diff --git a/Containerfile b/Containerfile new file mode 100644 index 0000000..b2f3393 --- /dev/null +++ b/Containerfile @@ -0,0 +1,31 @@ +# Use official CentOS Stream 9 as base +FROM quay.io/centos/centos:stream9 + +# 1. Install system dependencies +RUN dnf -y update && \ + dnf install -y \ + gcc \ + python3.11 \ + python3.11-pip \ + python3-pip \ + git \ + rsync \ + vim \ + iputils \ + lorax \ + xorriso \ + && dnf clean all + + +# 2. Install modern Ansible using Python 3.11 +RUN python3.11 -m pip install --upgrade pip && \ + python3.11 -m pip install \ + "ansible-core>=2.16,<2.17" \ + netaddr \ + six + +# 3. Environment setup +RUN mkdir -p /build /mnt/ssh +WORKDIR /build + +CMD ["/bin/bash"] diff --git a/README.md b/README.md new file mode 100644 index 0000000..55f9fa0 --- /dev/null +++ b/README.md @@ -0,0 +1,245 @@ +# SEAPATH CentOS Stream 9 - Automated Deployment Guide + + +This guide provides a workflow to build custom **SEAPATH ISOs** and deploy them on **Physical Servers (Bare Metal)** or **Virtual Machines (Libvirt)**. + +> **Note:** All scripts (`.sh`) and configuration files (`.xml`, `.ks`) mentioned in this guide are located in the root of this repository. + + +### Prerequisites + +- Download the **CentOS Stream 9 ISO** and place it in the root of this repository. + + - Download from: [https://centos.org/download/#centos-stream-9](https://centos.org/download/#centos-stream-9) + +- **Optional:** The default password for `root` and `virtu` is `toto`. To change it, edit `seapath_kickstart.ks` and replace the hashed passwords. + + +## 1. Generating Custom ISOs + +In this phase, you will create **three unique ISOs** (one for each node). During this process, your host's SSH public key is automatically injected into the images for secure, passwordless access. + +### Build the Environment + +```Bash +sudo podman build -t centos4seapath . +``` + +### Generate the ISO + +This script creates `seapath-node1.iso`, `seapath-node2.iso`, and `seapath-node3.iso`. + + + +```Bash +sudo podman run --privileged --rm \ + --security-opt label=disable \ + -v /dev:/dev \ + -v $(pwd):/build:Z \ + -v /home/$(whoami)/.ssh:/mnt/ssh:ro,Z \ + -w /build \ + -it centos4seapath bash ./create_vm_isos.sh +``` + +---------- + + +## 2. Infrastructure Setup **[VM Specific]** + +If you are deploying on **Physical Hardware**, ensure your management switch is configured for the `192.168.124.0/24` range and skip this section. + +For **Virtual Machine** environments, we provide an automation script that defines the network, creates the bridges and prepares the virtual disks: + +```Bash +# This script uses the seapath-network.xml file found in this folder +./prepare_vm_host.sh +``` + +---------- + + +## 3. Boot the hosts with the ISO files. + +### Step 1: Booting the Hosts + +- **Physical Hardware:** Flash each ISO to a USB drive and boot the corresponding server. + +- **[VM Specific]:** Register and start the virtual nodes using our deployment script: + + + ```Bash + ./deploy_node.sh --cluster + sudo virsh -c qemu:///system start seapath-node-1 + sudo virsh -c qemu:///system start seapath-node-2 + sudo virsh -c qemu:///system start seapath-node-3 + ``` + + +> The `--cluster` option generates all 3 ISOs. Running `./deploy_node.sh` without parameters only generates 1 ISO. + +##### Automated