PenaDevops/cloud-init
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

prod yml and instruction

Browse Source
This commit is contained in:
skeris 2025-03-01 23:07:13 +03:00
parent 8b57d27820
commit 7f51f2892e
4 changed files with 172 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
README.md Normal file
View File

@ -0,0 +1,87 @@
### Настройка серверов
Пока мне не удалось заставить cloud-init работать как надо, а необходимость в стабильном конфигурировании серверов всё ещё присутствует, я решил просто записать подробно последовательность действий для настройки серверов для нашего проекта
## Общая настройка
- Создать пользователя runner, который будет обслуживать runner
- поставить podman и все необходимые штуки, для того, чтобы можно было организовывать в контейнерной сети внешний dns
- запустить runner в podman контейнере из под runner
- настроить базу от основного пользователя
- настроить автозапуск раннера при перезагрузке
- добавить настройки ssh для захода по нестандартному порту для default и runner
## Создание пользователя
Сперва создаём непосредственно пользователя. Ему нужен домашний каталог, чтобы в нём хранилась всякая конфигурационная штука для подмана
```
sudo adduser runner
```
## Установка podman
```
sudo apt install podman netavark aardvark-dns uidmap
sudo loginctl enable-linger 1001
systemctl --user start podman.socket
systemctl --user enable podman.socket
```
## Установка корневого сертификата пены
```
-----BEGIN CERTIFICATE-----
MIIEwjCCAyqgAwIBAgIRAKXIi5g2DSHUpDI3C86LWm8wDQYJKoZIhvcNAQELBQAw
eTEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMScwJQYDVQQLDB51YnVu
dHVAd2ctZ2l0ZWEtaW5mcmEgKFVidW50dSkxLjAsBgNVBAMMJW1rY2VydCB1YnVu
dHVAd2ctZ2l0ZWEtaW5mcmEgKFVidW50dSkwHhcNMjQxMTIzMTIyOTM3WhcNMzQx
MTIzMTIyOTM3WjB5MR4wHAYDVQQKExVta2NlcnQgZGV2ZWxvcG1lbnQgQ0ExJzAl
BgNVBAsMHnVidW50dUB3Zy1naXRlYS1pbmZyYSAoVWJ1bnR1KTEuMCwGA1UEAwwl
bWtjZXJ0IHVidW50dUB3Zy1naXRlYS1pbmZyYSAoVWJ1bnR1KTCCAaIwDQYJKoZI
hvcNAQEBBQADggGPADCCAYoCggGBALUspTvzBNH8Dha8YWAjdmtnrQ5wUhR3r3xU
2uwWeSu6NAKA2k79L9rUn1hKwu640XZjbbQaNHRukou/r95M1ovCvsYJxNAHjnGG
S2RiAnkwB9ubzKaXEJSFrLWEKMRqirMAhEs/lScX/RBEYaedS+gtoWkG8DCK2vVl
JRRdN7pcDqSf33O205c3vCLrU5Pd8Is099k6JnDf1BOEc4SqJUeUhTXKy2dGKu1Y
mmbo3c2YF6FDdkvDxpJl9Uz8KD5m4OQRy+htCEFo15ct5b7XKszWzQs6/fjPcU2B
vB3q/6Bh0shACFuN4vB9YYVmW/226SY9UITQxB48nNCMpISqKadDNJpaZ8tiKGkz
qTpp8bCV6SJae+5xOjMjf04ioI4jTZgLkVWSXNd1/6JuyPRGPq/dpic+ga7Jj4Wx
NFyIi7ZhwwsXw1d3/k4fSHtjaGHNwm5PYkZ6TF24gkvDgNAO2NGcqqDtZxsdhveK
z+IeoLMwUJNAmkjDuz9Ds1OtL0JFawIDAQABo0UwQzAOBgNVHQ8BAf8EBAMCAgQw
EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQULjOORnoWIUj1ACtnA529X3Wh
M2AwDQYJKoZIhvcNAQELBQADggGBAHHmqgHukvaCi6Oe7OG6hqzmuzjhUe+cqW6i
0iIoEfcWq6p1xyvWQRdRSJs0EaAqT4+hGR2lFqWAxVF1+6jyx+2t+dVtTevZjOvl
oNM6Z+x0ZbZK0dcwwn3JoIx94vnU+I9KlvaSu6jHVWO3pX2CNMeL0CuN40kDrcTp
sHcfGtbfQBJLOWLtkt30zITJ42uF2OjFPL8fJzTiIrDLoeOIiyL3mNIuZHISCQe2
iB8wTYHjmyk/dtlwYv4k/FJ4OpOHvVXOfmrkbknlcNOm3CsfJInvbECRBzbA4T36
rETPTfuM2CR7BK4hzE5gJeiQegIfZHvwGajaH2/GmHAtQbe9VPJ5Gk740gRA3BaO
z3OoZtjlonyJ7df/H1zzfpwRTBa2/hPEWqRRaPRVhiTAZh6JbyBB6l9GjVsCJ890
inp7JEzHNcLJwQIEkIruyJAGGipGir8FjqMmlwIj6tQkCUya6hFNeMSFdZZ9W0UD
8oRrVftF34fPfwj86iwXIB/Jc4I0QA==
-----END CERTIFICATE-----
sudo vim /usr/local/share/ca-certificates/pena.crt
sudo update-ca-certificates
```
### Установка баз
## MongoDB - надо ставить самостоятельно вытягивая установочник из dpkg, где она уже установлена
## Redis
```
sudo apt install redis-server
```
## Redpanda
```
curl -1sLf 'https://dl.redpanda.com/nzc4ZYQK3WRGd9sy/redpanda/cfg/setup/bash.deb.sh' | sudo -E bash
sudo apt install redpanda
```

