http://blog.brachium-system.net/ Weblog of an System Engineer en Serendipity 1.5.1 - http://www.s9y.org/ http://blog.brachium-system.net/templates/default/img/s9y_banner_small.png http://blog.brachium-system.net/ 100 21 http://blog.brachium-system.net/archives/125-3DM2-Etch-repository-removed.html debian work http://blog.brachium-system.net/archives/125-3DM2-Etch-repository-removed.html#comments http://blog.brachium-system.net/wfwcomment.php?cid=125 0 http://blog.brachium-system.net/rss.php?version=2.0&type=comments&cid=125 nospam@example.com (Jonas Genannt) The repository 3DM2/CLI for Etch was removed from <a href="http://jonas.genannt.name">http://jonas.genannt.name</a>.<br /> <br /> Thanks to <a href="http://www.ip-exchange.de/de/none/unternehmen/unser_business.html">IP Exchange GmbH</a> for sponsoring my Debian packages. Tue, 30 Aug 2011 14:53:15 +0200 http://blog.brachium-system.net/archives/125-guid.html http://blog.brachium-system.net/archives/123-SSH-public-key-distribution-with-puppet.html debian puppet work http://blog.brachium-system.net/archives/123-SSH-public-key-distribution-with-puppet.html#comments http://blog.brachium-system.net/wfwcomment.php?cid=123 0 http://blog.brachium-system.net/rss.php?version=2.0&type=comments&cid=123 nospam@example.com (Jonas Genannt) The last years I have used several tools to distribute the public ssh keys of my users across the servers but they don't fit anymore. I use puppet for my infrastructure but the build in puppet feature <em>ssh_authorized_key</em> does not fit.<br /> <br /> I have different users across my servers and same users on many servers (e.g. web farms).<br /> <br /> One public ssh key can be an member of:<ul><br /> <li>an ssh public key group that is mapped to an user on an server</li><br /> <li>an ssh public key group that is mapped to an user on an sever group</li><br /> <li>an user mapped to an server</li><br /> <li>an user mapped to an server group</li><br /> </ul><br /> <a class="serendipity_image_link" href='http://blog.brachium-system.net/uploads/sshkeys1.jpeg'><!-- s9ymdb:55 --><img class="serendipity_image_left" width="512" height="257" src="http://blog.brachium-system.net/uploads/sshkeys1.jpeg" alt="" /></a><br clear="both"/><br /> I have created an <a href="https://github.com/hggh/servermgmt" title="ServerMGMT">Webapp</a> with an ajax interface. You can drag &amp; drop the ssh key groups or ssh keys to an user.<br /> <br /> The key will be deployed via an puppet parser function, you need the storeconfig feature in puppet.<br /> <br /> The webapp has got an own database (postgres) but you can merge the puppet storeconfig database to the server manager database (via an rake task). If you specify an regular expression on your server groups, an new merged server will be automatically added to the group and on the next run of puppet the keys from the server group will be deployed without any action from you.<br /> <br /> Puppet stuff:<ul><br /> <li><a href="https://github.com/hggh/servermgmt/blob/master/doc/puppet/modules/ssh/manifests/init.pp" title="Puppet SSH module">puppet module</a></li><br /> <li><a href="https://github.com/hggh/servermgmt/blob/master/extra/puppet/lib/ssh_public_keys.rb">puppet function to fetch the keys from the webapp</a></li><br /> <li><a href="https://github.com/hggh/servermgmt/blob/master/extra/facter/users.rb">fact to fetch existing users on the servers</a> (not needed, but features auto complete in the app) </li><br /> </ul><br /> <a class="serendipity_image_link" href='http://blog.brachium-system.net/uploads/sgmt_sshkey.jpg'><!-- s9ymdb:56 --><img class="serendipity_image_left" width="330" height="213" src="http://blog.brachium-system.net/uploads/sgmt_sshkey.jpg" alt="" /></a><br /> <br clear="both"/><br /> drag &amp; drop the ssh keys or the ssh key groups from right to left into the users on the servers or server groups<br /> <br /> <br /> <iframe src="http://player.vimeo.com/video/24034056?title=0&amp;byline=0&amp;portrait=0" width="400" height="300" frameborder="0"></iframe><p><a href="http://vimeo.com/24034056">public ssh key distribution with puppet and ajax interface</a> from <a href="http://vimeo.com/user3233269">Jonas</a> on <a href="http://vimeo.com">Vimeo</a>.</p><br /> Sat, 21 May 2011 03:51:00 +0200 http://blog.brachium-system.net/archives/123-guid.html http://blog.brachium-system.net/archives/118-Postfix-as-backup-MX-with-Postgrey.html debian spam xen http://blog.brachium-system.net/archives/118-Postfix-as-backup-MX-with-Postgrey.html#comments http://blog.brachium-system.net/wfwcomment.php?cid=118 0 http://blog.brachium-system.net/rss.php?version=2.0&type=comments&cid=118 nospam@example.com (Jonas Genannt) For keeping that stuff in my mind:<blockquote><br /> smtpd_client_restrictions = check_policy_service inet:127.0.0.1:60000<br /> smtpd_recipient_restrictions = permit_mynetworks,permit_mx_backup, reject_unauth_destination<br /> permit_mx_backup_networks = 10.0.0.0/16<br /> </blockquote> Thu, 09 Sep 2010 21:42:34 +0200 http://blog.brachium-system.net/archives/118-guid.html