Hi Michael, You are missing an important set of keys: -- Server SSH Keys – 'rm /mnt/kd/ssh/ssh_host_*' are removed so host server keys are regenerated --
BTW, the ssh/ssh_host_* are for the sshd server, the ssh_root_keys/ are for outbound 'root' user ssh keys. As you mentioned (implied), everything in /mnt/kd/ssl/* should be removed (including dirs). As for the Zabbix keys, AstLinux does not generate those ... possibly Zabbix does with the proper configuration path to /mnt/kd/ssl/... Off hand, I can't think of any other secure identity bits and shouldn't be propagated from VM to VM. Lonnie > From: Michael Knill <michael.kn...@ipcsolutions.com.au> > Reply to: AstLinux List <astlinux-users@lists.sourceforge.net> > Date: Saturday, 6 August 2022 at 12:38 pm > To: AstLinux List <astlinux-users@lists.sourceforge.net> > Subject: [Astlinux-users] Using VMware Templates > > Hi Group > > I'm using Astlinux in VMware vCloud and for quick deployment I have build a > base system and created a template from it. This means I can rapidly deploy a > new system without having to build it. > > I'm just wanting to check that I haven’t missed anything regarding what I do > to the template build and what I do after provisioning a new system. Note I > have not included Asterisk configuration in this list. > > • Network configuration – Build template will be DHCP only. The new > address and hostname will added into the Network Tab or > rc.conf.d/gui.network.conf directly > • HTTPS and TLS Certs – These will be regenerated on the new > provisioned system with an ACME Issue > • Root SSH Keys – ssh_root_keys directory is removed in the template so > it is regenerated > • Wireguard Key – wireguard/wg0.privatekey is removed in the template > so it is regenerated > • Zabbix Key – ssl/zabbix_secret.psk is removed in the template so it > is regenerated (when you access the Zabbix Tab I believe) > • OpenVPN Keys – These are not generated by default in the build system > so will need to be created if required anyway > • Tarsnap – tarsnap directory is removed in the template so it needs to > be generated > > Can you think of anything else I require? > Thanks all. > > Regards > > Michael Knill > Managing Director > > D: +61 2 6189 1360 > P: +61 2 6140 4656 > E: michael.kn...@ipcsolutions.com.au > W: ipcsolutions.com.au > > <image001.png> > Smarter Business Communications > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
