Hello,Thank you for the replies! I tried to replicate your setup with the following;[root@cobbler ~]# cat /var/lib/cobbler/triggers/install/post/chef-key.sh #!/bin/bash/usr/bin/scp -i /root/.ssh/id_rsa -o "StrictHostKeyChecking no" -p /root/chef.key ${3}:/root/chef.keyUsing Ubuntu 16.04 preseed with the following post install commands;d-i preseed/late_command string in-target /usr/bin/ssh-keygen -f /root/.ssh/id_rsa -t rsa -N '' ; \echo 'ssh-rsa $COBBLER_PUBLIC_KEY cobbler' > /target/root/.ssh/authorized_keys ; \ mkdir -p /target/var/run/sshd ; \in-target /usr/sbin/sshd ; \wget -O- http://$http_server/cblr/svc/op/script/$what/$name/?script= preseed_late_default | chroot /target /bin/sh -s ; \ in-target wget http://$http_server/xenial-sources.list -O /etc/apt/sources.list ; However I am getting a lost connection whenever it tries to run the post trigger;Tue Nov 1 23:41:58 2016 - DEBUG | running shell triggers from /var/lib/cobbler/triggers/install/post/* Tue Nov 1 23:41:58 2016 - DEBUG | running shell trigger /var/lib/cobbler/triggers/install/post/chef-key.sh Tue Nov 1 23:41:58 2016 - INFO | running: ['/var/lib/cobbler/triggers/install/post/chef-key.sh', 'system', 'cobbler-test', '192.168.1.50'] Tue Nov 1 23:42:13 2016 - INFO | received on stdout:Tue Nov 1 23:42:13 2016 - DEBUG | received on stderr: ssh_exchange_identification: read: Connection reset by peerlost connectionI inserted a sleep after the final post command and I could manually run the scp command fine while the system was still in the "running preseed" stage.[root@cobbler ~]# /var/lib/cobbler/triggers/install/post/chef-key.sh system cobbler-test 192.168.1.50 ...Add correct host key in /root/.ssh/known_hosts to get rid of this message.Offending ECDSA key in /root/.ssh/known_hosts:1Password authentication is disabled to avoid man-in-the-middle attacks.Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.chef.key 100% 1679 1.6KB/s 00:00Thanks for your help!On Wed, Oct 26, 2016 at 6:51 PM, Orion Poplawski <orion@cora.nwra.com> wrote:I fire up sshd on my target system in %post:On 10/25/2016 09:49 PM, Tyler Wilson wrote:
Hey All,
New Cobbler user here. What is the best method of ensuring deployed
nodes have sensitive keys (chef keys, ssh, etc) securely uploaded when
completed? Am I able to send them securely from the cobbler host somehow?
Thanks for any and all tips!
# Create temporary host key(s)
# EL7
/usr/sbin/sshd-keygen
# Fedora
/usr/libexec/openssh/sshd-keygen rsa
# Start sshd so that we can copy over the ansible key in the cobbler post trigger
/usr/sbin/sshd
Then I have a cobbler install trigger copy the ssh key over:
# cat /var/lib/cobbler/triggers/install/post/ansible_key
#!/bin/bash
[ "$1" = system ] &&
/usr/bin/scp -i /root/.ssh/id_rsa_cobbler -o "StrictHostKeyChecking no" -p /root/.ssh/id_rsa_ansible ${2}:/root/.ssh/id_rsa_ansible
I suppose someone could the activate the trigger directly and receive the key, but this is the best that I was able to come up with.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane orion@cora.nwra.com
Boulder, CO 80301 http://www.cora.nwra.com
_______________________________________________
cobbler mailing list -- cobbler@lists.fedorahosted.org
To unsubscribe send an email to cobbler-leave@lists.fedorahosted.org