Good catch David, it is good practice to always remove the 
/etc/udev/rules.d/70-persistent-net.rules file (if it exists) when creating a 
template AstLinux system.

Though for the VM case, the standard udev rules do not generate 
/etc/udev/rules.d/70-persistent-net.rules for virtual interfaces.

But for bare-metal you will need to remove the 
/etc/udev/rules.d/70-persistent-net.rules file for a template system.

As you know David, for very special cases where you have a VM with a mix of 
virtual NICs and PCIe passthrough real NICs the 
/etc/udev/rules.d/70-persistent-net.rules file will be created, but without the 
virtual interfaces.

Regardless, as you suggested, remove /etc/udev/rules.d/70-persistent-net.rules 
for template systems.


Lonnie



> On Aug 6, 2022, at 9:47 AM, David Kerr <da...@kerr.net> wrote:
> 
> Lonnie,
>   What about /etc/udev/rules.d/70-persistent-net.rules does it need to be 
> regenerated too?
> 
> David.
> 
> On Sat, Aug 6, 2022 at 9:57 AM Lonnie Abelbeck <li...@lonnie.abelbeck.com> 
> wrote:
> Hi Michael,
> 
> You are missing an important set of keys:
> --
> Server SSH Keys – 'rm /mnt/kd/ssh/ssh_host_*' are removed so host server keys 
> are regenerated
> --
> 
> BTW, the ssh/ssh_host_* are for the sshd server, the ssh_root_keys/ are for 
> outbound 'root' user ssh keys.
> 
> As you mentioned (implied), everything in /mnt/kd/ssl/* should be removed 
> (including dirs).
> 
> As for the Zabbix keys, AstLinux does not generate those ... possibly Zabbix 
> does with the proper configuration path to /mnt/kd/ssl/...
> 
> Off hand, I can't think of any other secure identity bits and shouldn't be 
> propagated from VM to VM.
> 
> 
> Lonnie
> 
> 
> > From: Michael Knill <michael.kn...@ipcsolutions.com.au>
> > Reply to: AstLinux List <astlinux-users@lists.sourceforge.net>
> > Date: Saturday, 6 August 2022 at 12:38 pm
> > To: AstLinux List <astlinux-users@lists.sourceforge.net>
> > Subject: [Astlinux-users] Using VMware Templates
> >  
> > Hi Group
> >  
> > I'm using Astlinux in VMware vCloud and for quick deployment I have build a 
> > base system and created a template from it. This means I can rapidly deploy 
> > a new system without having to build it.
> >  
> > I'm just wanting to check that I haven’t missed anything regarding what I 
> > do to the template build and what I do after provisioning a new system. 
> > Note I have not included Asterisk configuration in this list.
> >  
> >       • Network configuration – Build template will be DHCP only. The new 
> > address and hostname will added into the Network Tab or 
> > rc.conf.d/gui.network.conf directly
> >       • HTTPS and TLS Certs – These will be regenerated on the new 
> > provisioned system with an ACME Issue
> >       • Root SSH Keys – ssh_root_keys directory is removed in the template 
> > so it is regenerated
> >       • Wireguard Key – wireguard/wg0.privatekey is removed in the template 
> > so it is regenerated
> >       • Zabbix Key – ssl/zabbix_secret.psk is removed in the template so it 
> > is regenerated (when you access the Zabbix Tab I believe)
> >       • OpenVPN Keys – These are not generated by default in the build 
> > system so will need to be created if required anyway
> >       • Tarsnap – tarsnap directory is removed in the template so it needs 
> > to be generated
> >  
> > Can you think of anything else I require?
> > Thanks all.
> >  
> > Regards
> >  
> > Michael Knill
> > Managing Director
> >  
> > D: +61 2 6189 1360
> > P: +61 2 6140 4656
> > E: michael.kn...@ipcsolutions.com.au
> > W: ipcsolutions.com.au
> >  
> >  <image001.png>
> > Smarter Business Communications
> >  
> > _______________________________________________
> > Astlinux-users mailing list
> > Astlinux-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/astlinux-users
> > 
> > Donations to support AstLinux are graciously accepted via PayPal to 
> > pay...@krisk.org.
> 
> 
> 
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to 
> pay...@krisk.org.
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to 
> pay...@krisk.org.



_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Reply via email to