hashipi

Raspberry Pi Test Cluster for HashiCorp Vault, Nomad and Consul
git clone https://git.in0rdr.ch/hashipi.git
Log | Files | Refs | Pull requests |Archive | README

commit 65c21d77408f752dff6e3b098f3cb1f42b1bf657
parent a190d53390ccd6a203dbae619fe06b07fe7d2826
Author: Andreas Gruhler <agruhl@gmx.ch>
Date:   Mon, 28 Jul 2025 19:55:23 +0200

fix(intel): PermitRootLogin to run bootstrap scripts

Diffstat:
Mconfig/preseed.cfg | 22++++++++++++++--------
Mhashi-pi.pkr.hcl | 2+-
2 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/config/preseed.cfg b/config/preseed.cfg @@ -62,19 +62,19 @@ d-i partman-auto-lvm/guided_size string max d-i partman-lvm/confirm boolean true d-i partman-lvm/confirm_nooverwrite boolean true -# Disable root account +# Create root account for bootstrap scripts d-i passwd/root-login boolean true +# disable root password login d-i passwd/root-password-crypted password !disabled -d-i passwd/make-user boolean true ### Account setup +d-i passwd/make-user boolean true d-i passwd/username string in0rdr d-i passwd/user-fullname string in0rdr d-i passwd/user-uid string 1000 d-i passwd/user-default-groups string sudo +# disable user password login d-i passwd/user-password-crypted password !disabled -#d-i passwd/user-password password pi -#d-i passwd/user-password-again password pi # The installer will warn about weak passwords. If you are sure you know # what you're doing and want to override it, uncomment this. @@ -86,9 +86,14 @@ tasksel tasksel/first multiselect standard, ssh-server d-i pkgsel/include string openssh-server build-essential sudo d-i pkgsel/upgrade select full-upgrade -# allow ssh root login -#d-i preseed/late_command string \ -# in-target sed -i 's/^.*PermitRootLogin.*/PermitRootLogin yes/g' /etc/ssh/sshd_config +# Allow ssh root login +d-i preseed/late_command string \ + in-target sed -i 's/^.*PermitRootLogin.*/PermitRootLogin yes/g' /etc/ssh/sshd_config + +# Configure sudoers and ssh pubkeys d-i preseed/late_command string \ + echo 'in0rdr ALL=(ALL) NOPASSWD:ALL' > /target/etc/sudoers.d/90-preseed ; \ in-target sh -c 'mkdir -p /home/in0rdr/.ssh'; \ - in-target sh -c 'echo $pubkey > /home/in0rdr/.ssh/authorized_keys'; + in-target sh -c 'echo $pubkey > /home/in0rdr/.ssh/authorized_keys'; \ + in-target sh -c 'mkdir -p /root/.ssh'; \ + in-target sh -c 'echo $pubkey > /root/.ssh/authorized_keys'; +\ No newline at end of file diff --git a/hashi-pi.pkr.hcl b/hashi-pi.pkr.hcl @@ -204,7 +204,7 @@ source "qemu" "hashiintel" { output_directory = "${var.hostname}" shutdown_command = "echo 'debian' | sudo -S shutdown -P now" ssh_timeout = "15m" - ssh_username = "in0rdr" + ssh_username = "root" ssh_private_key_file = "/home/andi/.ssh/id_ed25519" vm_name = "${var.hostname}.qcow2" }