
#cloud-config
hostname: snapshot-ipv4-dhcp-el7
fqdn: snapshot-ipv4-dhcp-el7
manage_etc_hosts: true
users: []
runcmd:
- |
  echo "" > /etc/hostname
  
  hostname 
  
  cat > /etc/hosts << EOF
  127.0.0.1   snapshot-ipv4-dhcp-el7  localhost localhost.localdomain
  ::1     ip6-localhost ip6-loopback
  fe00::0 ip6-localnet
  ff00::0 ip6-mcastprefix
  ff02::1 ip6-allnodes
  ff02::2 ip6-allrouters
  EOF
- |
  
- |
  
  echo "Updating system time"
          systemctl enable --now chronyd
      /usr/bin/chronyc -a makestep
    [ -f /usr/sbin/hwclock ] && /usr/sbin/hwclock --systohc
- |
  rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
- |
  # registration_type = 'subscription_manager'
    
    echo "##############################################################"
    echo "################# SUBSCRIPTION MANAGER #######################"
    echo "##############################################################"
    echo
    echo "Starting the subscription-manager registration process"
  
    # Set up subscription-manager
    # Select package manager for the OS (sets the $PKG_MANAGER* variables)
  if [ -z "$PKG_MANAGER" ]; then
    if [ -f /etc/os-release ] ; then
      . /etc/os-release
    fi
    
    if [ "${NAME%.*}" = 'FreeBSD' ]; then
      PKG_MANAGER='pkg'
      PKG_MANAGER_INSTALL="${PKG_MANAGER} install -y"
      PKG_MANAGER_REMOVE="${PKG_MANAGER} delete -y"
      PKG_MANAGER_UPGRADE="${PKG_MANAGER} install -y"
    elif [ -f /etc/fedora-release -o -f /etc/redhat-release -o -f /etc/amazon-linux-release -o -f /etc/system-release ]; then
      PKG_MANAGER='dnf'
      if [ -f /etc/redhat-release -a "${VERSION_ID%.*}" -le 7 ]; then
        PKG_MANAGER='yum'
      elif [ -f /etc/system-release ]; then
        PKG_MANAGER='yum'
      fi
      PKG_MANAGER_INSTALL="${PKG_MANAGER} install -y"
      PKG_MANAGER_REMOVE="${PKG_MANAGER} remove -y"
      PKG_MANAGER_UPGRADE="${PKG_MANAGER} upgrade -y"
    elif [ -f /etc/debian_version ]; then
      PKG_MANAGER='apt-get'
      PKG_MANAGER_INSTALL="${PKG_MANAGER} -o 'Dpkg::Options::=--force-confdef' -o 'Dpkg::Options::=--force-confold' install -y"
      PKG_MANAGER_REMOVE="${PKG_MANAGER} remove -y"
      PKG_MANAGER_UPGRADE="${PKG_MANAGER} -o 'Dpkg::Options::=--force-confdef' -o 'Dpkg::Options::=--force-confold' -o APT::Get::Upgrade-Allow-New='true' upgrade -y"
    elif [ -f /etc/arch-release ]; then
      PKG_MANAGER='pacman'
      PKG_MANAGER_INSTALL="${PKG_MANAGER} --noconfirm -S"
      PKG_MANAGER_REMOVE="${PKG_MANAGER} --noconfirm -R"
      PKG_MANAGER_UPGRADE="${PKG_MANAGER} --noconfirm -S"
    elif [ x$ID = xopensuse-tumbleweed -o x$ID = xsles ]; then
      PKG_MANAGER='zypper'
      PKG_MANAGER_INSTALL="${PKG_MANAGER} --non-interactive install --auto-agree-with-licenses"
      PKG_MANAGER_REMOVE="${PKG_MANAGER} --non-interactive remove"
      PKG_MANAGER_UPGRADE="${PKG_MANAGER} --non-interactive update"
    fi
  fi
  
  # Define the path to rhsm.conf
  RHSM_CFG=/etc/rhsm/rhsm.conf
  
  
  
  # Prepare subscription-manager
  if ! [ -x "$(command -v subscription-manager)" ] ; then
    $PKG_MANAGER_INSTALL subscription-manager
  else
    echo "subscription-manager is already installed!"
    
  fi
  
  # Check if rhsm.conf exists
  if ! [ -f $RHSM_CFG ] ; then
    echo "'$RHSM_CFG' not found, cannot configure subscription-manager"
      exit 1
  fi
  
  
  # Configure subscription-manager
  test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak
  subscription-manager config \
    --server.hostname="subscription.rhsm.redhat.com" \
    --server.port="443" \
    --server.prefix="/subscription" \
    --rhsm.repo_ca_cert="/etc/rhsm/ca/redhat-uep.pem" \
    --rhsm.baseurl="https://cdn.redhat.com"
  