Installation + +- Select **"Install CentOS Stream 9"** in the boot menu. +- The installation is 100% automated via Kickstart. The system will reboot once finished. + + ---------- +## 4. SSH Access & Connection + +Access is secured via **SSH**. Passwords are disabled for remote login. + +### How to Connect + +1. **Add your key to your local session:** + + ```Bash + ssh-add ~/.ssh/your_private_key + ``` + +2. **Login to a node:** **[VM Specific]** + + ```Bash + ssh root@192.168.124.2 # Node 1 + ``` + +#### Troubleshooting: "Identification Has Changed" **[VM Specific]** +If you reinstall a node, your host will detect a fingerprint mismatch. Clear the old record with: `ssh-keygen -R 192.168.124.2` + + +---------- + +## 5. SEAPATH Configuration (Ansible) + +Once nodes are online, run the SEAPATH hardening playbooks. + +### A. Clone the Seapath Ansible repository into the root of our repository: +```Bash + git clone https://github.com/seapath/ansible.git +``` + +### B. Run the Container with Host Networking **[VM Specific]** + +```Bash +sudo podman run --privileged --rm \ + --net=host \ + --security-opt label=disable \ + --mount type=bind,source=$(pwd)/ansible,target=/root/ansible/ \ + --mount type=bind,source=/home/$(whoami)/.ssh/,target=/root/.ssh/ \ + -it centos4seapath bash + +``` + +### C. Inside Container - Prepare and Execute **[VM Specific]** + + +```Bash +cd /root/ansible/ + +python3.9 -m pip install netaddr + +git config --global --add safe.directory /root/ansible + +./prepare.sh + +eval $(ssh-agent -s) + +ssh-add /root/.ssh/your_private_key_42 + +export ANSIBLE_HOST_KEY_CHECKING=False +``` + +### 6. Inventory Configuration + +Before running the playbook, you must customize the inventory file to map the Ansible variables to your virtual infrastructure. + +Edit the file `inventories/examples/seapath-standalone.yaml` to match the following configuration (example for **Node 1**): + + +```Diff +--- a/inventories/examples/seapath-standalone.yaml ++++ b/inventories/examples/seapath-standalone.yaml + node1: + + # Admin network settings +- ansible_host: 192.168.200.125 # administration IP. TODO +- network_interface: eno1 # Administration interface name. TODO +- gateway_addr: 192.168.200.1 # Administration Gateway. TODO +- dns_servers: 192.168.200.1 # DNS servers. Remove if not used. TODO ++ ansible_host: 192.168.124.2 # administration IP. ++ network_interface: enp1s0 # Administration interface name. ++ gateway_addr: 192.168.124.1 # Administration Gateway. ++ dns_servers: 192.168.124.1 # DNS servers. + subnet: 24 # Subnet mask in CIDR notation. + + # Time synchronisation +- ptp_interface: eno12419 # PTP interface receiving PTP frames. TODO ++ ptp_interface: enp1s0 # PTP interface receiving PTP frames. + ntp_servers: + - "185.254.101.25" # public NTP server example + + ansible_connection: ssh + ansible_python_interpreter: /usr/bin/python3 + ansible_remote_tmp: /tmp/.ansible/tmp +- ansible_user: ansible ++ ansible_user: virtu ++ ansible_ssh_private_key_file: /root/.ssh/your_private_key_42 + +``` + +> **Note:** In this virtual lab setup, `enp1s0` is the default management interface. If you are deploying on different hardware, verify the interface name using `ip addr`. + +Now that everything is prepared, run the playbook. +```Bash +ansible-playbook -i inventories/examples/seapath-standalone.yaml playbooks/seapath_setup_main.yaml +``` +-------- +## 7. Deployment: 3-Node Cluster Mode + +This mode enables High Availability and Distributed Storage with Ceph. It uses the Ring Topology simulated by the Linux bridges created in Step 2. + +### A. Inventory Configuration + +Before running the cluster setup, you must configure the inventory to match our virtual lab's network mapping. + +Edit the file `inventories/examples/seapath-cluster.yaml` with the following key values: + + +| Section | Variable | Value for Virtual Lab +|--|--|-- | +| **All Hosts** | `ansible_host` | `.2` (node1), `.3` (node2), `.4` (node3)| +|**Network** | `gateway_addr`|`192.168.124.1` +| **Interfaces** | `network_interface` |`enp1s0` +| **Ring Links** | `team0_0 / team0_1`| `enp2s0` and `enp3s0` (Data Ring) +| **Storage** | `ceph_osd_disk` | `/dev/disk/by-path/your_disk` +| **SSH** | `ansible_user` |`virtu` | + + +#### Identifying the Ceph Disk + +The Ceph OSD requires a dedicated disk. In this lab, we created a secondary 50GB disk. You need to find its unique path to ensure Ansible targets the correct device. + +1. Log into **Node 1** via SSH. + +2. Run the following command: + + ```Bash + ls -l /dev/disk/by-path/ | grep -v "part" + ``` + +3. Look for the disk that points to `sdb` (our secondary disk). **Example for this VM setup:** `ceph_osd_disk: "/dev/disk/by-path/pci-0000:00:1f.2-ata-3"` + +**Note:** This ID will vary depending on your virtual controller or physical hardware. Always verify it before running the playbook. + + +### B. Execution + +Inside the automation container, run the main playbook pointing to the cluster inventory: + +```Bash +ansible-playbook -i inventories/examples/seapath-cluster.yaml playbooks/seapath_setup_main.yaml +``` + +-------- +### Reset Lab Environment [VM Specific] +```Bash +./cleanup_vm_host.sh +``` diff --git a/cleanup_vm_host.sh b/cleanup_vm_host.sh new file mode 100755 index 0000000..f6e5cf7 --- /dev/null +++ b/cleanup_vm_host.sh @@ -0,0 +1,29 @@ +#!/usr/bin/bash +# [VM Specific] - Cleanup SEAPATH Lab Environment +echo "--- Starting full cleanup ---" + +# 1. Destroy and Undefine VMs +for i in 1 2 3; do + echo "Removing seapath-node-$i..." + sudo virsh -c qemu:///system destroy seapath-node-$i 2>/dev/null || true + sudo virsh -c qemu:///system undefine seapath-node-$i --nvram 2>/dev/null || true +done + +# 2. Remove Networks +for net in seapath-default hostbridge0 hostbridge1 hostbridge2; do + echo "Removing network $net..." + sudo virsh -c qemu:///system net-destroy $net 2>/dev/null || true + sudo virsh -c qemu:///system net-undefine $net 2>/dev/null || true +done + +# 3. Delete Bridges +for b in br0 br1 br2; do + echo "Deleting bridge $b..." + sudo ip link delete $b 2>/dev/null || true +done + +# 4. Delete Storage Files (The fix for the sudo rm problem) +echo "Deleting storage files and ISOs..." +sudo bash -c "rm -f /var/lib/libvirt/images/seapath*" + +echo "Cleanup complete!" diff --git a/create_vm_isos.sh b/create_vm_isos.sh new file mode 100755 index 0000000..5531f8c --- /dev/null +++ b/create_vm_isos.sh @@ -0,0 +1,50 @@ +#!