Google
  Web www.spinics.net

Re: kickstarts, installs and root ssh keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Tue, 10 Apr 2012 17:11:14 -0400
seth vidal <skvidal@xxxxxxxxxxxxxxxxx> wrote:

> 
> Hi all,
> 
>  Need some feedback. Since I've been playing with/working on
> ansible(http://ansible.github.com) it has raised some questions as to
> what we will allow/not allow for setting up hosts.
> 
> Here's what I'd like to do:
> 
> 1. allow lockbox01-only and ssh-key-only access, as root, via ssh to
> our systems. This would be an ssh key only on lockbox and owned by
> root (or possibly by sysadmin-main or other localgroup - like the
> private git repo).
> 
> 2. have the root authorized_keys be available from
> infrastructure.fedoraproject.org via http (restricted to the hosts we
> allow, of course)
> 
> 3. setup our kickstart %post to suck down these keys.
> 
> This will enable me to streamline our installation process
> considerably. Right now there are a number of manual steps in our
> reinstall process. These manual steps are.... errorprone. I'd like to
> eliminate them.

...snip...

So, to be clear this is not replacing puppet or anything, simply making
our re-install/installs more automated, right?

I'm ok with this. We should also make sure access using this is logged
and appears in our usual reports so we can keep an eye on it. 

kevin

Attachment: signature.asc
Description: PGP signature

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

[Home]     [Fedora Users]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Red Hat 9 Bible]     [Fedora Bible]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]

Powered by Linux

Google
  Web www.spinics.net