  # Older versions of subscription manager may not recognize
  # report_package_profile and package_profile_on_trans options.
  # So set them separately and redirect out & error to /dev/null
  # to fail silently.
  subscription-manager config --rhsm.package_profile_on_trans=1 > /dev/null 2>&1 || true
  subscription-manager config --rhsm.report_package_profile=1 > /dev/null 2>&1 || true
  
  # Configuration for EL6
  if grep --quiet full_refresh_on_yum $RHSM_CFG; then
    sed -i "s/full_refresh_on_yum\s*=.*$/full_refresh_on_yum = 1/g" $RHSM_CFG
  else
    full_refresh_config="#config for on-premise management\nfull_refresh_on_yum = 1"
    sed -i "/baseurl/a $full_refresh_config" $RHSM_CFG
  fi
  
  # Restart yggdrasild if installed and running
  systemctl try-restart yggdrasil >/dev/null 2>&1 || true
      # Avoid timeout accessing unreachable repo on air gapped infrastructure,
      #  assuming subscription-manager-syspurpose is installed in custom packages section.
      if ! rpm --query --quiet subscription-manager-syspurpose ; then
        $PKG_MANAGER_INSTALL subscription-manager-syspurpose
      fi
  
      if [ -f /usr/sbin/syspurpose ]; then
          syspurpose set-role "Red Hat Enterprise Linux Server"
          syspurpose set-usage "Development/Test"
          syspurpose set-sla "Self-Support"
      else
        echo "Syspurpose CLI not found."
      fi
    
      
        subscription-manager register --name="snapshot-ipv4-dhcp-el7" --org='Org' --activationkey='key'
    
    
      
    
    
    
- |
  freeipa_client=ipa-client
  /usr/sbin/sshd-keygen
  
  yum install -y libsss_sudo $freeipa_client
  
  ##
  ## IPA Client Installation
  ##
  
  
  freeipa_mkhomedir="--mkhomedir"
  
  
  
  # One-time password will be requested at install time. Otherwise, $HOST[OTP] is used as a placeholder value.
  /usr/sbin/ipa-client-install -w '$HOST[OTP]' --realm=freeipa.example.com -U $freeipa_mkhomedir $freeipa_opts $freeipa_server $freeipa_domain $freeipa_ssh
  
  ##
  ## Automounter
  ##
  
  
  
  ##
  ## Sudoers
  ##
  
  
  
  freeipa_client_version=$(ipa-client-install --version)
  freeipa_client_version_major=$(echo $freeipa_client_version | cut -f1 -d.)
  freeipa_client_version_minor=$(echo $freeipa_client_version | cut -f2 -d.)
  freeipa_realm=$(grep default_realm /etc/krb5.conf | cut -d"=" -f2 | tr -d ' ')
  freeipa_domain=$(grep -A 2 domain_realm /etc/krb5.conf | tail -n1 | awk '{print $1}')
  freeipa_dn=$(for word in $(echo $freeipa_domain | sed 's/\./ /g'); do echo -n dc=$word,; done)
  sssd_version=$(sssd --version)
  sssd_major=$(echo $sssd_version | cut -f1 -d.)
  sssd_minor=$(echo $sssd_version | cut -f2 -d.)
  LDAP_CONFIG=$(mktemp)
  
  # >=ipa-client-4.1.0 automatically configures sssd for sudo
  # =<ipa-client-3 requires manual configuration which this snippet takes care of
  
  if [ $freeipa_client_version_major -lt 4 ]
  then
    # Modify sssd.conf
    sed -i -e "s/services = .*/\0, sudo/" /etc/sssd/sssd.conf
  
    # Modify sssd.conf for sssd <1.11 (RHEL <6.6)
    if [ $sssd_minor -lt 11 ] || [ $sssd_major -lt 1 ]
    then
          krb5_server="_srv_"
      
  cat <<EOF > $LDAP_CONFIG
  sudo_provider = ldap
  ldap_uri = _srv_ $ldap_uri
  ldap_sudo_search_base = ou=SUDOers,${freeipa_dn%?}
  ldap_sasl_mech = GSSAPI
  ldap_sasl_authid = host/$HOSTNAME
  ldap_sasl_realm = $freeipa_realm
  krb5_server = $krb5_server
  EOF
    sed -i -e "/\[domain\/.*\]/ r $LDAP_CONFIG" /etc/sssd/sssd.conf
    fi
  
    # Modify nsswitch.conf
    grep -q sudoers /etc/nsswitch.conf
    if [[ $? -eq 0 ]];
    then
      sed -i -e "s/^sudoers.*/sudoers:    files sss/" /etc/nsswitch.conf
    else
      echo "sudoers:    files sss" >> /etc/nsswitch.conf
    fi
  