/usr/bin/bash +# Script to build SEAPATH ISOs for Nodes 1, 2, and 3 +set -e + +# --- CONFIGURATION --- +KS_SOURCE="seapath_kickstart.ks" +ISO_BASE="CentOS-Stream-9-latest-x86_64-dvd1.iso" +INTERNAL_SSH_PATH=$(ls /mnt/ssh/*.pub 2>/dev/null | head -n1) + +# --- 1. ENVIRONMENT CHECK --- +echo "--- Checking environment ---" +if [ ! -f "$INTERNAL_SSH_PATH" ]; then + echo "ERROR: SSH Public Key not found at /mnt/ssh/" + exit 1 +fi + +if [ ! -f "$ISO_BASE" ]; then + echo "ERROR: Base ISO ($ISO_BASE) not found." + exit 1 +fi + +SSH_CONTENT=$(cat "$INTERNAL_SSH_PATH") + +# --- 2. GENERATION LOOP --- +for i in 1 2 3; do + echo "--- Preparing ISO for Node $i ---" + + KS_TMP="tmp_node$i.ks" + ISO_FINAL="seapath-node$i.iso" + + # Calculate IP (Node 1 = .2, Node 2 = .3, Node 3 = .4) + NODE_IP="192.168.124.$((i + 1))" + + cp "$KS_SOURCE" "$KS_TMP" + + # Inject SSH Keys and Node Specific Identity + sed -i "s|__SSH_KEY_VIRTU__|$SSH_CONTENT|g" "$KS_TMP" + sed -i "s|__SSH_KEY_ANSIBLE__|$SSH_CONTENT|g" "$KS_TMP" + sed -i "s|__SSH_KEY_ROOT__|$SSH_CONTENT|g" "$KS_TMP" + sed -i "s|__HOSTNAME__|node$i|g" "$KS_TMP" + sed -i "s|__NODE_IP__|$NODE_IP|g" "$KS_TMP" + + echo "--- Running mkksiso for Node $i ---" + mkksiso --ks "$KS_TMP" "$ISO_BASE" "$ISO_FINAL" + + rm "$KS_TMP" + echo "--- SUCCESS: $ISO_FINAL created ---" +done + +echo "--- ALL ISOs GENERATED SUCCESSFULLY ---" diff --git a/deploy_node.sh b/deploy_node.sh new file mode 100755 index 0000000..b025d8b --- /dev/null +++ b/deploy_node.sh @@ -0,0 +1,56 @@ +#!/usr/bin/bash +# SEAPATH VM Deployment Script for individual ISOs +# Usage: ./deploy_node.sh [--cluster] + +set -e + +CURRENT_DIR="/var/lib/libvirt/images" +TEMPLATE="virtualized_node_example.xml" + +# Check if user wants a cluster or standalone +if [[ "$1" == "--cluster" ]]; then + NUM_NODES=3 + echo "--- Preparing deployment for a 3-node CLUSTER ---" +else + NUM_NODES=1 + echo "--- Preparing deployment for a STANDALONE node ---" +fi + +for i in $(seq 1 $NUM_NODES); do + NODE_NAME="seapath-node-$i" + XML_FINAL="$NODE_NAME.xml" + B_A="hostbridge$((i - 1))" + B_B="hostbridge$((i % 3))" + + echo "------------------------------------------------" + echo "Configuring $NODE_NAME..." + + # 1. Copy template + cp "$TEMPLATE" "$XML_FINAL" + + # 2. Cleanup: Remove UUID from the final XML to avoid conflicts + sed -i '//d' "$XML_FINAL" + + # 3. Replace placeholders + sed -i "s|seapath-node-TEMPLATE|$NODE_NAME|g" "$XML_FINAL" + sed -i "s|__ISO_PATH__|$CURRENT_DIR|g" "$XML_FINAL" + sed -i "s|__DISK_PATH__|$CURRENT_DIR|g" "$XML_FINAL" + + sed -i "s|__BRIDGE_A__|$B_A|g" "$XML_FINAL" + sed -i "s|__BRIDGE_B__|$B_B|g" "$XML_FINAL" + + # 4. Match the disk and ISO names (Crucial fix here) + sed -i "s|seapath.iso|seapath-node$i.iso|g" "$XML_FINAL" + sed -i "s|seapath-node-os.qcow2|seapath-node$i-os.qcow2|g" "$XML_FINAL" + sed -i "s|seapath-node-ceph.qcow2|seapath-node$i-ceph.qcow2|g" "$XML_FINAL" + + # 5. Define the VM in Libvirt (System Scope) + sudo virsh -c qemu:///system define "$XML_FINAL" +done + +echo "------------------------------------------------" +echo "--- Deployment configuration finished ---" +echo "Next steps:" +echo "1. Verify your disks and ISOs are in $CURRENT_DIR" +echo "2. Start your nodes: sudo virsh -c qemu:///system start seapath-node-X" +echo "------------------------------------------------" diff --git a/prepare_vm_host.sh b/prepare_vm_host.sh new file mode 100755 index 0000000..88dd760 --- /dev/null +++ b/prepare_vm_host.sh @@ -0,0 +1,52 @@ +#!/usr/bin/bash +# [VM Specific] - Setup Network and Storage for SEAPATH Lab +set -e + +DEST_DIR="/var/lib/libvirt/images" + +echo "--- 1. Setting up Management Network ---" +if [ -f "seapath-network.xml" ]; then + sudo virsh -c qemu:///system net-define seapath-network.xml || true + sudo virsh -c qemu:///system net-start seapath-default || true + sudo virsh -c qemu:///system net-autostart seapath-default || true +else + echo "ERROR: seapath-network.xml not found in current directory." + exit 1 +fi + +echo "--- 2. Setting up Cluster Bridges ---" +for i in 0 1 2; do + echo "Creating bridge br$i..." + sudo ip link add br$i type bridge || true + sudo ip link set br$i up + sudo ip link set dev br$i mtu 9000 + + # Create temporary XML for the bridge + cat <"tmp-bridge-$i.xml" + + hostbridge$i + + + +EOF + sudo virsh -c qemu:///system net-define "tmp-bridge-$i.xml" || true + sudo virsh -c qemu:///system net-start "hostbridge$i" || true + rm "tmp-bridge-$i.xml" +done + +echo "--- 3. Preparing Storage and ISOs ---" +# Move the 3 ISOs to the libvirt folder +for i in 1 2 3; do + if [ -f "seapath-node$i.iso" ]; then + sudo mv "seapath-node$i.iso" "$DEST_DIR/" + fi + + echo "Creating virtual disks for Node $i..." + sudo qemu-img create -f qcow2 "$DEST_DIR/seapath-node$i-os.qcow2" 100G + sudo qemu-img create -f qcow2 "$DEST_DIR/seapath-node$i-ceph.qcow2" 50G +done + +# Change ownership for the QEMU driver +sudo bash -c "chown qemu:qemu $DEST_DIR/seapath-node*" + +echo "--- DONE: Host infrastructure is ready! ---" diff --git a/seapath-network.xml b/seapath-network.xml new file mode 100644 index 0000000..0f24b22 --- /dev/null +++ b/seapath-network.xml @@ -0,0 +1,11 @@ + + seapath-default + + + + + + + + + diff --git a/seapath_kickstart.ks b/seapath_kickstart.ks new file mode 100644 index 0000000..654366d --- /dev/null +++ b/seapath_kickstart.ks @@ -0,0 +1,263 @@ +# Installation process +text +reboot +cdrom + +# localization +lang en_US +keyboard --xlayouts='us' +timezone America/New_York --utc + + +# System bootloader configuration +bootloader --append="quiet crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M console=ttyS0,115200 console=tty0 efi=runtime ipv6.disable=1" + +# --- DYNAMISM: Including configurations generated at boot --- +%include /tmp/disk-config +%include /tmp/network-config + + +# Do not configure the X Window System +skipx + +# system services +services --disabled=corosync,pacemaker +services --enabled=openvswitch + +# Users +# UPDATE: The password is "toto" for all users +user --uid=1006 --gid=1006 --groups=wheel --name=virtu --iscrypted --password="$6$BZGBti/HRUWlyHhY$8zI5CFPcuBJw7pKupU4d9QLTqphBDyDpkW8zMySquiKO/qcRZoEcqvCJraJXJ5y0sdNdJ2vHb6.z/UvvLJSrM/" + +user --uid=1005 --gid=1005 --groups=wheel,haclient --name=ansible --iscrypted --password="$6$BZGBti/HRUWlyHhY$8zI5CFPcuBJw7pKupU4d9QLTqphBDyDpkW8zMySquiKO/qcRZoEcqvCJraJXJ5y0sdNdJ2vHb6.z/UvvLJSrM/" + +user --uid=902 --gid=902 --name=Centos-snmp + +rootpw --iscrypted $6$2Aj/yELlJst1TZMM$3JVT2YYjrbMpNGoHs.2O.SvcbtGSZqQvz5Ot5CdDmU/IsRFASnSqmlvS8bg8eGoOHmQ5i7dak0VWQWtziqYjh0 + + +# ssh keys +# UPDATE: input your ssh-keys for +sshkey --username=virtu "__SSH_KEY_VIRTU__" +sshkey --username=ansible "__SSH_KEY_ANSIBLE__" +sshkey --username=root "__SSH_KEY_ROOT__" + +# adding