Diskussion:ServiceBSD: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Vater (Diskussion | Beiträge) (Neuer Abschnitt →good practice) |
Vater (Diskussion | Beiträge) |
||
Zeile 330: | Zeile 330: | ||
; Sicherheit: | ; Sicherheit: | ||
* https://learn.cisecurity.org/benchmarks | * [[wikipedia:de:Center for Internet Security]] | ||
*: braucht Berechtigungen als ''root''? Vielleicht einfach erst mal in einer jail (vielleicht als clone) testen (lassen). | ** https://learn.cisecurity.org/benchmarks | ||
**: (wohl auch für [[FreeBSD]]) | |||
**: braucht Berechtigungen als ''root''? Vielleicht einfach erst mal in einer jail (vielleicht als clone) testen (lassen). |
Version vom 26. Februar 2017, 00:30 Uhr
domains
vielleicht noch verfügbare und lustige domains:
- bsd co it
- bsd promo
- biesdi de
- beasde
- beasde
bsd space- jail me it
- jail zone
Ansible bei FreeBSD
Ansible Installation
pkg install ansible
Message from ansible-2.2.1.0: =============================================================================== To use Ansible, you need at least a host database. If you installed examples, you will have a sample host database and a sample configuration file: /usr/local/share/examples/ansible/hosts /usr/local/share/examples/ansible/ansible.cfg To use Ansible to control FreeBSD hosts, you need to install the lang/python package on remote machines. To use Ansible to control systems other than FreeBSD, set the Python interpreter in the host database for that system. Example: [freebsd] host1 host2 [centos] host3 host4 [centos:vars] ansible_python_interpreter=/usr/bin/python Python notes: Python 3.x support is BETA. Most modules should work and important ones have been audited and tested. If you have issues with Python 3, please set ansible_python_interpreter=/usr/local/bin/python2 Ansible 2 requires that lang/python port is built with SEM option enabled, which is the default ===============================================================================
- SEM for python
- pkg query %Ok python
- pkg query %do python
lang/python27 lang/python2
- pkg query %Ok python27
DEBUG IPV6 LIBFFI NLS PYMALLOC SEM THREADS UCS2 UCS4
- pkg query %Ok python2
- pkg query %do python2
lang/python27
- paramiko as part of ansible
- Die Verwendung von paramiko wird von ansible empfohlen.
- pkg install -y py27-paramiko
The most recent version of packages are already installed
Ansible Konfiguration
Ansible Weblinks
- https://docs.ansible.com/ansible/intro_bsd.html
- https://docs.ansible.com/ansible/galaxy.html
- https://galaxy.ansible.com/list#/roles?platforms=FreeBSD
- https://galaxy.ansible.com/list#/roles?platforms=GenericBSD
- https://galaxy.ansible.com/list#/roles?platforms=GenericUNIX
- https://docs.ansible.com/ansible/playbooks_best_practices.html
- https://www.ansible.com/blog/ansible-best-practices-essentials
- https://it-helden.de/automatisierung-mit-ansible/
- kurze Vorstellung/Erklärung/Einführung für andere Interessierte
SaltStack bei FreeBSD
SaltStack Installation
- eigentlich nur
pkg install -y py27-salt
- Aber SaltStack bietet auch direkt eigene (fertige) Pakete für FreeBSD an.
cat /usr/local/etc/pkg/repos/FreeBSD.conf
FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/freebsd:10:x86:64/latest", mirror_type: "srv", enabled: yes }
$EDITOR /usr/local/etc/pkg/repos/saltstack.conf
saltstack: { url: "https://repo.saltstack.com/freebsd/${ABI}/", enabled: yes }
- Kornkurierende Pakete von SaltStack und FreeBSD
pkg search py27-salt
py27-salt-2016.11.1_1 Distributed remote execution and configuration management system py27-salt-2016.11.0 Distributed remote execution and configuration management system
- Zur großen Überraschung wirken die Pakete von FreeBSD neuer als die von SaltStack angeboten werden.
- von FreeBSD
pkg install py27-salt-2016.11.1_1
The following 30 package(s) will be affected (of 0 checked): New packages to be INSTALLED: py27-salt: 2016.11.1_1 [FreeBSD] py27-setuptools27: 32.1.0 [FreeBSD] py27-requests: 2.11.1 [FreeBSD] py27-enum34: 1.1.6 [FreeBSD] py27-yaml: 3.11_2 [FreeBSD] py27-progressbar: 2.3_2 [FreeBSD] py27-pycrypto: 2.6.1_1 [FreeBSD] gmp: 6.1.2 [FreeBSD] py27-Jinja2: 2.8 [FreeBSD] py27-Babel: 2.3.4 [FreeBSD] py27-pytz: 2016.10,1 [FreeBSD] py27-MarkupSafe: 0.23_1 [FreeBSD] py27-botocore: 1.5.6 [FreeBSD] py27-docutils: 0.13.1 [FreeBSD] py27-jmespath: 0.9.0_1 [FreeBSD] py27-dateutil: 2.5.3 [FreeBSD] py27-six: 1.10.0 [FreeBSD] py27-msgpack-python: 0.4.7 [FreeBSD] py27-libcloud: 1.5.0 [FreeBSD] py27-futures: 3.0.5 [FreeBSD] py27-tornado: 4.4.2 [FreeBSD] py27-singledispatch: 3.4.0.3_1 [FreeBSD] py27-certifi: 2017.1.23 [FreeBSD] py27-backports_abc: 0.5 [FreeBSD] py27-pyzmq: 16.0.2 [FreeBSD] libzmq4: 4.1.5 [saltstack] openpgm: 5.2.122_2 [FreeBSD] norm: 1.5r6 [FreeBSD] libsodium: 1.0.11_1 [FreeBSD] python2: 2_3 [FreeBSD]
- von SaltStack
pkg install py27-salt-2016.11.0
The following 32 package(s) will be affected (of 0 checked): New packages to be INSTALLED: py27-salt: 2016.11.0 [saltstack] py27-setuptools27: 28.1.0 [saltstack] py27-requests: 2.11.1 [saltstack] py27-enum34: 1.1.6 [saltstack] py27-yaml: 3.11_2 [saltstack] libyaml: 0.1.6_2 [saltstack] py27-progressbar: 2.3_2 [saltstack] py27-pycrypto: 2.6.1_1 [saltstack] gmp: 5.1.3_3 [saltstack] py27-Jinja2: 2.8 [saltstack] py27-Babel: 2.3.4 [saltstack] py27-pytz: 2016.7,1 [saltstack] py27-MarkupSafe: 0.23 [saltstack] py27-botocore: 1.4.77 [saltstack] py27-docutils: 0.12_1 [saltstack] py27-pygments: 2.1.3 [saltstack] py27-jmespath: 0.9.0 [saltstack] py27-dateutil: 2.5.3 [saltstack] py27-six: 1.10.0 [saltstack] py27-msgpack-python: 0.4.7 [saltstack] py27-libcloud: 1.3.0 [saltstack] py27-futures: 3.0.5 [saltstack] py27-tornado: 4.4.2 [saltstack] py27-singledispatch: 3.4.0.3_1 [saltstack] py27-certifi: 2016.2.28 [saltstack] py27-backports_abc: 0.5 [saltstack] py27-pyzmq: 16.0.1 [saltstack] libzmq4: 4.1.5 [FreeBSD] openpgm: 5.2.122_2 [saltstack] norm: 1.5r6 [saltstack] libsodium: 1.0.11_1 [saltstack] python2: 2_3 [saltstack]
- aber dennoch letztlich
pkg install -y py27-salt
The following 30 package(s) will be affected (of 0 checked): New packages to be INSTALLED: py27-salt: 2016.11.1_1 [FreeBSD] py27-setuptools27: 32.1.0 [FreeBSD] py27-requests: 2.11.1 [FreeBSD] py27-enum34: 1.1.6 [FreeBSD] py27-yaml: 3.11_2 [FreeBSD] py27-progressbar: 2.3_2 [FreeBSD] py27-pycrypto: 2.6.1_1 [FreeBSD] gmp: 6.1.2 [FreeBSD] py27-Jinja2: 2.8 [FreeBSD] py27-Babel: 2.3.4 [FreeBSD] py27-pytz: 2016.10,1 [FreeBSD] py27-MarkupSafe: 0.23_1 [FreeBSD] py27-botocore: 1.5.6 [FreeBSD] py27-docutils: 