": "TRUE",
	"ethernet0.virtualDev": "e1000",
	"ethernet0.startConnected": "TRUE",
	"ethernet0.addressType": "generated",
	"ethernet0.generatedAddressOffset": "0",
	"ethernet0.wakeOnPcktRcv": "FALSE",
	"memsize": "3096",
	"cpuid.coresPerSocket": "1",
	"numvcpus": "4",
	"vhv.enable": "TRUE",
	"RemoteDisplay.vnc.enabled": "TRUE",
	"RemoteDisplay.vnc.port": "5900"
	}
	}
	]
	}
	#!/bin/bash -x
	wget https://yum.puppet.com/puppet6-release-el-7.noarch.rpm
	rpm -Uvh puppet6-release-el-7.noarch.rpm
	yum install puppet -y
	yum install puppetserver -y
	puppetserver ca setup
	systemctl start puppetserver