On 10/25/2016 09:49 PM, Tyler Wilson wrote:
Hey All,
New Cobbler user here. What is the best method of ensuring deployed
nodes have sensitive keys (chef keys, ssh, etc) securely uploaded when
completed? Am I able to send them securely from the cobbler host somehow?
Thanks for any and all tips!
I fire up sshd on my target system in %post:
# Create temporary host key(s)
# EL7
/usr/sbin/sshd-keygen
# Fedora
/usr/libexec/openssh/sshd-keygen rsa
# Start sshd so that we can copy over the ansible key in the cobbler
post trigger
/usr/sbin/sshd
Then I have a cobbler install trigger copy the ssh key over:
# cat /var/lib/cobbler/triggers/install/post/ansible_key
#!/bin/bash
[ "$1" = system ] &&
/usr/bin/scp -i /root/.ssh/id_rsa_cobbler -o "StrictHostKeyChecking
no" -p /root/.ssh/id_rsa_ansible ${2}:/root/.ssh/id_rsa_ansible
I suppose someone could the activate the trigger directly and receive
the key, but this is the best that I was able to come up with.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane or...@cora.nwra.com
Boulder, CO 80301 http://www.cora.nwra.com
_______________________________________________
cobbler mailing list -- cobbler@lists.fedorahosted.org
To unsubscribe send an email to cobbler-le...@lists.fedorahosted.org