0.13.1 [FreeBSD] py27-jmespath: 0.9.0_1 [FreeBSD] py27-dateutil: 2.5.3 [FreeBSD] py27-six: 1.10.0 [FreeBSD] py27-msgpack-python: 0.4.7 [FreeBSD] py27-libcloud: 1.5.0 [FreeBSD] py27-futures: 3.0.5 [FreeBSD] py27-tornado: 4.4.2 [FreeBSD] py27-singledispatch: 3.4.0.3_1 [FreeBSD] py27-certifi: 2017.1.23 [FreeBSD] py27-backports_abc: 0.5 [FreeBSD] py27-pyzmq: 16.0.2 [FreeBSD] libzmq4: 4.1.5 [saltstack] openpgm: 5.2.122_2 [FreeBSD] norm: 1.5r6 [FreeBSD] libsodium: 1.0.11_1 [FreeBSD] python2: 2_3 [FreeBSD]
Message from py27-salt-2016.11.1_1: =================================================================================================== To configure a Salt Master, do the following: o Copy /usr/local/etc/salt/master.sample to /usr/local/etc/salt/master o Update to meet your needs o sysrc salt_master_enable="YES" --------------------------------------------------------------------------------------------------- To configure a Salt Minion, do the following: o Copy /usr/local/etc/salt/minion.sample to /usr/local/etc/salt/minion o Update 'master: salt' to point to your Salt Master's hostname or IP o sysrc salt_minion_enable="YES" --------------------------------------------------------------------------------------------------- To configure a Salt Proxy Minion, do the following: o sysrc salt_proxy_enable="YES" o sysrc salt_proxy_list="" o Update the salt_proxy_list with the proxy minion name(s) ===================================================================================================
SaltStack Konfiguration
SaltStack Konfiguration master
SaltStack Konfiguration minion
cp /usr/local/etc/salt/minion.sample /usr/local/etc/salt/minion
cat /usr/local/etc/salt/minion
ls /usr/local/etc/salt/minion.d/
sysrc salt_minion_enable="YES"
service salt_minion start
service salt_minion status
service salt_minion stop
SaltStack Weblinks
- https://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html
- https://docs.saltstack.com/en/latest/topics/installation/index.html
- https://docs.saltstack.com/en/latest/topics/installation/freebsd.html
- https://docs.saltstack.com/en/latest/ref/configuration/index.html#configuring-salt
- https://repo.saltstack.com/freebsd/
- https://intothesaltmine.readthedocs.io/en/latest/chapters/installation/freebsd.html
- https://docs.saltstack.com/en/develop/topics/installation/freebsd.html
- https://saltstack.com/integrations/
- https://saltstack.com/wp-content/uploads/2016/08/SaltStack-Supported-Operating-Systems.pdf
good practice
- Sicherheit
- wikipedia:de:Center for Internet Security
- https://learn.cisecurity.org/benchmarks
- (wohl auch für FreeBSD)
- braucht Berechtigungen als root? Vielleicht einfach erst mal in einer jail (vielleicht als clone) testen (lassen).
- https://learn.cisecurity.org/benchmarks