Re: Puppet proposal
On Mon, Aug 13, 2012 at 04:29:29PM -0700, Karsten 'quaid' Wade wrote:
On 08/13/2012 03:01 PM, Ewoud Kohl van Wijngaarden wrote:
> - It's very basic, just ensure users exist and sudo is set up. We
> can do much more, but what do we want?
Not sure what makes sense, thus some random ideas:
* Can we further strip out extra packages, or is that best handled in
the original install image or kickstart script?
I think this is better handled in
install image / kickstart, but if you
have specific packages you don't want installed we can list those.
* Firewall rules, sshd rules - I like to put sshd on a non-standard
port, such as 108, to minimize noise in the logwatch.
I was thinking the same, at
least disable password authentication for
SSH, disable root etc.
* Enable a remote backup solution for any data sources.
I think
we first have to decide on a backup solution, but in time yes.
* ...
Maybe it's best to start with something small that
provides a working
solution, set up a puppet master either with or without foreman and get
the git repo into gerrit.