Puppet proposal

[Karsten 'quaid' Wade]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/14/2012 03:16 AM, Ewoud Kohl van Wijngaarden wrote:
> On Mon, Aug 13, 2012 at 04:29:29PM -0700, Karsten 'quaid' Wade
> wrote:
>> On 08/13/2012 03:01 PM, Ewoud Kohl van Wijngaarden wrote:
>> 
>>> - It's very basic, just ensure users exist and sudo is set up.
>>> We can do much more, but what do we want?
>> 
>> Not sure what makes sense, thus some random ideas:
>> 
>> * Can we further strip out extra packages, or is that best
>> handled in the original install image or kickstart script?
> I think this is better handled in install image / kickstart, but if
> you have specific packages you don't want installed we can list
> those.
>> * Firewall rules, sshd rules - I like to put sshd on a
>> non-standard port, such as 108, to minimize noise in the
>> logwatch.
> I was thinking the same, at least disable password authentication
> for SSH, disable root etc.

Along with disabling root login, we can also load in the public keys
of the Infra team in to their user accounts, so people can ssh + sudo
directly after the host is up.

- - Karsten

>> * Enable a remote backup solution for any data sources.
> I think we first have to decide on a backup solution, but in time
> yes.
>> * ...
> Maybe it's best to start with something small that provides a
> working solution, set up a puppet master either with or without
> foreman and get the git repo into gerrit. 
> _______________________________________________ Infra mailing list 
> Infra at ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
> 


- -- 
Karsten 'quaid' Wade, Sr. Analyst - Community Growth
http://TheOpenSourceWay.org  .^\  http://community.redhat.com
@quaid (identi.ca/twitter/IRC)  \v'  gpg: AD0E0C41
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFQKl7r2ZIOBq0ODEERAj9lAJ9av4GtnvSP32xcI0q0AfmyogBoGgCgwoJ9
AHoeCD8aoWpyliI77JLVWto=
=f8ht
-----END PGP SIGNATURE-----