Commit Graph

18 Commits

Author SHA1 Message Date
55fddf03b3
Remove provisioning user management
It's just too tricky to manage this. Ubuntu / RedHat preseeds and
kickstarts can create the user and add it to groups, but only when
we control the initial boot environment (ie not on Linode, Digital
Ocean, etc), so let's just say we assume this user exists and can
get root with sudo by the some we are running ansible on it.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-02-20 15:06:45 +03:00
171798c76d roles/common: Add DSA/ECDSA cleanup to ssh tasks
We don't want to support these signature algorithms!

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-01-20 16:31:37 +03:00
0d2763fb59
roles/common: Remove ECDSA SSH public key for aorth@noma
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-01-12 18:19:49 +03:00
d7dd81bc84
roles/common: Add ED25519 SSH public key for aorth@noma
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-01-12 18:19:21 +03:00
13b592dfcd roles/common: Tune sshd_config to be more strict
Disable ECDSA as a signature algorithm and drop some older message
authentication algorithms.

See: https://stribika.github.io/2015/01/04/secure-secure-shell.html

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-01-07 01:47:06 +03:00
a80cb49957 roles/common: Update sshd_config template to explicitly allow the provisioning user
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-01-06 17:45:06 +03:00
3b6c9745ab
roles/common: Add provisioning user to sudoers
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-01-05 08:24:13 +03:00
0f5b088c08 roles/common: Add createhome:yes to provisioning user task
Need to make sure the user gets created on a fresh install, like on
Amazon EC2 or OpenStack images where the first user is `ubuntu' and
you can't assume `provisioning' is already created.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-01-04 02:24:53 +03:00
c3f5e27642
roles/common: Add ECDSA public key for noma
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2014-10-12 13:25:48 +03:00
a265e48a9f
roles/common: Remove RSA public key
Both client and server support ed25519, so there's no need to even
have the RSA key here.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2014-10-12 13:23:01 +03:00
5e0da37542
roles/common: Remove task which removes irqbalance
Prevailing wisdom is actually that this *can* help virtual hosts,
especially when the VM guest has multiple CPUs.

See: http://wiki.xen.org/wiki/Network_Throughput_and_Performance_Guide

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2014-10-11 13:31:23 +03:00
1ee7b385bf
roles/common: Rename SSH keys
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2014-10-11 13:19:32 +03:00
1e2193efc9
roles/common: Add functionality to copy user keys to provisioning user
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2014-10-11 12:13:45 +03:00
c53dd18181
roles/common: Add role to manage provisioning user
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2014-10-11 12:11:44 +03:00
e741a77c00
roles/common: Add unzip to Ubuntu base packages
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2014-10-05 15:21:47 +03:00
be0e0ea21a
roles/common: Remove irqbalance
We're a VM, we don't have IRQs.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2014-09-07 23:51:52 +03:00
df65172952
roles/common: Add lrzip to base packages
Provides good mix of compression/decompression speed with size,
see: http://ck.kolivas.org/apps/lrzip/README.benchmarks

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2014-09-07 16:32:06 +03:00
60b8ecdd4c
Initial commit
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2014-08-17 00:35:57 +03:00