[Chester LUG] Digitalocean users.. a question
Stuart Burns
stuart.james.burns at gmail.com
Thu Jul 30 12:54:45 UTC 2015
Ok so I want to do two things (and this is the challenge)
I want to automate virtualhost configs. They are trivial and repetative but
easy to fat finger. Script to create a db user followed by a virtual host
file creation and a2ensite, reload and it should be good. How could
ansible/whatever be more efficient.
Secondly how do I integrate it from my desktops so I can just pop out a
master server with tuned/pre set configs ? Oh and I want versioning too ;)
If you can tell me how to do that lot simply and easily I will retract my
thus truthful statement re: Ansible et all.
On 30 July 2015 at 13:47, Michael Crilly <michael at mcrilly.me> wrote:
> Niche? Virtually industry standard alongside Puppet.
>
> Unworkable? I've got it automatically provisioning entire environments
> with HAProxy, NodeJS apps, MongoDB, Java apps, MySQL, the lot.
>
> Whatever happened to a tradesmen never blaming his tools?
>
> Also, OSS generally accepts pull requests for bugs and improvements - hop
> to it ;-)
> On 30 Jul 2015 10:45 pm, "Stuart Burns" <stuart.james.burns at gmail.com>
> wrote:
>
>> We woud Mike if it wasn't so friggin' niche and unworkable for the most
>> part ;)
>>
>>
>> On 30 July 2015 at 13:42, Michael Crilly <michael at mcrilly.me> wrote:
>>
>>> Steve,
>>>
>>> Consider uses Vagrant for testing and development. It'll run the VM
>>> locally and cost you nothing.
>>> On 30 Jul 2015 10:41 pm, "Steve Lilley" <steve.lilley at beebl.co.uk>
>>> wrote:
>>>
>>>> I personally feel as safe logging in as root with a key (and 2 factor
>>>> on DO) then I do logging on with a password as a normal user If that user
>>>> is setup to sudo anyway. Then again I only use it for test and dev.
>>>>
>>>>
>>>>
>>>> Steve
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *From:* Chester [mailto:chester-bounces at mailman.lug.org.uk] *On Behalf
>>>> Of *Les Pritchard
>>>> *Sent:* 30 July 2015 13:24
>>>> *To:* chester <chester at mailman.lug.org.uk>
>>>> *Subject:* Re: [Chester LUG] Digitalocean users.. a question
>>>>
>>>>
>>>>
>>>> Yes, I'd agree with Mike on that. If you're creating the VPS manually
>>>> you could use a temporary password for root, then create a standard user
>>>> and disable the root.
>>>>
>>>>
>>>>
>>>> If you can, I'd also recommend locking down SSH to specific IPs or at
>>>> least ranges.
>>>>
>>>>
>>>>
>>>> On 30 July 2015 at 13:17, Michael Crilly <michael at mcrilly.me> wrote:
>>>>
>>>> The initial root login is designed to give you an easy way in so you
>>>> can configure the system, locking down root login and removing that key
>>>> from the system (after adding additional users and allowing them to sudo to
>>>> root.)
>>>>
>>>> Think of that initial SSH key as a deployment key - login once with it,
>>>> then use Ansible to setup your system with new users and various other
>>>> state.
>>>>
>>>> Cheers,
>>>>
>>>> Mike.
>>>>
>>>> On 30 Jul 2015 9:50 pm, "Stuart Burns" <stuart.james.burns at gmail.com>
>>>> wrote:
>>>>
>>>> Hi Everyone,
>>>>
>>>>
>>>>
>>>> I am just in the process of moving over some sites to DO and I thought
>>>> I would start using the stored SSH key system you can use when deploying
>>>> your droplets. It works fine, no issues. Just I dont really feel
>>>> comfortable logging in as root directly. Years of non root logins make me
>>>> feel itchy about this.
>>>>
>>>>
>>>>
>>>> What does everyone else think? (I know you can alter and someone trying
>>>> to crack a proper PKI implementation may have a long wait!) I was more
>>>> concerned with it being out the box functionality.
>>>>
>>>> Regards
>>>>
>>>>
>>>>
>>>> Stuart
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Chester mailing list
>>>> Chester at mailman.lug.org.uk
>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>
>>>>
>>>> _______________________________________________
>>>> Chester mailing list
>>>> Chester at mailman.lug.org.uk
>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Chester mailing list
>>>> Chester at mailman.lug.org.uk
>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>
>>>>
>>> _______________________________________________
>>> Chester mailing list
>>> Chester at mailman.lug.org.uk
>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>
>>>
>>
>>
>> --
>> Stuart Burns
>> E: stuart.james.burns at gmail.com
>> M: [redacted]
>>
>>
>> _______________________________________________
>> Chester mailing list
>> Chester at mailman.lug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>
>>
> _______________________________________________
> Chester mailing list
> Chester at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/chester
>
>
--
Stuart Burns
E: stuart.james.burns at gmail.com
M: [redacted]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/chester/attachments/20150730/a58c0424/attachment.html>
More information about the Chester
mailing list