[Chester LUG] Digitalocean users.. a question

Stuart Burns stuart.james.burns at gmail.com
Thu Jul 30 13:26:41 UTC 2015 

Dare I good

On 30 July 2015 at 14:04, Michael Crilly <michael at mcrilly.me> wrote:

> Then also look at Packer, which can create Vagrant boxes for you from
> VirtualBox VMs :-)
> On 30 Jul 2015 11:03 pm, "Stuart Burns" <stuart.james.burns at gmail.com>
> wrote:
>
>> I did take a look at Vagrant but I dont get it. All the docs seem to be
>> missing something. I get what it is, its a containerized pre configed
>> machine but something is lost in "doing it"
>>
>>
>> On 30 July 2015 at 13:59, Michael Crilly <michael at mcrilly.me> wrote:
>>
>>> There are modules at docs.ansible.com for all those things.
>>>
>>> It'll be more efficient because it will be OS agnostic if you develop
>>> the Playbook correctly. It will also be sharable and easier to read than a
>>> shell script.
>>>
>>> You can version Ansible "code" using git like the rest of the industry.
>>> Use git tags to version your specific commits.
>>>
>>> You can use Vagrant to deploy a DO Droplet and apply Ansible to it
>>> automatically - one command once you've written the Vagrantfile.
>>> On 30 Jul 2015 10:54 pm, "Stuart Burns" <stuart.james.burns at gmail.com>
>>> wrote:
>>>
>>>> Ok so I want to do two things (and this is the challenge)
>>>>
>>>> I want to automate virtualhost configs. They are trivial and repetative
>>>> but easy to fat finger. Script to create a db user followed by a virtual
>>>> host file creation and a2ensite, reload and it should be good. How could
>>>> ansible/whatever be more efficient.
>>>>
>>>> Secondly how do I integrate it from my desktops so I can just pop out a
>>>> master server with tuned/pre set configs ? Oh and I want versioning too ;)
>>>>
>>>> If you can tell me how to do that lot simply and easily I will retract
>>>> my thus truthful statement re: Ansible et all.
>>>>
>>>>
>>>>
>>>> On 30 July 2015 at 13:47, Michael Crilly <michael at mcrilly.me> wrote:
>>>>
>>>>> Niche? Virtually industry standard alongside Puppet.
>>>>>
>>>>> Unworkable? I've got it automatically provisioning entire environments
>>>>> with HAProxy, NodeJS apps, MongoDB, Java apps, MySQL, the lot.
>>>>>
>>>>> Whatever happened to a tradesmen never blaming his tools?
>>>>>
>>>>> Also, OSS generally accepts pull requests for bugs and improvements -
>>>>> hop to it ;-)
>>>>> On 30 Jul 2015 10:45 pm, "Stuart Burns" <stuart.james.burns at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> We woud Mike if it wasn't so friggin' niche and unworkable for the
>>>>>> most part ;)
>>>>>>
>>>>>>
>>>>>> On 30 July 2015 at 13:42, Michael Crilly <michael at mcrilly.me> wrote:
>>>>>>
>>>>>>> Steve,
>>>>>>>
>>>>>>> Consider uses Vagrant for testing and development. It'll run the VM
>>>>>>> locally and cost you nothing.
>>>>>>> On 30 Jul 2015 10:41 pm, "Steve Lilley" <steve.lilley at beebl.co.uk>
>>>>>>> wrote:
>>>>>>>
>>>>>>>>  I personally feel as safe logging in as root with a key (and 2
>>>>>>>> factor on DO) then I do logging on with a password as a normal user If that
>>>>>>>> user is setup to sudo anyway. Then again I only use it for test and dev.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Steve
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> *From:* Chester [mailto:chester-bounces at mailman.lug.org.uk] *On
>>>>>>>> Behalf Of *Les Pritchard
>>>>>>>> *Sent:* 30 July 2015 13:24
>>>>>>>> *To:* chester <chester at mailman.lug.org.uk>
>>>>>>>> *Subject:* Re: [Chester LUG] Digitalocean users.. a question
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Yes, I'd agree with Mike on that. If you're creating the VPS
>>>>>>>> manually you could use a temporary password for root, then create a
>>>>>>>> standard user and disable the root.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> If you can, I'd also recommend locking down SSH to specific IPs or
>>>>>>>> at least ranges.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On 30 July 2015 at 13:17, Michael Crilly <michael at mcrilly.me>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>> The initial root login is designed to give you an easy way in so
>>>>>>>> you can configure the system, locking down root login and removing that key
>>>>>>>> from the system (after adding additional users and allowing them to sudo to
>>>>>>>> root.)
>>>>>>>>
>>>>>>>> Think of that initial SSH key as a deployment key - login once with
>>>>>>>> it, then use Ansible to setup your system with new users and various other
>>>>>>>> state.
>>>>>>>>
>>>>>>>> Cheers,
>>>>>>>>
>>>>>>>> Mike.
>>>>>>>>
>>>>>>>> On 30 Jul 2015 9:50 pm, "Stuart Burns" <
>>>>>>>> stuart.james.burns at gmail.com> wrote:
>>>>>>>>
>>>>>>>>   Hi Everyone,
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> I am just in the process of moving over some sites to DO and I
>>>>>>>> thought I would start using the stored SSH key system you can use when
>>>>>>>> deploying your droplets. It works fine, no issues. Just I dont really feel
>>>>>>>> comfortable logging in as root directly. Years of non root logins make me
>>>>>>>> feel itchy about this.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> What does everyone else think? (I know you can alter and someone
>>>>>>>> trying to crack a proper PKI implementation may have a long wait!) I was
>>>>>>>> more concerned with it being out the box functionality.
>>>>>>>>
>>>>>>>> Regards
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Stuart
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Chester mailing list
>>>>>>>> Chester at mailman.lug.org.uk
>>>>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Chester mailing list
>>>>>>>> Chester at mailman.lug.org.uk
>>>>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Chester mailing list
>>>>>>>> Chester at mailman.lug.org.uk
>>>>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>>>>>
>>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Chester mailing list
>>>>>>> Chester at mailman.lug.org.uk
>>>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Stuart Burns
>>>>>> E: stuart.james.burns at gmail.com
>>>>>> M: [redacted]
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Chester mailing list
>>>>>> Chester at mailman.lug.org.uk
>>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> Chester mailing list
>>>>> Chester at mailman.lug.org.uk
>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Stuart Burns
>>>> E: stuart.james.burns at gmail.com
>>>> M: [redacted]
>>>>
>>>>
>>>> _______________________________________________
>>>> Chester mailing list
>>>> Chester at mailman.lug.org.uk
>>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>>
>>>>
>>> _______________________________________________
>>> Chester mailing list
>>> Chester at mailman.lug.org.uk
>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>
>>>
>>
>>
>> --
>> Stuart Burns
>> E: stuart.james.burns at gmail.com
>> M: [redacted]
>>
>>
>> _______________________________________________
>> Chester mailing list
>> Chester at mailman.lug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>
>>
> _______________________________________________
> Chester mailing list
> Chester at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/chester
>
>


-- 
Stuart Burns
E: stuart.james.burns at gmail.com
M: [redacted]

Well if no one obhects I dont mind trying some of this stuff out tonight to
see if we can build a "repeatable" host and easy virtualhost setup.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/chester/attachments/20150730/2d2c2afd/attachment.html>

More information about the Chester mailing list