    # Configure nisdomain
        authconfig --nisdomain ${freeipa_domain} --update
      chkconfig sssd on
  
      if [[ $(rpm -qa systemd | wc -l) -gt 0 ]];
      then
        domain_service=/usr/lib/systemd/system/*-domainname.service
  
        # Workaround for BZ1071969 on RHEL 7.0
        grep -q "DefaultDependencies=no" $domain_service
        if [[ $? -ne 0 ]]
        then
          sed -i -e "s/\[Unit\]/\[Unit\]\nDefaultDependencies=no/" $domain_service
        fi
  
        systemctl start $(basename $domain_service)
        systemctl enable $(basename $domain_service)
      fi
    fi
  
  

- |
  
  # Select package manager for the OS (sets the $PKG_MANAGER* variables)
  if [ -z "$PKG_MANAGER" ]; then
    if [ -f /etc/os-release ] ; then
      . /etc/os-release
    fi
    
    if [ "${NAME%.*}" = 'FreeBSD' ]; then
      PKG_MANAGER='pkg'
      PKG_MANAGER_INSTALL="${PKG_MANAGER} install -y"
      PKG_MANAGER_REMOVE="${PKG_MANAGER} delete -y"
      PKG_MANAGER_UPGRADE="${PKG_MANAGER} install -y"
    elif [ -f /etc/fedora-release -o -f /etc/redhat-release -o -f /etc/amazon-linux-release -o -f /etc/system-release ]; then
      PKG_MANAGER='dnf'
      if [ -f /etc/redhat-release -a "${VERSION_ID%.*}" -le 7 ]; then
        PKG_MANAGER='yum'
      elif [ -f /etc/system-release ]; then
        PKG_MANAGER='yum'
      fi
      PKG_MANAGER_INSTALL="${PKG_MANAGER} install -y"
      PKG_MANAGER_REMOVE="${PKG_MANAGER} remove -y"
      PKG_MANAGER_UPGRADE="${PKG_MANAGER} upgrade -y"
    elif [ -f /etc/debian_version ]; then
      PKG_MANAGER='apt-get'
      PKG_MANAGER_INSTALL="${PKG_MANAGER} -o 'Dpkg::Options::=--force-confdef' -o 'Dpkg::Options::=--force-confold' install -y"
      PKG_MANAGER_REMOVE="${PKG_MANAGER} remove -y"
      PKG_MANAGER_UPGRADE="${PKG_MANAGER} -o 'Dpkg::Options::=--force-confdef' -o 'Dpkg::Options::=--force-confold' -o APT::Get::Upgrade-Allow-New='true' upgrade -y"
    elif [ -f /etc/arch-release ]; then
      PKG_MANAGER='pacman'
      PKG_MANAGER_INSTALL="${PKG_MANAGER} --noconfirm -S"
      PKG_MANAGER_REMOVE="${PKG_MANAGER} --noconfirm -R"
      PKG_MANAGER_UPGRADE="${PKG_MANAGER} --noconfirm -S"
    elif [ x$ID = xopensuse-tumbleweed -o x$ID = xsles ]; then
      PKG_MANAGER='zypper'
      PKG_MANAGER_INSTALL="${PKG_MANAGER} --non-interactive install --auto-agree-with-licenses"
      PKG_MANAGER_REMOVE="${PKG_MANAGER} --non-interactive remove"
      PKG_MANAGER_UPGRADE="${PKG_MANAGER} --non-interactive update"
    fi
  fi
  

- |
  echo "blacklist amodule" >> /etc/modprobe.d/blacklist.conf

- |
  if [ -f /usr/bin/dnf ]; then
    dnf -y install puppet
  else
    yum -t -y install puppet
  fi
  
  cat > /etc/puppet/puppet.conf << EOF
  [main]
  vardir = /var/lib/puppet
  logdir = /var/log/puppet
  rundir = /var/run/puppet
  ssldir = \$vardir/ssl
  
  [agent]
  pluginsync      = true
  report          = true
  certname        = snapshot-ipv4-dhcp-el7
  
  EOF
  
  
  puppet_unit=puppet
  /usr/bin/systemctl list-unit-files | grep -q puppetagent && puppet_unit=puppetagent
  /usr/bin/systemctl enable ${puppet_unit}
  
  # export a custom fact called 'is_installer' to allow detection of the installer environment in Puppet modules
  export FACTER_is_installer=true
  # passing a non-existent tag like "no_such_tag" to the puppet agent only initializes the node
  # You can select specific tag(s) with the "run-puppet-in-installer-tags" parameter
  # or set a full puppet run by setting "run-puppet-in-installer" = true
  echo "Performing initial puppet run for --tags no_such_tag"
  /usr/bin/puppet agent --config /etc/puppet/puppet.conf --onetime --tags no_such_tag  --no-daemonize

phone_home:
  url: http://foreman.example.com/unattended/built
  post: []
  tries: 10
