forked from m-lab/script-exporter-support
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcloud-config.yml
42 lines (36 loc) · 1.02 KB
/
cloud-config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#cloud-config
coreos:
units:
- name: docker.service
command: start
- name: apply-tc-rules.service
content: |
[Unit]
Description=Updates tc traffic shaping rules in the script-exporter container.
[Service]
Type=oneshot
ExecStart=/bin/docker exec script-exporter bash -c 'git -C /opt/mlab/operator pull && /bin/apply_tc_rules.sh'
- name: apply-tc-rules.timer
command: "start"
content: |
[Unit]
Description=Run apply-tc-rules.service daily.
[Timer]
OnCalendar=daily
[Install]
WantedBy=multi-user.target
write_files:
- path: /etc/ssh/sshd_config
permissions: 0600
owner: root:root
content: |
UsePrivilegeSeparation sandbox
Subsystem sftp internal-sftp
ClientAliveInterval 180
UseDNS no
UsePAM yes
PrintLastLog no # handled by PAM
PrintMotd no # handled by PAM
PasswordAuthentication no
ChallengeResponseAuthentication no
PermitRootLogin no