[Chester LUG] Digitalocean users.. a question

Michael Crilly michael at mcrilly.me
Thu Jul 30 13:04:19 UTC 2015


Then also look at Packer, which can create Vagrant boxes for you from
VirtualBox VMs :-)
On 30 Jul 2015 11:03 pm, "Stuart Burns" <stuart.james.burns at gmail.com>
wrote:

> I did take a look at Vagrant but I dont get it. All the docs seem to be
> missing something. I get what it is, its a containerized pre configed
> machine but something is lost in "doing it"
>
>
> On 30 July 2015 at 13:59, Michael Crilly <michael at mcrilly.me> wrote:
>
>> There are modules at docs.ansible.com for all those things.
>>
>> It'll be more efficient because it will be OS agnostic if you develop the
>> Playbook correctly. It will also be sharable and easier to read than a
>> shell script.
>>
>> You can version Ansible "code" using git like the rest of the industry.
>> Use git tags to version your specific commits.
>>
>> You can use Vagrant to deploy a DO Droplet and apply Ansible to it
>> automatically - one command once you've written the Vagrantfile.
>> On 30 Jul 2015 10:54 pm, "Stuart Burns" <stuart.james.burns at gmail.com>
>> wrote:
>>
>>> Ok so I want to do two things (and this is the challenge)
>>>
>>> I want to automate virtualhost configs. They are trivial and repetative
>>> but easy to fat finger. Script to create a db user followed by a virtual
>>> host file creation and a2ensite, reload and it should be good. How could
>>> ansible/whatever be more efficient.
>>>
>>> Secondly how do I integrate it from my desktops so I can just pop out a
>>> master server with tuned/pre set configs ? Oh and I want versioning too ;)
>>>
>>> If you can tell me how to do that lot simply and easily I will retract
>>> my thus truthful statement re: Ansible et all.
>>>
>>>
>>>
>>> On 30 July 2015 at 13:47, Michael Crilly <michael at mcrilly.me> wrote:
>>>
>>>> Niche? Virtually industry standard alongside Puppet.
>>>>
>>>> Unworkable? I've got it automatically provisioning entire environments
>>>> with HAProxy, NodeJS apps, MongoDB, Java apps, MySQL, the lot.
>>>>
>>>> Whatever happened to a tradesmen never blaming his tools?
>>>>
>>>> Also, OSS generally accepts pull requests for bugs and improvements -
>>>> hop to it ;-)
>>>> On 30 Jul 2015 10:45 pm, "Stuart Burns" <stuart.james.burns at gmail.com>
>>>> wrote:
>>>>
>>>>> We woud Mike if it wasn't so friggin' niche and unworkable for the
>>>>> most part ;)
>>>>>
>>>>>
>>>>> On 30 July 2015 at 13:42, Michael Crilly <michael at mcrilly.me> wrote:
>>>>>
>>>>>> Steve,
>>>>>>
>>>>>> Consider uses Vagrant for testing and development. It'll run the VM
>>>>>> locally and cost you nothing.
>>>>>> On 30 Jul 2015 10:41 pm, "Steve Lilley" <steve.lilley at beebl.co.uk>
>>>>>> wrote:
>>>>>>
>>>>>>> I personally feel as safe logging in as root with a key (and 2
>>>>>>> factor on DO) then I do logging on with a password as a normal user If that
>>>>>>> user is setup to sudo anyway. Then again I only use it for test and dev.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Steve
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> *From:* Chester [mailto:chester-bounces at mailman.lug.org.uk] *On
>>>>>>> Behalf Of *Les Pritchard
>>>>>>> *Sent:* 30 July 2015 13:24
>>>>>>> *To:* chester <chester at mailman.lug.org.uk>
>>>>>>> *Subject:* Re: [Chester LUG] Digitalocean users.. a question
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Yes, I'd agree with Mike on that. If you're creating the VPS
>>>>>>> manually you could use a temporary password for root, then create a
>>>>>>> standard user and disable the root.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> If you can, I'd also recommend locking down SSH to specific IPs or
>>>>>>> at least ranges.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 30 July 2015 at 13:17, Michael Crilly <michael at mcrilly.me> wrote:
>>>>>>>
>>>>>>> The initial root login is designed to give you an easy way in so you
>>>>>>> can configure the system, locking down root login and removing that key
>>>>>>> from the system (after adding additional users and allowing them to sudo to
>>>>>>> root.)
>>>>>>>
>>>>>>> Think of that initial SSH key as a deployment key - login once with
>>>>>>> it, then use Ansible to setup your system with new users and various other
>>>>>>> state.
>>>>>>>
>>>>>>> Cheers,
>>>>>>>
>>>>>>> Mike.
>>>>>>>
>>>>>>> On 30 Jul 2015 9:50 pm, "Stuart Burns" <stuart.james.burns at gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>> Hi Everyone,
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I am just in the process of moving over some sites to DO and I
>>>>>>> thought I would start using the stored SSH key system you can use when
>>>>>>> deploying your droplets. It works fine, no issues. Just I dont really feel
>>>>>>> comfortable logging in as root directly. Years of non root logins make me
>>>>>>> feel itchy about this.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> What does everyone else think? (I know you can alter and someone
>>>>>>> trying to crack a proper PKI implementation may have a long wait!) I was
>>>>>>> more concerned with it being out the box functionality.
>>>>>>>
>>>>>>> Regards
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Stuart
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Chester mailing list
>>>>>>> Chester at mailman.lug.org.uk
>>>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Chester mailing list
>>>>>>> Chester at mailman.lug.org.uk
>>>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Chester mailing list
>>>>>>> Chester at mailman.lug.org.uk
>>>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>>>>
>>>>>>>
>>>>>> _______________________________________________
>>>>>> Chester mailing list
>>>>>> Chester at mailman.lug.org.uk
>>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Stuart Burns
>>>>> E: stuart.james.burns at gmail.com
>>>>> M: [redacted]
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Chester mailing list
>>>>> Chester at mailman.lug.org.uk
>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>>
>>>>>
>>>> _______________________________________________
>>>> Chester mailing list
>>>> Chester at mailman.lug.org.uk
>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>
>>>>
>>>
>>>
>>> --
>>> Stuart Burns
>>> E: stuart.james.burns at gmail.com
>>> M: [redacted]
>>>
>>>
>>> _______________________________________________
>>> Chester mailing list
>>> Chester at mailman.lug.org.uk
>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>
>>>
>> _______________________________________________
>> Chester mailing list
>> Chester at mailman.lug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>
>>
>
>
> --
> Stuart Burns
> E: stuart.james.burns at gmail.com
> M: [redacted]
>
>
> _______________________________________________
> Chester mailing list
> Chester at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/chester
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/chester/attachments/20150730/68adfc87/attachment.html>


More information about the Chester mailing list