Files
@ 5b6d00b0beab
Branch filter:
Location: majic-ansible-roles/roles/preseed/templates/preseed.cfg.j2 - annotation
5b6d00b0beab
4.4 KiB
text/plain
MAR-170: Always enforce use of HTTPS in the wsgi_server role:
- Dropped the enforce_https parameter.
- Updated tests.
- Updated release notes.
- Dropped the enforce_https parameter.
- Updated tests.
- Updated release notes.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 | 644df4147123 644df4147123 cc12c282bb3d 75810ce2ad3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d 644df4147123 cc12c282bb3d cc12c282bb3d 644df4147123 cc12c282bb3d cc12c282bb3d 644df4147123 cc12c282bb3d cc12c282bb3d 644df4147123 cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d 644df4147123 cc12c282bb3d 644df4147123 cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d 644df4147123 644df4147123 644df4147123 644df4147123 cc12c282bb3d cc12c282bb3d cc12c282bb3d 644df4147123 644df4147123 cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d 644df4147123 644df4147123 644df4147123 cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d 644df4147123 644df4147123 cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d 644df4147123 cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d cc12c282bb3d e705dde5e6c7 e705dde5e6c7 e705dde5e6c7 e705dde5e6c7 e705dde5e6c7 e705dde5e6c7 e705dde5e6c7 e705dde5e6c7 e705dde5e6c7 e705dde5e6c7 e705dde5e6c7 e705dde5e6c7 e705dde5e6c7 e705dde5e6c7 e705dde5e6c7 e705dde5e6c7 e705dde5e6c7 e705dde5e6c7 cc12c282bb3d cc12c282bb3d e705dde5e6c7 e705dde5e6c7 e705dde5e6c7 cc12c282bb3d cc12c282bb3d e705dde5e6c7 | {% set overrides = preseed_server_overrides[item] | default({}) %}
{% set network_auto = overrides["network_auto"] | default(preseed_network_auto) %}
#
# Pressed configuration file for Debian Stretch installation for server {{ item }}.
#
### Localization configuration
# Language.
d-i debian-installer/language string {{ overrides.language | default(preseed_language) }}
# Country.
d-i debian-installer/country string {{ overrides.country | default(preseed_country) }}
# Locale.
d-i debian-installer/locale string {{ overrides.locale | default(preseed_locale) }}
# Keyboard layout.
d-i keyboard-configuration/xkb-keymap select {{ overrides.keymap | default(preseed_keymap) }}
### Network configuration
# Network interface to configure.
d-i netcfg/choose_interface select {{ overrides.network_interface | default(preseed_network_interface) }}
{% if network_auto -%}
# DHCP network configuration.
d-i netcfg/disable_autoconfig boolean false
d-i netcfg/get_hostname string ignored-value
d-i netcfg/get_domain string ignored-value
{% else -%}
# Manual network configuration.
d-i netcfg/disable_autoconfig boolean true
d-i netcfg/get_ipaddress string {{ overrides.ip | default(preseed_ip) }}
d-i netcfg/get_netmask string {{ overrides.netmask | default(preseed_netmask) }}
d-i netcfg/get_gateway string {{ overrides.gateway | default(preseed_gateway) }}
d-i netcfg/get_nameservers string {{ overrides.dns | default(preseed_dns) }}
d-i netcfg/confirm_static boolean true
# Hostname and domain configuration.
d-i netcfg/get_hostname string {{ overrides.hostname | default(preseed_hostname) }}
d-i netcfg/get_domain string {{ overrides.domain | default(preseed_domain) }}
{% endif -%}
# Disable that annoying WEP key dialog.
d-i netcfg/wireless_wep string
### Mirror settings
d-i mirror/protocol string http
d-i mirror/country string manual
d-i mirror/http/hostname string {{ overrides.mirror_hostname | default(preseed_mirror_hostname) }}
d-i mirror/http/directory string {{ overrides.mirror_directory | default(preseed_mirror_directory) }}
d-i mirror/http/proxy string {{ overrides.mirror_proxy | default(preseed_mirror_proxy) }}
### Account setup
# Skip creation of regular user account.
d-i passwd/make-user boolean false
# Set root password.
d-i passwd/root-password password {{ overrides.root_password | default(preseed_root_password) }}
d-i passwd/root-password-again password {{ overrides.root_password | default(preseed_root_password) }}
### Clock and time zone setup
# Hardware clock is UTC.
d-i clock-setup/utc boolean true
# Timezone.
d-i time/zone string {{ overrides.timezone | default(preseed_timezone) }}
# Use NTP to set the time during installation.
d-i clock-setup/ntp boolean true
### Partitioning
# Use regular partitioning schema.
d-i partman-auto/method string regular
# All files in one partition.
d-i partman-auto/choose_recipe select atomic
# Wipe out all partitions.
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
d-i partman-md/device_remove_md boolean true
# Partition the disk without confirmation.
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
### Package selection
# Install standard packages and SSH server.
tasksel tasksel/first multiselect standard,ssh-server
### Boot loader installation
# This is fairly safe to set, it makes grub install automatically to the MBR
# if no other operating system is detected on the machine.
d-i grub-installer/only_debian boolean true
# This one makes grub-installer install to the MBR if it also finds some other
# OS, which is less safe as it might not be able to boot that other OS.
d-i grub-installer/with_other_os boolean true
# Due notably to potential USB sticks, the location of the MBR can not be
# determined safely in general, so this needs to be specified:
#d-i grub-installer/bootdev string /dev/sda
# To install to the first device (assuming it is not a USB stick):
d-i grub-installer/bootdev string default
### Finishing up the installation
# Deploy the Ansible ssh key to root's authorized_keys
d-i preseed/late_command string mkdir -m 700 /target/root/.ssh/; echo "{{ ansible_key }}" > /target/root/.ssh/authorized_keys; chmod 600 /target/root/.ssh/authorized_keys
# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note
|