5

Every time I setup a new server, I follow a series of steps on each server in order to get updates, set passwd, remove login via root user, customize a familiar environment (bashrc) and secure the server.

Is it possible to do all that using a script? The setup could include:

  1. distro upgrades and updates

    apt-get update

    apt-get upgrade

  2. adding users

    adduser deployer

    adduser deployer sudo

    mkdir /home/deployer/.ssh

    chmod 700 /home/deployer/.ssh

    touch /home/deployer/.ssh/authorization_keys

    deployer passwd

    su deployer

    cd to /home/deployer/.ssh/

    sudo chown deployer .ssh/

  3. Executing commands on local machine:

    ssh-copy-id root@hostname.com

    ssh-copy-id deployer@hostname.com

  4. logging back onto server:

    chmod 400 /home/deployer/.ssh/authorized_keys

    chown deployer:deployer /home/deployer -R

5..6...7.. Customizing bashrc, editing sshd_config, installing ufw & logwatch

Jacob
  • 9,114
  • 4
  • 44
  • 56
CommonCents
  • 163
  • 1
  • 4

2 Answers2

6

Use a Kickstart or equivalent process to manage the build. Use a configuration management product like Puppet to deploy your settings.

You can also use a little bit of scripting magic to kick off the configuration management at the end of your build to make it a seamless experience.

My script sets a static IP, configures OSSEC and performs a couple puppet runs to sort out all the dependencies then runs a yum update (I'm primarily a CentOS user).

It's possible to cobble together other methods of getting the same results but I've found this to be the most flexible method I've worked with.

Tim Brigham
  • 15,465
  • 7
  • 72
  • 113
  • 2
    Cobbler all the things! – Scott Pack Apr 03 '13 at 17:07
  • @ScottPack - yeah, I looked Cobbler a while ago. I already Puppet, Kickstart and PXEBoot running for other things. Didn't see a reason to change. Didn't want to comment on a package I don't actively use. – Tim Brigham Apr 03 '13 at 18:26
  • Yeah, cobbler is nice, but really all it does is templatize your kickstarts so they can be programmatically built on the fly. Not much different from the erb templates in puppet. – Scott Pack Apr 04 '13 at 12:39
2

Kickstart/Jumpstart, Chef (including chef-solo), Puppet, Salt, shell-scripts, and higher-level scripting languages can all be used to solve this problem.

Honestly, it looks like you have a decent beginnings of a shell script. Start there, and if complexity ramps up, either iterate or look into a beefier product. Personally I've had good experience with Chef.

The key to automating all-the-things is to start small; you don't have to go whole-hog into automation. Pick one pain-point, and make that better. Pick another, repeat.

gWaldo
  • 11,887
  • 8
  • 41
  • 68