Fix passwordless ssh, add onedns
parent
741c31d2d0
commit
3424e7fde1
|
@ -0,0 +1,19 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Dynamic DNS for OpenNebula
|
||||||
|
Wants=local-fs.target network.target opennebula.service
|
||||||
|
After=local-fs.target network.target opennebula.service
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
WorkingDirectory=/
|
||||||
|
Environment=HOME=/var/lib/one
|
||||||
|
ExecStart=/usr/local/bin/onedns --domain=$one_domain --one-secret= daemon --dns-address=$keepalived_virtual_ip --dns-port=53 --sync-interval=60
|
||||||
|
KillMode=process
|
||||||
|
Restart=always
|
||||||
|
StartLimitInterval=3
|
||||||
|
StartLimitIntervalSec=3
|
||||||
|
PrivateTmp=true
|
||||||
|
StandardOutput=syslog
|
|
@ -153,17 +153,41 @@ systemctl enable opennebula
|
||||||
systemctl enable opennebula-sunstone
|
systemctl enable opennebula-sunstone
|
||||||
systemctl restart opennebula
|
systemctl restart opennebula
|
||||||
systemctl restart opennebula-sunstone
|
systemctl restart opennebula-sunstone
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Setup onedns
|
||||||
|
envsubst < ./etc/systemd/system/onedns.service.env | \
|
||||||
|
ssh root@$play_host 'cat > /etc/systemd/system/onedns.service'
|
||||||
|
scp etc/sysctl.conf root@$play_host:/etc/
|
||||||
|
ssh root@$play_host <<EOF
|
||||||
|
set -e -x
|
||||||
|
[ -e onedns ] || git clone https://github.com/vitalif/onedns
|
||||||
|
cd onedns
|
||||||
|
DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confdef" \
|
||||||
|
-o Dpkg::Options::="--force-confold" install -y \
|
||||||
|
python-setuptools
|
||||||
|
python setup.py install
|
||||||
|
sysctl --load=/etc/sysctl.conf
|
||||||
|
systemctl enable onedns
|
||||||
|
systemctl restart onedns
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Setup passwordless ssh for `oneadmin` (authorized_keys and known_hosts)
|
||||||
|
ssh root@$play_host <<EOF
|
||||||
|
set -e -x
|
||||||
|
|
||||||
if [ ! -f /var/lib/one/.ssh/id_rsa.pub ]; then
|
if [ ! -f /var/lib/one/.ssh/id_rsa.pub ]; then
|
||||||
su - oneadmin -c ssh-keygen
|
su - oneadmin -c 'ssh-keygen -t rsa -f /root/.ssh/id_rsa -q -P ""'
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f /var/lib/one/.ssh/known_hosts ]; then
|
||||||
su - oneadmin -c 'ssh-keyscan localhost >> /var/lib/one/.ssh/known_hosts'
|
su - oneadmin -c 'ssh-keyscan localhost >> /var/lib/one/.ssh/known_hosts'
|
||||||
for host in $opennebula_hosts; do
|
for host in $opennebula_hosts; do
|
||||||
su - oneadmin -c "ssh-keyscan $host >> /var/lib/one/.ssh/known_hosts"
|
su - oneadmin -c "ssh-keyscan \$host >> /var/lib/one/.ssh/known_hosts"
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# Setup passwordless ssh for `oneadmin`
|
|
||||||
> tmp$$
|
> tmp$$
|
||||||
for host in $opennebula_hosts; do
|
for host in $opennebula_hosts; do
|
||||||
ssh root@$host 'cat /var/lib/one/.ssh/id_rsa.pub' >> tmp$$
|
ssh root@$host 'cat /var/lib/one/.ssh/id_rsa.pub' >> tmp$$
|
||||||
|
|
Loading…
Reference in New Issue