Thanks guys for your input. Regards Michael Knill
On 7/8/2022, 2:41 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote: Good catch David, it is good practice to always remove the /etc/udev/rules.d/70-persistent-net.rules file (if it exists) when creating a template AstLinux system. Though for the VM case, the standard udev rules do not generate /etc/udev/rules.d/70-persistent-net.rules for virtual interfaces. But for bare-metal you will need to remove the /etc/udev/rules.d/70-persistent-net.rules file for a template system. As you know David, for very special cases where you have a VM with a mix of virtual NICs and PCIe passthrough real NICs the /etc/udev/rules.d/70-persistent-net.rules file will be created, but without the virtual interfaces. Regardless, as you suggested, remove /etc/udev/rules.d/70-persistent-net.rules for template systems. Lonnie > On Aug 6, 2022, at 9:47 AM, David Kerr <da...@kerr.net> wrote: > > Lonnie, > What about /etc/udev/rules.d/70-persistent-net.rules does it need to be regenerated too? > > David. > > On Sat, Aug 6, 2022 at 9:57 AM Lonnie Abelbeck <li...@lonnie.abelbeck.com> wrote: > Hi Michael, > > You are missing an important set of keys: > -- > Server SSH Keys – 'rm /mnt/kd/ssh/ssh_host_*' are removed so host server keys are regenerated > -- > > BTW, the ssh/ssh_host_* are for the sshd server, the ssh_root_keys/ are for outbound 'root' user ssh keys. > > As you mentioned (implied), everything in /mnt/kd/ssl/* should be removed (including dirs). > > As for the Zabbix keys, AstLinux does not generate those ... possibly Zabbix does with the proper configuration path to /mnt/kd/ssl/... > > Off hand, I can't think of any other secure identity bits and shouldn't be propagated from VM to VM. > > > Lonnie > > > > From: Michael Knill <michael.kn...@ipcsolutions.com.au> > > Reply to: AstLinux List <astlinux-users@lists.sourceforge.net> > > Date: Saturday, 6 August 2022 at 12:38 pm > > To: AstLinux List <astlinux-users@lists.sourceforge.net> > > Subject: [Astlinux-users] Using VMware Templates > > > > Hi Group > > > > I'm using Astlinux in VMware vCloud and for quick deployment I have build a base system and created a template from it. This means I can rapidly deploy a new system without having to build it. > > > > I'm just wanting to check that I haven’t missed anything regarding what I do to the template build and what I do after provisioning a new system. Note I have not included Asterisk configuration in this list. > > > > • Network configuration – Build template will be DHCP only. The new address and hostname will added into the Network Tab or rc.conf.d/gui.network.conf directly > > • HTTPS and TLS Certs – These will be regenerated on the new provisioned system with an ACME Issue > > • Root SSH Keys – ssh_root_keys directory is removed in the template so it is regenerated > > • Wireguard Key – wireguard/wg0.privatekey is removed in the template so it is regenerated > > • Zabbix Key – ssl/zabbix_secret.psk is removed in the template so it is regenerated (when you access the Zabbix Tab I believe) > > • OpenVPN Keys – These are not generated by default in the build system so will need to be created if required anyway > > • Tarsnap – tarsnap directory is removed in the template so it needs to be generated > > > > Can you think of anything else I require? > > Thanks all. > > > > Regards > > > > Michael Knill > > Managing Director > > > > D: +61 2 6189 1360 > > P: +61 2 6140 4656 > > E: michael.kn...@ipcsolutions.com.au > > W: ipcsolutions.com.au > > > > <image001.png> > > Smarter Business Communications > > > > _______________________________________________ > > Astlinux-users mailing list > > Astlinux-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > > > Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. > > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.