| Gavin W. Burris on 16 Oct 2015 08:39:50 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] If you decided to use ansible you obviously made a good choice |
Hi, Andy. Access with sudo is a good way to go as an extra layer. Also, man ssh-agent. ;) Cheers. On Fri 10/16/15 10:11AM EDT, Andrew Libby wrote: > > > Yep yep, I get it. I guess I'm thinking more in terms of automation > which obviates the ability to have passphrase security. For now I'm > all manual execution and so having this works fine. FWIW, I have the > same concerns with systems like backuppc that use ssh as a transport > for rsync and unless you jump through some hoops you need to be > able to allow a user to sudo rsync. > > Thanks Gavin. > > Andy > > > > > On 10/16/15 9:57 AM, Gavin W. Burris wrote: > > Hi, Andy. > > > > Consider using SSH keys, with a passphrase, and separate keys per admin. Maybe even per host group. The security of Ansible is the security of SSH and Linux in general. > > > > Cheers. > > > > On Fri 10/16/15 09:29AM EDT, Andrew Libby wrote: > >> > >> > >> I'm a big fan of ansible, and would certainly attend. I don't yet use > >> it as much as I'd like, but have plans for adopting it. > >> > >> I'd certainly attend. In particular I'm interested in how it can be > >> done securely. The biggest criticisms I've heard on ansible focus > >> on the fact that it doesn't have an agent and pretty much anything > >> can be done to any accessible system when compromised. > >> > >> Andy > >> > >> > >> > >> > >> On 10/16/15 9:02 AM, Gavin W. Burris wrote: > >>> Hi, All. > >>> > >>> I'd be happy to present about Ansible at an upcoming PLUG West. We've been using it for over a year now to automate deployment of our high-performance computing cluster at Wharton. > >>> > >>> Ansible is configuration management. Imagine booting a server, workstation or cloud node, then having it configured exactly as the role you require. Imagine doing that as often as you like, with something that was as easy as having Python, some text files and an SSH key. Minimum overhead and maximum utility. This provides you with automatic installations, disaster recovery, checks for known-good state, and documentation. It's no joke that Ansible code is so easy to read it is like documentation. All of my systems are defined by code in a git repo. It's a beautiful thing. > >>> > >>> Cheers. > >>> > >>> On Fri 10/16/15 08:43AM EDT, Ronaldo Nascimento wrote: > >>>> What is it exactly? Too many buzz words on the site. How will it effect the SAT server? > >>>> > >>>> > >>>>> On Oct 16, 2015, at 8:34 AM, Doug Stewart <zamoose@gmail.com> wrote: > >>>>> > >>>>> Been using it for a couple of years now. Love it. > >>>>> > >>>>> Now RedHat needs to make Spacewalk/Satellite use it out of the box. > >>>>> > >>>>> -- > >>>>> Doug Stewart > >>>>> > >>>>> On Oct 16, 2015, at 8:27 AM, Anthony Martin <anthony.j.martin142@gmail.com <mailto:anthony.j.martin142@gmail.com>> wrote: > >>>>> > >>>>>> http://www.redhat.com/en/about/blog/why-red-hat-acquired-ansible <http://www.redhat.com/en/about/blog/why-red-hat-acquired-ansible> > >>>>>> > >>>>>> Red Hat will be using ansible. I personally think this is a good idea and much better than puppet for satellite. > >>>>>> > >>>>>> Anthony MartinLinux System Administrator > >>>>>> > >>>>>> (M) 609-410-1168 > >>>>>> anthony.j.martin142@gmail.com <mailto:anthony.j.martin142@gmail.com>___________________________________________________________________________ > >>>>>> Philadelphia Linux Users Group -- http://www.phillylinux.org <http://www.phillylinux.org/> > >>>>>> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce <http://lists.phillylinux.org/mailman/listinfo/plug-announce> > >>>>>> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug <http://lists.phillylinux.org/mailman/listinfo/plug> > >>>>> ___________________________________________________________________________ > >>>>> Philadelphia Linux Users Group -- http://www.phillylinux.org > >>>>> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > >>>>> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug > >>>> > >>> > >>>> ___________________________________________________________________________ > >>>> Philadelphia Linux Users Group -- http://www.phillylinux.org > >>>> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > >>>> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug > >>> > >>> > >> > >> -- > >> Andrew Libby > >> alibby@xforty.com > >> 484-887-7505 x 1115 > >> http://xforty.com > >> http://www.kineticweb.com/ > >> http://zugunroute.com > >> ___________________________________________________________________________ > >> Philadelphia Linux Users Group -- http://www.phillylinux.org > >> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > >> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug > > > > -- > Andrew Libby > alibby@xforty.com > 484-887-7505 x 1115 > http://xforty.com > http://www.kineticweb.com/ > http://zugunroute.com > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug -- Gavin W. Burris Senior Project Leader for Research Computing The Wharton School University of Pennsylvania ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug