klenwell information services : FabSudo

Checklist

To generate random passwords

openssl rand -base64 12


On remote server, create user `devops` and add to `sudo` group

ssh klenwell@<remote-server>
sudo adduser devops
sudo usermod -a -G sudo devops

On remote server, enable passwordless sudo commands for `devops` user:

sudo visudo -f /etc/sudoers.d/devops

# Add these commands.
Cmnd_Alias DF = /bin/bash -l -c df*, /bin/df*
Cmnd_Alias MYSQLDUMP = /bin/bash -l -c mysqldump*, /usr/bin/mysqldump*
Cmnd_Alias RM = /bin/bash -l -c rm*, /bin/rm*
devops ALL = NOPASSWD: DF, MYSQLDUMP, RM


On local server, add `jenkins` user key to remote server

sudo su - jenkins
ssh-copy-id devops@<remote-server>


On remote server, disable `devops` password signin

References