Re: [Astlinux-users] Using VMware Templates

Sat, 06 Aug 2022 16:20:47 -0700 

Thanks guys for your input.

Regards
Michael Knill

On 7/8/2022, 2:41 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote:

    Good catch David, it is good practice to always remove the 
/etc/udev/rules.d/70-persistent-net.rules file (if it exists) when creating a 
template AstLinux system.

    Though for the VM case, the standard udev rules do not generate 
/etc/udev/rules.d/70-persistent-net.rules for virtual interfaces.

    But for bare-metal you will need to remove the 
/etc/udev/rules.d/70-persistent-net.rules file for a template system.

    As you know David, for very special cases where you have a VM with a mix of 
virtual NICs and PCIe passthrough real NICs the 
/etc/udev/rules.d/70-persistent-net.rules file will be created, but without the 
virtual interfaces.

    Regardless, as you suggested, remove 
/etc/udev/rules.d/70-persistent-net.rules for template systems.


    Lonnie



    > On Aug 6, 2022, at 9:47 AM, David Kerr <da...@kerr.net> wrote:
    > 
    > Lonnie,
    >   What about /etc/udev/rules.d/70-persistent-net.rules does it need to be 
regenerated too?
    > 
    > David.
    > 
    > On Sat, Aug 6, 2022 at 9:57 AM Lonnie Abelbeck 
<li...@lonnie.abelbeck.com> wrote:
    > Hi Michael,
    > 
    > You are missing an important set of keys:
    > --
    > Server SSH Keys – 'rm /mnt/kd/ssh/ssh_host_*' are removed so host server 
keys are regenerated
    > --
    > 
    > BTW, the ssh/ssh_host_* are for the sshd server, the ssh_root_keys/ are 
for outbound 'root' user ssh keys.
    > 
    > As you mentioned (implied), everything in /mnt/kd/ssl/* should be removed 
(including dirs).
    > 
    > As for the Zabbix keys, AstLinux does not generate those ... possibly 
Zabbix does with the proper configuration path to /mnt/kd/ssl/...
    > 
    > Off hand, I can't think of any other secure identity bits and shouldn't 
be propagated from VM to VM.
    > 
    > 
    > Lonnie
    > 
    > 
    > > From: Michael Knill <michael.kn...@ipcsolutions.com.au>
    > > Reply to: AstLinux List <astlinux-users@lists.sourceforge.net>
    > > Date: Saturday, 6 August 2022 at 12:38 pm
    > > To: AstLinux List <astlinux-users@lists.sourceforge.net>
    > > Subject: [Astlinux-users] Using VMware Templates
    > >  
    > > Hi Group
    > >  
    > > I'm using Astlinux in VMware vCloud and for quick deployment I have 
build a base system and created a template from it. This means I can rapidly 
deploy a new system without having to build it.
    > >  
    > > I'm just wanting to check that I haven’t missed anything regarding what 
I do to the template build and what I do after provisioning a new system. Note 
I have not included Asterisk configuration in this list.
    > >  
    > >       • Network configuration – Build template will be DHCP only. The 
new address and hostname will added into the Network Tab or 
rc.conf.d/gui.network.conf directly
    > >       • HTTPS and TLS Certs – These will be regenerated on the new 
provisioned system with an ACME Issue
    > >       • Root SSH Keys – ssh_root_keys directory is removed in the 
template so it is regenerated
    > >       • Wireguard Key – wireguard/wg0.privatekey is removed in the 
template so it is regenerated
    > >       • Zabbix Key – ssl/zabbix_secret.psk is removed in the template 
so it is regenerated (when you access the Zabbix Tab I believe)
    > >       • OpenVPN Keys – These are not generated by default in the build 
system so will need to be created if required anyway
    > >       • Tarsnap – tarsnap directory is removed in the template so it 
needs to be generated
    > >  
    > > Can you think of anything else I require?
    > > Thanks all.
    > >  
    > > Regards
    > >  
    > > Michael Knill
    > > Managing Director
    > >  
    > > D: +61 2 6189 1360
    > > P: +61 2 6140 4656
    > > E: michael.kn...@ipcsolutions.com.au
    > > W: ipcsolutions.com.au
    > >  
    > >  <image001.png>
    > > Smarter Business Communications
    > >  
    > > _______________________________________________
    > > Astlinux-users mailing list
    > > Astlinux-users@lists.sourceforge.net
    > > https://lists.sourceforge.net/lists/listinfo/astlinux-users
    > > 
    > > Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.
    > 
    > 
    > 
    > _______________________________________________
    > Astlinux-users mailing list
    > Astlinux-users@lists.sourceforge.net
    > https://lists.sourceforge.net/lists/listinfo/astlinux-users
    > 
    > Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.
    > _______________________________________________
    > Astlinux-users mailing list
    > Astlinux-users@lists.sourceforge.net
    > https://lists.sourceforge.net/lists/listinfo/astlinux-users
    > 
    > Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.



    _______________________________________________
    Astlinux-users mailing list
    Astlinux-users@lists.sourceforge.net
    https://lists.sourceforge.net/lists/listinfo/astlinux-users

    Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.


_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Reply via email to