gistfile1.md
· 1.4 KiB · Markdown
Неформатований
* Install Debian
* Update and install necessary packages (or needed in template)
```bash
apt update
apt install open-vm-tools aptitude vim htop sudo -y
apt upgrade -y
```bash
* Add user to sudo group (in my scenario used for ansible)
```
usermod -aG sudo administrator
```
* Allow sudo without password
```
sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g'
```
* Cleanup VM for template
```
# cleanup current ssh keys so templated VMs get fresh key
sudo rm -f /etc/ssh/ssh_host_*
```
```
# add check for ssh keys on reboot...regenerate if neccessary
tee /etc/rc.local >/dev/null <<EOL
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
test -f /etc/ssh/ssh_host_dsa_key || dpkg-reconfigure openssh-server
exit 0
EOL
# make the script executable
chmod +x /etc/rc.local
```
```
# cleanup apt
apt clean
# reset the machine-id (DHCP leases in 18.04 are generated based on this... not MAC...)
echo "" | sudo tee /etc/machine-id >/dev/null
# disable swap
swapoff --all
sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab
# cleanup shell history and shutdown for templating
history -c
history -w
shutdown -h now
```
* Mark VM as a Template
* Test with Terraform
- Install Debian
- Update and install necessary packages (or needed in template)
apt update
apt install open-vm-tools aptitude vim htop sudo -y
apt upgrade -y
```bash
* Add user to sudo group (in my scenario used for ansible)
usermod -aG sudo administrator
* Allow sudo without password
sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g'
* Cleanup VM for template
cleanup current ssh keys so templated VMs get fresh key
sudo rm -f /etc/ssh/ssh_host_*
add check for ssh keys on reboot...regenerate if neccessary
tee /etc/rc.local >/dev/null <<EOL #!/bin/sh -e
rc.local
This script is executed at the end of each multiuser runlevel.
Make sure that the script will "" on success or any other
value on error.
In order to enable or disable this script just change the execution
bits.
By default this script does nothing.
test -f /etc/ssh/ssh_host_dsa_key || dpkg-reconfigure openssh-server exit 0 EOL
make the script executable
chmod +x /etc/rc.local
cleanup apt
apt clean
reset the machine-id (DHCP leases in 18.04 are generated based on this... not MAC...)
echo "" | sudo tee /etc/machine-id >/dev/null
disable swap
swapoff --all sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab
cleanup shell history and shutdown for templating
history -c history -w shutdown -h now
* Mark VM as a Template
* Test with Terraform