[Chester LUG] Digitalocean users.. a question

Stuart Burns stuart.james.burns at gmail.com
Thu Jul 30 13:03:10 UTC 2015


I did take a look at Vagrant but I dont get it. All the docs seem to be
missing something. I get what it is, its a containerized pre configed
machine but something is lost in "doing it"


On 30 July 2015 at 13:59, Michael Crilly <michael at mcrilly.me> wrote:

> There are modules at docs.ansible.com for all those things.
>
> It'll be more efficient because it will be OS agnostic if you develop the
> Playbook correctly. It will also be sharable and easier to read than a
> shell script.
>
> You can version Ansible "code" using git like the rest of the industry.
> Use git tags to version your specific commits.
>
> You can use Vagrant to deploy a DO Droplet and apply Ansible to it
> automatically - one command once you've written the Vagrantfile.
> On 30 Jul 2015 10:54 pm, "Stuart Burns" <stuart.james.burns at gmail.com>
> wrote:
>
>> Ok so I want to do two things (and this is the challenge)
>>
>> I want to automate virtualhost configs. They are trivial and repetative
>> but easy to fat finger. Script to create a db user followed by a virtual
>> host file creation and a2ensite, reload and it should be good. How could
>> ansible/whatever be more efficient.
>>
>> Secondly how do I integrate it from my desktops so I can just pop out a
>> master server with tuned/pre set configs ? Oh and I want versioning too ;)
>>
>> If you can tell me how to do that lot simply and easily I will retract my
>> thus truthful statement re: Ansible et all.
>>
>>
>>
>> On 30 July 2015 at 13:47, Michael Crilly <michael at mcrilly.me> wrote:
>>
>>> Niche? Virtually industry standard alongside Puppet.
>>>
>>> Unworkable? I've got it automatically provisioning entire environments
>>> with HAProxy, NodeJS apps, MongoDB, Java apps, MySQL, the lot.
>>>
>>> Whatever happened to a tradesmen never blaming his tools?
>>>
>>> Also, OSS generally accepts pull requests for bugs and improvements -
>>> hop to it ;-)
>>> On 30 Jul 2015 10:45 pm, "Stuart Burns" <stuart.james.burns at gmail.com>
>>> wrote:
>>>
>>>> We woud Mike if it wasn't so friggin' niche and unworkable for the most
>>>> part ;)
>>>>
>>>>
>>>> On 30 July 2015 at 13:42, Michael Crilly <michael at mcrilly.me> wrote:
>>>>
>>>>> Steve,
>>>>>
>>>>> Consider uses Vagrant for testing and development. It'll run the VM
>>>>> locally and cost you nothing.
>>>>> On 30 Jul 2015 10:41 pm, "Steve Lilley" <steve.lilley at beebl.co.uk>
>>>>> wrote:
>>>>>
>>>>>>  I personally feel as safe logging in as root with a key (and 2
>>>>>> factor on DO) then I do logging on with a password as a normal user If that
>>>>>> user is setup to sudo anyway. Then again I only use it for test and dev.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Steve
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> *From:* Chester [mailto:chester-bounces at mailman.lug.org.uk] *On
>>>>>> Behalf Of *Les Pritchard
>>>>>> *Sent:* 30 July 2015 13:24
>>>>>> *To:* chester <chester at mailman.lug.org.uk>
>>>>>> *Subject:* Re: [Chester LUG] Digitalocean users.. a question
>>>>>>
>>>>>>
>>>>>>
>>>>>> Yes, I'd agree with Mike on that. If you're creating the VPS manually
>>>>>> you could use a temporary password for root, then create a standard user
>>>>>> and disable the root.
>>>>>>
>>>>>>
>>>>>>
>>>>>> If you can, I'd also recommend locking down SSH to specific IPs or at
>>>>>> least ranges.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 30 July 2015 at 13:17, Michael Crilly <michael at mcrilly.me> wrote:
>>>>>>
>>>>>> The initial root login is designed to give you an easy way in so you
>>>>>> can configure the system, locking down root login and removing that key
>>>>>> from the system (after adding additional users and allowing them to sudo to
>>>>>> root.)
>>>>>>
>>>>>> Think of that initial SSH key as a deployment key - login once with
>>>>>> it, then use Ansible to setup your system with new users and various other
>>>>>> state.
>>>>>>
>>>>>> Cheers,
>>>>>>
>>>>>> Mike.
>>>>>>
>>>>>> On 30 Jul 2015 9:50 pm, "Stuart Burns" <stuart.james.burns at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>   Hi Everyone,
>>>>>>
>>>>>>
>>>>>>
>>>>>> I am just in the process of moving over some sites to DO and I
>>>>>> thought I would start using the stored SSH key system you can use when
>>>>>> deploying your droplets. It works fine, no issues. Just I dont really feel
>>>>>> comfortable logging in as root directly. Years of non root logins make me
>>>>>> feel itchy about this.
>>>>>>
>>>>>>
>>>>>>
>>>>>> What does everyone else think? (I know you can alter and someone
>>>>>> trying to crack a proper PKI implementation may have a long wait!) I was
>>>>>> more concerned with it being out the box functionality.
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>>
>>>>>>
>>>>>> Stuart
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Chester mailing list
>>>>>> Chester at mailman.lug.org.uk
>>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Chester mailing list
>>>>>> Chester at mailman.lug.org.uk
>>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Chester mailing list
>>>>>> Chester at mailman.lug.org.uk
>>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> Chester mailing list
>>>>> Chester at mailman.lug.org.uk
>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Stuart Burns
>>>> E: stuart.james.burns at gmail.com
>>>> M: [redacted]
>>>>
>>>>
>>>> _______________________________________________
>>>> Chester mailing list
>>>> Chester at mailman.lug.org.uk
>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>
>>>>
>>> _______________________________________________
>>> Chester mailing list
>>> Chester at mailman.lug.org.uk
>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>
>>>
>>
>>
>> --
>> Stuart Burns
>> E: stuart.james.burns at gmail.com
>> M: [redacted]
>>
>>
>> _______________________________________________
>> Chester mailing list
>> Chester at mailman.lug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>
>>
> _______________________________________________
> Chester mailing list
> Chester at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/chester
>
>


-- 
Stuart Burns
E: stuart.james.burns at gmail.com
M: [redacted]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/chester/attachments/20150730/1ee04fc7/attachment.html>


More information about the Chester mailing list