kickstarts, installs and root ssh keys
Kevin Fenzi
kevin at scrye.com
Tue Apr 10 21:37:18 UTC 2012
On Tue, 10 Apr 2012 17:11:14 -0400
seth vidal <skvidal at fedoraproject.org> wrote:
>
> Hi all,
>
> Need some feedback. Since I've been playing with/working on
> ansible(http://ansible.github.com) it has raised some questions as to
> what we will allow/not allow for setting up hosts.
>
> Here's what I'd like to do:
>
> 1. allow lockbox01-only and ssh-key-only access, as root, via ssh to
> our systems. This would be an ssh key only on lockbox and owned by
> root (or possibly by sysadmin-main or other localgroup - like the
> private git repo).
>
> 2. have the root authorized_keys be available from
> infrastructure.fedoraproject.org via http (restricted to the hosts we
> allow, of course)
>
> 3. setup our kickstart %post to suck down these keys.
>
> This will enable me to streamline our installation process
> considerably. Right now there are a number of manual steps in our
> reinstall process. These manual steps are.... errorprone. I'd like to
> eliminate them.
...snip...
So, to be clear this is not replacing puppet or anything, simply making
our re-install/installs more automated, right?
I'm ok with this. We should also make sure access using this is logged
and appears in our usual reports so we can keep an eye on it.
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20120410/b1476d54/attachment.sig>
More information about the infrastructure
mailing list