On Tue, 10 Apr 2012 17:11:14 -0400 seth vidal <skvidal@xxxxxxxxxxxxxxxxx> wrote: > > Hi all, > > Need some feedback. Since I've been playing with/working on > ansible(http://ansible.github.com) it has raised some questions as to > what we will allow/not allow for setting up hosts. > > Here's what I'd like to do: > > 1. allow lockbox01-only and ssh-key-only access, as root, via ssh to > our systems. This would be an ssh key only on lockbox and owned by > root (or possibly by sysadmin-main or other localgroup - like the > private git repo). > > 2. have the root authorized_keys be available from > infrastructure.fedoraproject.org via http (restricted to the hosts we > allow, of course) > > 3. setup our kickstart %post to suck down these keys. > > This will enable me to streamline our installation process > considerably. Right now there are a number of manual steps in our > reinstall process. These manual steps are.... errorprone. I'd like to > eliminate them. ...snip... So, to be clear this is not replacing puppet or anything, simply making our re-install/installs more automated, right? I'm ok with this. We should also make sure access using this is logged and appears in our usual reports so we can keep an eye on it. kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure