GhostBSD EU server

News and Announcements related to GhostBSD
Post Reply
kraileth
Posts: 312
Joined: Sun Sep 04, 2016 12:30 pm

GhostBSD EU server

Post by kraileth »

Sorry for "spaming" the dev discussions today, but I had a little time on my hands right now and wanted to spend it on GhostBSD. :D

I've created a virtual server today, installed FreeBSD 10.3 (that was the only ISO that was around for now) and updated to 11.0. Right now it uses a temporary IP address but I intend to get the final one on Monday.

I'm going to install Saltstack in a minute and will start writing state files for configuration management. Now I need three things from every team member:
  • desired user name
  • public key for SSH
  • your preferred shell
And I'd also like to discuss the setup here. Which programs do we need? Which firewall to use and what rules? Things like that. Oh, and since we'll have two servers then, how about backing up each other? As you all know: "If there's no backup of something it doesn't exist". ;)

I intend to give you root access (your user added to the "wheel" group + passwordless sudo) but I'd like to ask of you that we agree on only doing things manually if something broke and needs to be fixed. For any other task I'd like to use Saltstack to manage the system. It uses files with very simple YAML to describe the desired state of the system.

I can take care of writing the state files, but I wanted to give you at least an idea of what this looks like. It's quite easy to write (and even easier to edit). Here's the part of the code that creates my user:

Code: Select all

user_kraileth:
  group.present:
    - name: kraileth
    - gid: 1001

  user.present:
    - name: kraileth
    - uid: 1001
    - gid: 1001
    - home: /home/kraileth
    - shell: /bin/tcsh
    - groups:
      - wheel

  file.directory:
    - name: /home/kraileth
    - user: kraileth
    - group: kraileth
    - mode: 0750
    - makedirs: True
That's about the most simple form; Saltstack can also make use of Jinja templating or even use pure Python if desired.
Top
ASX
Posts: 988
Joined: Wed May 06, 2015 12:46 pm

Re: GhostBSD EU server

Post by ASX »

kraileth wrote:Sorry for "spaming" the dev discussions today, but I had a little time on my hands right now and wanted to spend it on GhostBSD. :D
Your posts are very welcome!
I've created a virtual server today, installed FreeBSD 10.3 (that was the only ISO that was around for now) and updated to 11.0. Right now it uses a temporary IP address but I intend to get the final one on Monday.

I'm going to install Saltstack in a minute and will start writing state files for configuration management. Now I need three things from every team member:
  • desired user name
  • public key for SSH
  • your preferred shell
Thanks, please defer a bit about the user setup ... in the meantime we will discuss the things.
And I'd also like to discuss the setup here. Which programs do we need? Which firewall to use and what rules? Things like that. Oh, and since we'll have two servers then, how about backing up each other? As you all know: "If there's no backup of something it doesn't exist". ;)
- rsync, I guess that will be the tool to use to sync the two server
- appropriate mail config to send systems logs to each of us, so that we can monitor what's going on ...
- some basic firewall, keep it simple, as much as possible.

Being all transfers set up using rsync, a simple ssh channel between the two server will be more than enough, it also will help to keep the configuration simple.
Using ssh-keys is fine, of course, I would also suggest to use a ssh port different from the standard 22.
I intend to give you root access (your user added to the "wheel" group + passwordless sudo) but I'd like to ask of you that we agree on only doing things manually if something broke and needs to be fixed. For any other task I'd like to use Saltstack to manage the system. It uses files with very simple YAML to describe the desired state of the system.
I would leave all that in your hands, that means .... at your choice.
I can take care of writing the state files, but I wanted to give you at least an idea of what this looks like. It's quite easy to write (and even easier to edit). Here's the part of the code that creates my user:

Code: Select all

user_kraileth:
  group.present:
    - name: kraileth
    - gid: 1001

  user.present:
    - name: kraileth
    - uid: 1001
    - gid: 1001
    - home: /home/kraileth
    - shell: /bin/tcsh
    - groups:
      - wheel

  file.directory:
    - name: /home/kraileth
    - user: kraileth
    - group: kraileth
    - mode: 0750
    - makedirs: True
That's about the most simple form; Saltstack can also make use of Jinja templating or even use pure Python if desired.
Fine, guess most of these tasks are only needed at the beginning and I would leave all that to you.
Instead, monitoring is what I think should be shared ... more eyes looking at it.
Top
Post Reply

Return to “Announcements”