From b7e476e6b359a8a0afd532d4ea63bf02f7d58690 Mon Sep 17 00:00:00 2001 From: Molly Lau Date: Mon, 25 Sep 2023 19:08:15 +0900 Subject: [PATCH] Create dhcp_interfaces.cfg --- .../RedHat/CloudInit/dhcp_interfaces.cfg | 71 +++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 Linux_reinstall/RedHat/CloudInit/dhcp_interfaces.cfg diff --git a/Linux_reinstall/RedHat/CloudInit/dhcp_interfaces.cfg b/Linux_reinstall/RedHat/CloudInit/dhcp_interfaces.cfg new file mode 100644 index 0000000..a505c3d --- /dev/null +++ b/Linux_reinstall/RedHat/CloudInit/dhcp_interfaces.cfg @@ -0,0 +1,71 @@ +#cloud-config +# CLOUD_IMG: This file was created/modified by the Cloud Image build process +# https://cloudinit.readthedocs.io/en/22.1_a/ +datasource_list: [ NoCloud, None ] + +# configure localization +locale: en_US.UTF-8 + +# configure timezone +timezone: TimeZone + +# configure root user +users: + - name: root + lock_passwd: false + shell: /bin/bash + +chpasswd: + expire: false + list: | + root:tmpWORD + users: + - name: root + password: tmpWORD + type: text + +# Despite cloud-init 22.1-9 supports version 2 of network configurations but the "renderers:" doesn't support "network-manager". +# https://cloudinit.readthedocs.io/en/22.1_a/topics/network-config.html#network-output-policy +system_info: + network: + renderers: ['sysconfig'] + +# The gateway of network for cloud-init 22.1-9 must be "gateway4"(for IPv4) or "gateway6"(for IPv6). +network: + version: 2 + ethernets: + networkAdapter: + dhcp4: true + dhcp6: true + +# later commands +# Replace ssh port, permit root user login by password, enable sshd service. +# Add new ssh port for firewalld. +# Stop and disable kdump service. +# Set hostname. +# Install dnf, epel repository. +# Install some common components. +# Configure fail2ban. +# Delete cloud-init config file itself and disable it permanently after first execution. +runcmd: + - sed -ri 's/^#?Port.*/Port sshPORT/g' /etc/ssh/sshd_config + - sed -ri 's/^#?PermitRootLogin.*/PermitRootLogin yes/g' /etc/ssh/sshd_config + - sed -ri 's/^#?PasswordAuthentication.*/PasswordAuthentication yes/g' /etc/ssh/sshd_config + - systemctl enable sshd + - ssh-keygen -A + - systemctl restart sshd + - sed -i '6i \ \ ' /etc/firewalld/zones/public.xml + - sed -i '7i \ \ ' /etc/firewalld/zones/public.xml + - systemctl enable firewalld + - firewall-cmd --reload + - systemctl stop kdump + - systemctl disable kdump + - hostnamectl set-hostname HostName + - yum install dnf epel-release -y + - dnf install curl dnsutils fail2ban file lrzsz net-tools vim wget -y + - sed -i '/^\[Definition\]/a allowipv6 = auto' /etc/fail2ban/fail2ban.conf + - sed -ri 's/^backend = auto/backend = systemd/g' /etc/fail2ban/jail.conf + - systemctl enable fail2ban + - systemctl restart fail2ban + - rm -rf /etc/cloud/cloud.cfg.d/99-fake_cloud.cfg + - touch /etc/cloud/cloud-init.disabled