07/24/2017

Cloud-init 初使用

Cloud-init 是一个服务器初始化定制的一个工具。它通过读取 metadata 的方法实现定制功能。在此贴出我的 #cloud-config 配置脚本 (Ubuntu).

默认新建一个无密码的 sudo 权限的账户并设置 SSHUFW 防火墙Docker,和个性化文件。此方法可以自动化完成所有 「全新 Ubuntu VPS 配置」里罗列的任务。

#cloud-config
users:
  - name: whale
    groups: sudo
    sudo: ALL=(ALL) NOPASSWD:ALL
    shell: /bin/bash
    ssh-import-id: ddhhz
hostname: do-whale
timezone: America/New_York
package_update: true
package_upgrade: true
packages:
  - screen
  - wget
  - zip
  - iftop
  - htop
  - ncdu
  - augeas-tools
runcmd:
  - NEW_USER=whale
  - SSH_PORT=1234
  - augtool --autosave "set /files/etc/ssh/sshd_config/Port $SSH_PORT"
  - augtool --autosave "set /files/etc/ssh/sshd_config/PermitRootLogin no"
  - augtool --autosave "set /files/etc/ssh/sshd_config/PermitEmptyPasswords yes"
  - augtool --autosave "set /files/etc/ssh/sshd_config/PasswordAuthentication no"
  - augtool --autosave "set /files/etc/ssh/sshd_config/AllowUsers/1 $NEW_USER"
  - ufw default deny incoming
  - ufw default allow outgoing
  - ufw allow $SSH_PORT/tcp
  - sed -i -e '/^ENABLED/s/^.*$/ENABLED=yes/' /etc/ufw/ufw.conf
  - curl -sSL https://get.docker.com/ | sh
  - usermod -aG docker $NEW_USER
  - docker run -d --name portainer --restart=always -p 127.0.0.1:9000:9000 -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer --no-auth
  - curl -sSL https://raw.githubusercontent.com/docker/compose/master/script/run/run.sh > /usr/local/bin/docker-compose
  - chmod +x /usr/local/bin/docker-compose
  - curl -sSL https://raw.githubusercontent.com/ZZROTDesign/docker-clean/master/docker-clean > /usr/local/bin/docker-clean
  - chmod +x /usr/local/bin/docker-clean
  - curl -sSL http://o.whe.me/ubuntu-customizations --compressed | sudo -H -u $NEW_USER sh
  - shutdown -r now
final_message: "The system is finally up, after $UPTIME seconds."

本文链接:https://blog.whe.me/post/cloud-init-configurations.html

-- EOF --

Comments

评论加载中...

注:如果长时间无法加载,请针对 disq.us | disquscdn.com | disqus.com 启用代理。