needed repositories + +# CentOS addons +repo --name=HighAvailability --mirrorlist=https://mirrors.centos.org/metalink?repo=centos-highavailability-$stream&arch=$basearch&protocol=https,http --install + +repo --name=Realtime --mirrorlist=https://mirrors.centos.org/metalink?repo=centos-rt-$stream&arch=$basearch&protocol=https,http --install + +repo --name=CentOS-NFV --mirrorlist=https://mirrors.centos.org/metalink?repo=centos-nfv-$stream&arch=$basearch&protocol=https,http --install + +# Docker +repo --name=Docker --baseurl=https://download.docker.com/linux/centos/9/x86_64/stable/ --install + +# Fedora epel +repo --name=fedora_epel --baseurl=https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/ --install --cost=2 + + +# OpenVSwitch +repo --name=rdo-release --mirrorlist=https://mirrors.centos.org/metalink?repo=centos-cloud-sig-openstack-yoga-9-stream&arch=x86_64 --install --cost=3 + +repo --name=centos-nfv-sig-openvswitch --mirrorlist=https://mirrors.centos.org/metalink?repo=centos-nfv-sig-openvswitch-2-9-stream&arch=x86_64 --install --cost=4 + +# Ceph +repo --name=Ceph_x86 --baseurl=https://mirror.stream.centos.org/SIGs/9-stream/storage/x86_64/ceph-pacific/ --install --cost=5 + + +%packages +linux-firmware +microcode_ctl +at +audispd-plugins +audit +bridge-utils +ca-certificates +chrony +curl +docker-ce +docker-ce-cli +containerd.io +pcp-system-tools +gnupg +hddtemp +irqbalance +jq +lbzip2 +linuxptp +net-tools +openssh-server +edk2-ovmf +python3-dnf +python3-cffi +python3-setuptools +net-snmp +net-snmp-utils +sudo +sysfsutils +syslog-ng +sysstat +vim +wget +rsync +pciutils +conntrack-tools + +busybox +python-gunicorn +ipmitool +nginx +ntfs-3g +python3-flask-wtf +corosync +pacemaker +openvswitch + +kernel-rt +grubby +qemu-kvm + +ceph +ceph-base +ceph-common +ceph-mgr +ceph-mon +ceph-osd +libcephfs2 +libvirt +libvirt-daemon +libvirt-daemon-driver-storage-rbd +python3-ceph-argparse +python3-cephfs +tuna + +tuned +tuned-profiles-nfv +tuned-profiles-realtime + +virt-install + +pcs +pcs-snmp + +systemd-networkd +systemd-resolved +systemd-timesyncd + +openscap-scanner +openscap +scap-security-guide + +#for crmsh build +@development + +#libvirt-clients +#docker-compose +#lm-sensors + +@virtualization-hypervisor + +%end + +%pre +# 1. DISK DISCOVERY +# Finds the first available disk that is not the installer +TARGET_DISK=$(lsblk -dno NAME,TYPE | grep disk | head -n1 | awk '{print $1}') + +cat < /tmp/disk-config +ignoredisk --only-use=/dev/$TARGET_DISK +zerombr +clearpart --all --initlabel +reqpart --add-boot +part pv.0 --fstype=lvmpv --ondisk=/dev/$TARGET_DISK --size=20992 +part /boot/efi --fstype=efi --ondisk=/dev/$TARGET_DISK --size=512 --asprimary +volgroup vg1 --pesize=4096 pv.0 +logvol / --vgname=vg1 --name=vg1-root --fstype=ext4 --size=12288 +logvol /var --vgname=vg1 --name=vg1-var --fstype=ext4 --size=1024 +logvol /var/log --vgname=vg1 --name=vg1-varlog --fstype=ext4 --size=3120 +logvol /var/log/audit --vgname=vg1 --name=vg1-varlogaudit --fstype=ext4 --size=2000 +logvol /home --vgname=vg1 --name=vg1-home --fstype=ext4 --size=1024 +logvol /srv --vgname=vg1 --name=vg1-srv --fstype=ext4 --size=512 +logvol /var/tmp --vgname=vg1 --name=vg1-vartmp --fstype=ext4 --size=512 +logvol swap --vgname=vg1 --name=vg1-swap --fstype=swap --size=500 +EOF + +# 2. NETWORK CONFIGURATION (Injected by create_vm_isos.sh) +# Find the first active network interface. +INTERFACE=$(ls /sys/class/net | grep -v lo | head -n1) + +# The placeholders __NODE_IP__ and __HOSTNAME__ will be replaced by the shell script. +echo "network --device=$INTERFACE --bootproto=static --ip=__NODE_IP__ --netmask=255.255.255.0 --gateway=192.168.124.1 --nameserver=8.8.8.8 --hostname=__HOSTNAME__ --activate --onboot=on" > /tmp/network-config +%end + +# additional file changes +%post +cat < /etc/motd + ____ _____ _ ____ _ _____ _ _ +/ ___|| ____| / \ | _ \ / \|_ _| | | | +\___ \| _| / _ \ | |_) / _ \ | | | |_| | + ___) | |___ / ___ \| __/ ___ \| | | _ | +|____/|_____/_/ \_\_| /_/ \_\_| |_| |_| +EOF + +cat < /tmp/Docker_gpg +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFit5IEBEADDt86QpYKz5flnCsOyZ/fk3WwBKxfDjwHf/GIflo+4GWAXS7wJ +1PSzPsvSDATV10J44i5WQzh99q+lZvFCVRFiNhRmlmcXG+rk1QmDh3fsCCj9Q/yP +w8jn3Hx0zDtz8PIB/18ReftYJzUo34COLiHn8WiY20uGCF2pjdPgfxE+K454c4G7 +gKFqVUFYgPug2CS0quaBB5b0rpFUdzTeI5RCStd27nHCpuSDCvRYAfdv+4Y1yiVh +KKdoe3Smj+RnXeVMgDxtH9FJibZ3DK7WnMN2yeob6VqXox+FvKYJCCLkbQgQmE50 +uVK0uN71A1mQDcTRKQ2q3fFGlMTqJbbzr3LwnCBE6hV0a36t+DABtZTmz5O69xdJ +WGdBeePCnWVqtDb/BdEYz7hPKskcZBarygCCe2Xi7sZieoFZuq6ltPoCsdfEdfbO ++VBVKJnExqNZCcFUTEnbH4CldWROOzMS8BGUlkGpa59Sl1t0QcmWlw1EbkeMQNrN +spdR8lobcdNS9bpAJQqSHRZh3cAM9mA3Yq/bssUS/P2quRXLjJ9mIv3dky9C3udM ++q2unvnbNpPtIUly76FJ3s8g8sHeOnmYcKqNGqHq2Q3kMdA2eIbI0MqfOIo2+Xk0 +rNt3ctq3g+cQiorcN3rdHPsTRSAcp+NCz1QF9TwXYtH1XV24A6QMO0+CZwARAQAB +tCtEb2NrZXIgUmVsZWFzZSAoQ0UgcnBtKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3 +BBMBCgAhBQJYrep4AhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEMUv62ti +Hp816C0P/iP+1uhSa6Qq3TIc5sIFE5JHxOO6y0R97cUdAmCbEqBiJHUPNQDQaaRG +VYBm0K013Q1gcJeUJvS32gthmIvhkstw7KTodwOM8Kl11CCqZ07NPFef1b2SaJ7l +TYpyUsT9+e343ph+O4C1oUQw6flaAJe+8ATCmI/4KxfhIjD2a/Q1voR5tUIxfexC +/LZTx05gyf2mAgEWlRm/cGTStNfqDN1uoKMlV+WFuB1j2oTUuO1/dr8mL+FgZAM3 +ntWFo9gQCllNV9ahYOON2gkoZoNuPUnHsf4Bj6BQJnIXbAhMk9H2sZzwUi9bgObZ +XO8+OrP4D4B9kCAKqqaQqA+O46LzO2vhN74lm/Fy6PumHuviqDBdN+HgtRPMUuao +xnuVJSvBu9sPdgT/pR1N9u/KnfAnnLtR6g+fx4mWz+ts/riB/KRHzXd+44jGKZra +IhTMfniguMJNsyEOO0AN8Tqcl0eRBxcOArcri7xu8HFvvl+e+ILymu4buusbYEVL +GBkYP5YMmScfKn+jnDVN4mWoN1Bq2yMhMGx6PA3hOvzPNsUoYy2BwDxNZyflzuAi +g59mgJm2NXtzNbSRJbMamKpQ69mzLWGdFNsRd4aH7PT7uPAURaf7B5BVp3UyjERW +5alSGnBqsZmvlRnVH5BDUhYsWZMPRQS9rRr4iGW0l+TH+O2VJ8aQ +=0Zqq +-----END PGP PUBLIC KEY BLOCK----- +EOF + +echo "EDITOR=vim" >> /etc/environment +echo "SYSTEMD_EDITOR=vim" >> /etc/environment +echo "PermitRootLogin yes" >> /etc/ssh/sshd_config +rpm -import /tmp/Docker_gpg + +echo "Defaults:ansible !requiretty" >> /etc/sudoers +echo "ansible ALL=NOPASSWD:EXEC:SETENV: /bin/sh" >> /etc/sudoers +echo "ansible ALL=NOPASSWD: /usr/bin/rsync" >> /etc/sudoers +echo "ansible ALL=NOPASSWD: /usr/local/bin/crm" >> /etc/sudoers +echo "ansible ALL=NOPASSWD: /usr/bin/ceph" >> /etc/sudoers + +echo "virtu ALL=NOPASSWD: ALL" >> /etc/sudoers + +cat < /etc/profile.d/custom-path.sh +PATH=$PATH:/usr/local/bin/ +EOF + +git clone --depth 1 --branch 4.6.0 https://github.com/ClusterLabs/crmsh.git /tmp/crmsh +cd /tmp/crmsh +./autogen.sh +./configure +make +make install +ln -s /usr/local/bin/crm /usr/bin/crm +mkdir -p /var/log/crmsh/ + +grubby --set-default-index=0 + +%end