![]() Turns out this was not my best ever idea.Īll sorts of surprising packages were marked optional or extra and were thus unceremoniously removed, including: I spent some time and made a few spreadsheets trying to figure out what all the mystery packages were before I got bored and had the bright idea of leveraging Ubuntu’s package rating system: all packages are labelled as one of: required, important, standard, optional, or extra.ĭpkg-query -Wf '$' | xargs -I % sudo apt-get -y purge % And of the ones I had heard of, I was further surprised how many seemed, well, superfluous. My first port of call: what packages are pre-installed in an Ubuntu minimal-server? Inspection via $apt list -installed or $ dpkg-query -W showed over 2000 packages, and of those I was surprised how many I’d never heard of. After that we deploy everything using Terraform, so it’s a quick turnaround from code commit to running instance. We use Packer to build our AMIs, Ansible to set them up and Serverspec to test them, so building AMIs is a pretty fast process, typically taking about five minutes. Had it not been for these constraints, there might be better OSs to start with, such as Alpine Linux.Īdditionally, we run everything in AWS so one or two points of the following are AWS-specific, but based on a lot of conversations it seems that the bastion problem is one that affects a much wider range of architectures. Beyond that, I personally have a lot more experience with Ubuntu than I do with any other OS.įor these reasons we decided to base the bastion on a minimal Ubuntu install, strip out as many packages as possible, add some extra security, and make a golden image bastion AMI. Our technology stack uses Ubuntu exclusively, and we wanted the bastion to be compatible with the various services we already deploy, such as Consul, Ansible, and Filebeat. How hard could making such a bastion possibly be? Constraints and processes
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |