Once upon a time, Stephen John Smoogen <smooge@xxxxxxxxx> said: > So a lot of sites have set up that you remotely kickstart a system and then > ansible in as root with the rest of the configurations. It is the biggest > reason we have been keeping this as active for a long time. You are > breaking all those configs with a 'oh you can just login on a local > console'. That kickstart may not have any of that.. and the last thing a > sysadmin wants when they are building 4000 nodes somewhere is find out that > they need to add another 20 steps to their post.. Well, I'd assume before building 4000 nodes, they'd test the kickstart (I test mine extensively on VMs before using on a real box). It isn't "another 20 steps" - either a sed one-liner to allow root or a mkdir and a echo to add an SSH key (which you'd probably do anyway if you're doing the rest with Ansible). > Make it a predefined kickstart thing they can do so all they have to do is > add a line in it that says > > ssh_remote --user=<account> --keyfile=<url> --yesIwantrootandIknowitsbad If this is the desired path, I'd go with a couple of additional arguments to existing directives: --enablerootssh (for rootpw or maybe auth?) --sshkey (for both rootpw and user directives) No matter if this proposal is done, having an --sshkey option would be nice, especially for Ansible use. I think this OpenSSH change to follow upstream (and many other OS) config is a good and overdue thing. -- Chris Adams <linux@xxxxxxxxxxx> _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
