[Chester LUG] Digitalocean users.. a question

Stuart Burns stuart.james.burns at gmail.com
Thu Jul 30 12:55:13 UTC 2015


btw meant to suffix with ;)

On 30 July 2015 at 13:54, Stuart Burns <stuart.james.burns at gmail.com> wrote:

> Ok so I want to do two things (and this is the challenge)
>
> I want to automate virtualhost configs. They are trivial and repetative
> but easy to fat finger. Script to create a db user followed by a virtual
> host file creation and a2ensite, reload and it should be good. How could
> ansible/whatever be more efficient.
>
> Secondly how do I integrate it from my desktops so I can just pop out a
> master server with tuned/pre set configs ? Oh and I want versioning too ;)
>
> If you can tell me how to do that lot simply and easily I will retract my
> thus truthful statement re: Ansible et all.
>
>
>
> On 30 July 2015 at 13:47, Michael Crilly <michael at mcrilly.me> wrote:
>
>> Niche? Virtually industry standard alongside Puppet.
>>
>> Unworkable? I've got it automatically provisioning entire environments
>> with HAProxy, NodeJS apps, MongoDB, Java apps, MySQL, the lot.
>>
>> Whatever happened to a tradesmen never blaming his tools?
>>
>> Also, OSS generally accepts pull requests for bugs and improvements - hop
>> to it ;-)
>> On 30 Jul 2015 10:45 pm, "Stuart Burns" <stuart.james.burns at gmail.com>
>> wrote:
>>
>>> We woud Mike if it wasn't so friggin' niche and unworkable for the most
>>> part ;)
>>>
>>>
>>> On 30 July 2015 at 13:42, Michael Crilly <michael at mcrilly.me> wrote:
>>>
>>>> Steve,
>>>>
>>>> Consider uses Vagrant for testing and development. It'll run the VM
>>>> locally and cost you nothing.
>>>> On 30 Jul 2015 10:41 pm, "Steve Lilley" <steve.lilley at beebl.co.uk>
>>>> wrote:
>>>>
>>>>>  I personally feel as safe logging in as root with a key (and 2
>>>>> factor on DO) then I do logging on with a password as a normal user If that
>>>>> user is setup to sudo anyway. Then again I only use it for test and dev.
>>>>>
>>>>>
>>>>>
>>>>> Steve
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *From:* Chester [mailto:chester-bounces at mailman.lug.org.uk] *On
>>>>> Behalf Of *Les Pritchard
>>>>> *Sent:* 30 July 2015 13:24
>>>>> *To:* chester <chester at mailman.lug.org.uk>
>>>>> *Subject:* Re: [Chester LUG] Digitalocean users.. a question
>>>>>
>>>>>
>>>>>
>>>>> Yes, I'd agree with Mike on that. If you're creating the VPS manually
>>>>> you could use a temporary password for root, then create a standard user
>>>>> and disable the root.
>>>>>
>>>>>
>>>>>
>>>>> If you can, I'd also recommend locking down SSH to specific IPs or at
>>>>> least ranges.
>>>>>
>>>>>
>>>>>
>>>>> On 30 July 2015 at 13:17, Michael Crilly <michael at mcrilly.me> wrote:
>>>>>
>>>>> The initial root login is designed to give you an easy way in so you
>>>>> can configure the system, locking down root login and removing that key
>>>>> from the system (after adding additional users and allowing them to sudo to
>>>>> root.)
>>>>>
>>>>> Think of that initial SSH key as a deployment key - login once with
>>>>> it, then use Ansible to setup your system with new users and various other
>>>>> state.
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Mike.
>>>>>
>>>>> On 30 Jul 2015 9:50 pm, "Stuart Burns" <stuart.james.burns at gmail.com>
>>>>> wrote:
>>>>>
>>>>>   Hi Everyone,
>>>>>
>>>>>
>>>>>
>>>>> I am just in the process of moving over some sites to DO and I thought
>>>>> I would start using the stored SSH key system you can use when deploying
>>>>> your droplets. It works fine, no issues. Just I dont really feel
>>>>> comfortable logging in as root directly. Years of non root logins make me
>>>>> feel itchy about this.
>>>>>
>>>>>
>>>>>
>>>>> What does everyone else think? (I know you can alter and someone
>>>>> trying to crack a proper PKI implementation may have a long wait!) I was
>>>>> more concerned with it being out the box functionality.
>>>>>
>>>>> Regards
>>>>>
>>>>>
>>>>>
>>>>> Stuart
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Chester mailing list
>>>>> Chester at mailman.lug.org.uk
>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Chester mailing list
>>>>> Chester at mailman.lug.org.uk
>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Chester mailing list
>>>>> Chester at mailman.lug.org.uk
>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>>
>>>>>
>>>> _______________________________________________
>>>> Chester mailing list
>>>> Chester at mailman.lug.org.uk
>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>
>>>>
>>>
>>>
>>> --
>>> Stuart Burns
>>> E: stuart.james.burns at gmail.com
>>> M: [redacted]
>>>
>>>
>>> _______________________________________________
>>> Chester mailing list
>>> Chester at mailman.lug.org.uk
>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>
>>>
>> _______________________________________________
>> Chester mailing list
>> Chester at mailman.lug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>
>>
>
>
> --
> Stuart Burns
> E: stuart.james.burns at gmail.com
> M: [redacted]
>
>


-- 
Stuart Burns
E: stuart.james.burns at gmail.com
M: [redacted]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/chester/attachments/20150730/7ffe7a45/attachment.html>


More information about the Chester mailing list