Skip to content

cloudfoundry/os-conf-release

3 Branches14 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

cf-rabbit-botcf-rabbit-bot
Update vendored dependencies
Mar 22, 2025
a5a2298 · Mar 22, 2025

History

297 Commits
.final_builds
.final_builds
Mar 21, 2025
ci
ci
Dec 30, 2024
config
config
Nov 6, 2024
jobs
jobs
Mar 11, 2025
manifests
manifests
Dec 12, 2016
packages
packages
Apr 16, 2016
releases/os-conf
releases/os-conf
Mar 21, 2025
sbin
sbin
May 27, 2021
src
src
Mar 22, 2025
.envrc
.envrc
Jun 20, 2018
.gitignore
.gitignore
Jun 21, 2018
LICENSE
LICENSE
Apr 15, 2016
NOTICE
NOTICE
Mar 7, 2017
README.md
README.md
Aug 21, 2020

Repository files navigation

BOSH Linux OS Configuration Release

Enables configuration of a typical Linux OS:

  • customize login banner text (job: login_banner)
  • add UNIX users to VM (job: user_add)
  • add system wide CA certificates (job: ca_certs)
  • configure resolv.conf search domain (job: resolv)
  • change TCP keepalive kernel args (job: tcp_keepalive)
  • apply arbitrary sysctls (job: sysctl)
  • disable port forwarding (job: harden_sshd)
    • Note: use with caution, as this can have unintended consequences on features such as SSH Access and Tunneling.

See https://github.com/cloudfoundry-incubator/windows-utilities-release for Windows OS configuration.

For a description of these and other functions, see jobs/.

Usage

Include the release:

releases:
  name: os-conf
  version: latest

Examples

In this example, we use BOSH's Runtime Config to customize login banner and create two users: first, an operator user with an encrypted password; second, a backup user with an ssh-key:

addons:
  - name: os-configuration
    jobs:
    - name: login_banner
      release: os-conf
      properties:
        login_banner:
          text: |
            Authorized Use Only.
            Unauthorized use will be prosecuted to the fullest extent of the law.
    - name: user_add
      release: os-conf
      properties:
        persistent_homes: true
        users:
        - name: backup
          public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbss5XtLYRYDeV8AmouVYOHmYPxPsN4F59fZnY4kJnimM3sk5TbP0ow19GMDppQOPzAQ1TcYH4sYhpnxwq5f32XYtw12rFnO8BatHISWIdjoEjHfdA1qLIMGouWZPbGIQ1qURbfJdR9e2shS7U/WSXD+AJ9Zy0ZKTsIvlukWSX8Nsxvfn7VaAFvhgI3YPmhjV3TCEVMDsWGbBXlMq+qiJt22JEOw+3dnrvfGzRUULGznO/8y4NvVQsQc5KGnJkeQWkmlOIrhUGYwd/hMn6zQEIxkR4elmwp+pjyLR0qYLUFjpMn2GJMG7lvTzF8SzQLhzTVrjW1E3nve2eCuJ5bB6/"
          shell: /bin/zsh # OPTIONAL: Defaults to `/bin/bash`
          sudo: false # OPTIONAL: Defaults to `true`

In this example, we configure our BOSH deployment manifest to configure the DNS search domain to pivotal.io and the TCP keepalive kernel settings:

instance_groups:
- name: network-infrastructure
  jobs:
  - name: tcp_keepalive
    release: os-conf
    properties:
      tcp_keepalive:
        time:     120
        interval:  30
        probes:     8
  - name: resolv
    release: os-conf
    properties:
      search: pivotal.io

See manifests/ and jobs/*/spec for more examples.

About

Additional Linux OS configuration release

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity
Custom properties

Stars

30 stars

Watchers

31 watching

Forks

48 forks
Report repository

Releases 12

v23.0.0 Latest
Mar 21, 2025
+ 11 releases

Packages

No packages published

Contributors 55

+ 41 contributors

Languages