Andrew Libby on 16 Oct 2015 07:11:21 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] If you decided to use ansible you obviously made a good choice |
Yep yep, I get it. I guess I'm thinking more in terms of automation which obviates the ability to have passphrase security. For now I'm all manual execution and so having this works fine. FWIW, I have the same concerns with systems like backuppc that use ssh as a transport for rsync and unless you jump through some hoops you need to be able to allow a user to sudo rsync. Thanks Gavin. Andy On 10/16/15 9:57 AM, Gavin W. Burris wrote: > Hi, Andy. > > Consider using SSH keys, with a passphrase, and separate keys per admin. Maybe even per host group. The security of Ansible is the security of SSH and Linux in general. > > Cheers. > > On Fri 10/16/15 09:29AM EDT, Andrew Libby wrote: >> >> >> I'm a big fan of ansible, and would certainly attend. I don't yet use >> it as much as I'd like, but have plans for adopting it. >> >> I'd certainly attend. In particular I'm interested in how it can be >> done securely. The biggest criticisms I've heard on ansible focus >> on the fact that it doesn't have an agent and pretty much anything >> can be done to any accessible system when compromised. >> >> Andy >> >> >> >> >> On 10/16/15 9:02 AM, Gavin W. Burris wrote: >>> Hi, All. >>> >>> I'd be happy to present about Ansible at an upcoming PLUG West. We've been using it for over a year now to automate deployment of our high-performance computing cluster at Wharton. >>> >>> Ansible is configuration management. Imagine booting a server, workstation or cloud node, then having it configured exactly as the role you require. Imagine doing that as often as you like, with something that was as easy as having Python, some text files and an SSH key. Minimum overhead and maximum utility. This provides you with automatic installations, disaster recovery, checks for known-good state, and documentation. It's no joke that Ansible code is so easy to read it is like documentation. All of my systems are defined by code in a git repo. It's a beautiful thing. >>> >>> Cheers. >>> >>> On Fri 10/16/15 08:43AM EDT, Ronaldo Nascimento wrote: >>>> What is it exactly? Too many buzz words on the site. How will it effect the SAT server? >>>> >>>> >>>>> On Oct 16, 2015, at 8:34 AM, Doug Stewart <zamoose@gmail.com> wrote: >>>>> >>>>> Been using it for a couple of years now. Love it. >>>>> >>>>> Now RedHat needs to make Spacewalk/Satellite use it out of the box. >>>>> >>>>> -- >>>>> Doug Stewart >>>>> >>>>> On Oct 16, 2015, at 8:27 AM, Anthony Martin <anthony.j.martin142@gmail.com <mailto:anthony.j.martin142@gmail.com>> wrote: >>>>> >>>>>> http://www.redhat.com/en/about/blog/why-red-hat-acquired-ansible <http://www.redhat.com/en/about/blog/why-red-hat-acquired-ansible> >>>>>> >>>>>> Red Hat will be using ansible. I personally think this is a good idea and much better than puppet for satellite. >>>>>> >>>>>> Anthony MartinLinux System Administrator >>>>>> >>>>>> (M) 609-410-1168 >>>>>> anthony.j.martin142@gmail.com <mailto:anthony.j.martin142@gmail.com>___________________________________________________________________________ >>>>>> Philadelphia Linux Users Group -- http://www.phillylinux.org <http://www.phillylinux.org/> >>>>>> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce <http://lists.phillylinux.org/mailman/listinfo/plug-announce> >>>>>> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug <http://lists.phillylinux.org/mailman/listinfo/plug> >>>>> ___________________________________________________________________________ >>>>> Philadelphia Linux Users Group -- http://www.phillylinux.org >>>>> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce >>>>> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug >>>> >>> >>>> ___________________________________________________________________________ >>>> Philadelphia Linux Users Group -- http://www.phillylinux.org >>>> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce >>>> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug >>> >>> >> >> -- >> Andrew Libby >> alibby@xforty.com >> 484-887-7505 x 1115 >> http://xforty.com >> http://www.kineticweb.com/ >> http://zugunroute.com >> ___________________________________________________________________________ >> Philadelphia Linux Users Group -- http://www.phillylinux.org >> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce >> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug > -- Andrew Libby alibby@xforty.com 484-887-7505 x 1115 http://xforty.com http://www.kineticweb.com/ http://zugunroute.com ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug