Skip to content

Commit 9cd6302

Browse files
adskyiprogeradskyiproger
committed
fix: Minor fixes to provision logic
1 parent ffc51a7 commit 9cd6302

File tree

3 files changed

+28
-3
lines changed

3 files changed

+28
-3
lines changed

infrastructure/server-setup/files/add-k8s-user.sh

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ K8S_CA_CERT="/etc/kubernetes/pki/ca.crt"
66
K8S_CA_KEY="/etc/kubernetes/pki/ca.key"
77
K8S_ADMIN_KUBECONFIG="/etc/kubernetes/admin.conf"
88
OUTPUT_BASE="./user-kubeconfigs"
9-
PUBLIC_API_SERVER_IP=${PUBLIC_API_SERVER_IP:-"localhost"}
9+
PUBLIC_API_SERVER_IP=${PUBLIC_API_SERVER_IP:-"91.99.202.110"} # <--- <<< replace with your public IP address
1010
API_SERVER_PORT="6443"
1111
ZIP_PASSWORD_PROMPT="Enter zip password (leave empty for no password): "
1212
ASK_PASSWORD=${ASK_PASSWORD:-yes}
@@ -16,7 +16,7 @@ if [ "$(id -u)" -ne 0 ]; then
1616
exit 1
1717
fi
1818
# ====== USERNAME INPUT ======
19-
USERNAME="${1:-}-$(hostname -s)"
19+
USERNAME="${1:-}"
2020
if [ -z "$USERNAME" ]; then
2121
read -rp "Enter username: " USERNAME
2222
[[ -z "$USERNAME" ]] && echo "Username cannot be empty!" && exit 1

infrastructure/server-setup/tasks/all/users.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -278,6 +278,14 @@
278278
- ansible_facts['distribution'] == 'Ubuntu'
279279
- ansible_facts['distribution_version'] == '24.04'
280280

281+
- name: Ensure privilege separation directory exists
282+
ansible.builtin.file:
283+
path: /run/sshd
284+
state: directory
285+
owner: root
286+
group: root
287+
mode: '0755'
288+
281289
- name: Check SSH config syntax
282290
ansible.builtin.command:
283291
cmd: sshd -t

infrastructure/server-setup/tasks/k8s/decrypt-on-boot.yml

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,23 @@
1414
content: |
1515
DISK_ENCRYPTION_KEY={{ disk_encryption_key }}
1616
17+
- name: Ensure destination directory exists
18+
ansible.builtin.file:
19+
path: /opt/opencrvs/scripts/cryptfs
20+
state: directory
21+
mode: '0755'
22+
owner: root
23+
group: root
24+
recurse: yes
25+
26+
- name: Install k8s-help script
27+
copy:
28+
src: ../cryptfs/decrypt.sh
29+
dest: "/opt/opencrvs/scripts/cryptfs/decrypt.sh"
30+
owner: "{{ ansible_user }}"
31+
group: 'application'
32+
mode: '0755'
33+
1734
- name: Copy reboot.service systemd file. Must decrypt disk on reboot
1835
ansible.builtin.copy:
1936
dest: /etc/systemd/system/reboot.service
@@ -25,7 +42,7 @@
2542
Description=Mount encrypted dir
2643
2744
[Service]
28-
ExecStart=bash /opt/opencrvs/infrastructure/cryptfs/decrypt.sh -key /root/disk-encryption-key.txt >> /var/log/cryptfs-reboot.log 2>&1
45+
ExecStart=bash /opt/opencrvs/scripts/cryptfs/decrypt.sh -key /root/disk-encryption-key.txt >> /var/log/cryptfs-reboot.log 2>&1
2946
3047
[Install]
3148
WantedBy=multi-user.target

0 commit comments

Comments
 (0)