Puppet proposal

Ewoud Kohl van Wijngaarden ewoud+ovirt at kohlvanwijngaarden.nl
Tue Aug 14 10:16:06 UTC 2012


On Mon, Aug 13, 2012 at 04:29:29PM -0700, Karsten 'quaid' Wade wrote:
> On 08/13/2012 03:01 PM, Ewoud Kohl van Wijngaarden wrote:
>
> > - It's very basic, just ensure users exist and sudo is set up. We
> > can do much more, but what do we want?
>
> Not sure what makes sense, thus some random ideas:
>
> * Can we further strip out extra packages, or is that best handled in
> the original install image or kickstart script?
I think this is better handled in install image / kickstart, but if you
have specific packages you don't want installed we can list those.
> * Firewall rules, sshd rules - I like to put sshd on a non-standard
> port, such as 108, to minimize noise in the logwatch.
I was thinking the same, at least disable password authentication for
SSH, disable root etc.
> * Enable a remote backup solution for any data sources.
I think we first have to decide on a backup solution, but in time yes.
> * ...
Maybe it's best to start with something small that provides a working
solution, set up a puppet master either with or without foreman and get
the git repo into gerrit.



More information about the Infra mailing list