On Mon, 2010-03-15 at 16:30 -0400, Mike McLean wrote: > On 03/15/2010 01:02 PM, Nathan Blackham wrote: > > I am trying to use kerberos all around, but I am looking at fall back > > methods. Also looking at automation of bringing up new build nodes. It > > seems easier to have the automation with certificates, but that is just > > after an initial look. > > I was about to write that on the koji side it's all equal work, though > depending on your situation creating a host ssl key might be easier then > creating a krb host principal (if for example, you aren't a kerberos admin). > > However, I realized that setting the krb_principal for the host entry in > the db might be a slight hassle. While the addHost call supports > specifying it, the cli command doesn't handle that optional arg. (I > think I'll fix that now). > > Even so, the code still sets a default krb_principal for the host based > on the HostPrincipalFormat hub config option and its hostname. If you > still to a standard naming scheme this should allow automation. Plus if > you really need to, you could call addHost via the call subcommand to > specify that third arg. > > That being said -- are you bringing so many hosts online that human > intervention is really a barrier? I'm curious why you need this.
No it is not the number of hosts. Initially it won't be that many. I just am on the mindset, that if it takes longer than a few minutes, and it is something that can be easily scripted/automated, why not spend the extra time to make sure that you don't have to do it again. Nathan
signature.asc
Description: This is a digitally signed message part
-- buildsys mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/buildsys