29
frontprod.yml Normal file
View File

@ -0,0 +1,29 @@
#cloud-config
password: $6$fXN.tAcAXPJJfMCf$UGRNH9qee4r5StFVRsYSesjL53bdL2H8g9Wkk1Pp5pko2gwJpcDtuV847Zat3eNVtBeuER96HpcnOQQ17m1fK0
chpasswd: { expire: False }
ssh_pwauth: False
package_update: true
package_upgrade: true
package_reboot_if_required: true
users:
- default
- name: runner
primary_group: runner
groups: sudo
passwd: $6$fXN.tAcAXPJJfMCf$UGRNH9qee4r5StFVRsYSesjL53bdL2H8g9Wkk1Pp5pko2gwJpcDtuV847Zat3eNVtBeuER96HpcnOQQ17m1fK0
gecos: user for gitea act runner
shell: /bin/bash
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9puewe+/KbGnr8qyRkgzEBKhn5t7PP1LXyG+mKn+E1AwxmbiUVfJ6+UGz4hsSArlXWB43MSSAma9kFbVheFzHQ5J6iZCNr9J+7ZI8t0zMu2kr8uI7HMVrxGB5gPRWBE1iziLWGY/JkoCXHAb0326qeQWO9L8AKgj01tHLGYj7Ypth/06grJXApL98hQGcX0sNxhgxb/MrK1VtaxXmdvXcEmFe2QvkT5EF+4kGtDa6GlrSHQQtBaNR1BrrBL/fQj8hrcd+plq0PLcMcH4Jnv5BvT2Tw2ESIhXk7ArHAsMFIgsq3IOCQkc/BYjxdnJBvmU6RUWOnJY26IMzp1GPXkcp5riFc9zgMXawdzCKK+MOUIf9wW7Rqus142xaVixKy9WP3Q3lq3DqCrV2c7UiGaErVkVzjDCo//hQeshHPrOn6uVlqWbzn4PcQ7hmUfRaHsDPbFCkBJ9+m6nRRIWpHt3E3uWf/3lndVUAJcY+E5fPnP91ucwLtRMFawGnNga9uqM= skeris@skeris-Notebook
write_files:
- path: /etc/ssh/sshd_config.d/00-cloud-init.conf
content: |
Port 17822
packages:
- podman
- netavark
- uidmap
- aardvark-dns
- slirp4netns

24
hubprod.yml Normal file
View File

@ -0,0 +1,24 @@
#cloud-config
password: $6$fXN.tAcAXPJJfMCf$UGRNH9qee4r5StFVRsYSesjL53bdL2H8g9Wkk1Pp5pko2gwJpcDtuV847Zat3eNVtBeuER96HpcnOQQ17m1fK0
chpasswd: { expire: False }
ssh_pwauth: False
package_update: true
package_upgrade: true
package_reboot_if_required: true
users:
- default
- name: runner
primary_group: runner
groups: sudo
passwd: $6$fXN.tAcAXPJJfMCf$UGRNH9qee4r5StFVRsYSesjL53bdL2H8g9Wkk1Pp5pko2gwJpcDtuV847Zat3eNVtBeuER96HpcnOQQ17m1fK0
gecos: user for gitea act runner
shell: /bin/bash
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9puewe+/KbGnr8qyRkgzEBKhn5t7PP1LXyG+mKn+E1AwxmbiUVfJ6+UGz4hsSArlXWB43MSSAma9kFbVheFzHQ5J6iZCNr9J+7ZI8t0zMu2kr8uI7HMVrxGB5gPRWBE1iziLWGY/JkoCXHAb0326qeQWO9L8AKgj01tHLGYj7Ypth/06grJXApL98hQGcX0sNxhgxb/MrK1VtaxXmdvXcEmFe2QvkT5EF+4kGtDa6GlrSHQQtBaNR1BrrBL/fQj8hrcd+plq0PLcMcH4Jnv5BvT2Tw2ESIhXk7ArHAsMFIgsq3IOCQkc/BYjxdnJBvmU6RUWOnJY26IMzp1GPXkcp5riFc9zgMXawdzCKK+MOUIf9wW7Rqus142xaVixKy9WP3Q3lq3DqCrV2c7UiGaErVkVzjDCo//hQeshHPrOn6uVlqWbzn4PcQ7hmUfRaHsDPbFCkBJ9+m6nRRIWpHt3E3uWf/3lndVUAJcY+E5fPnP91ucwLtRMFawGnNga9uqM= skeris@skeris-Notebook
write_files:
- path: /etc/ssh/sshd_config.d/00-cloud-init.conf
content: |
Port 17822
packages:
- podman
- redis-server

32
quizprod.yml Normal file
View File

@ -0,0 +1,32 @@
#cloud-config
password: $6$fXN.tAcAXPJJfMCf$UGRNH9qee4r5StFVRsYSesjL53bdL2H8g9Wkk1Pp5pko2gwJpcDtuV847Zat3eNVtBeuER96HpcnOQQ17m1fK0
chpasswd: { expire: False }
ssh_pwauth: False
package_update: true
package_upgrade: true
package_reboot_if_required: true
users:
- default
- name: runner
primary_group: runner
groups: sudo
passwd: $6$fXN.tAcAXPJJfMCf$UGRNH9qee4r5StFVRsYSesjL53bdL2H8g9Wkk1Pp5pko2gwJpcDtuV847Zat3eNVtBeuER96HpcnOQQ17m1fK0
gecos: user for gitea act runner
shell: /bin/bash
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9puewe+/KbGnr8qyRkgzEBKhn5t7PP1LXyG+mKn+E1AwxmbiUVfJ6+UGz4hsSArlXWB43MSSAma9kFbVheFzHQ5J6iZCNr9J+7ZI8t0zMu2kr8uI7HMVrxGB5gPRWBE1iziLWGY/JkoCXHAb0326qeQWO9L8AKgj01tHLGYj7Ypth/06grJXApL98hQGcX0sNxhgxb/MrK1VtaxXmdvXcEmFe2QvkT5EF+4kGtDa6GlrSHQQtBaNR1BrrBL/fQj8hrcd+plq0PLcMcH4Jnv5BvT2Tw2ESIhXk7ArHAsMFIgsq3IOCQkc/BYjxdnJBvmU6RUWOnJY26IMzp1GPXkcp5riFc9zgMXawdzCKK+MOUIf9wW7Rqus142xaVixKy9WP3Q3lq3DqCrV2c7UiGaErVkVzjDCo//hQeshHPrOn6uVlqWbzn4PcQ7hmUfRaHsDPbFCkBJ9+m6nRRIWpHt3E3uWf/3lndVUAJcY+E5fPnP91ucwLtRMFawGnNga9uqM= skeris@skeris-Notebook
write_files:
- path: /etc/ssh/sshd_config.d/00-cloud-init.conf
content: |
Port 17822
packages:
- podman
- redis-server
- postgresql
- postgresql-contrib
runcmd:
- systemctl enable redis-server
- systemctl start postgresql
- systemctl enable postgresql