Project

General

Profile

Feature #11633

Template snippets and support for automatically adding ssh keys to provisioned hosts

Added by Mike McCune almost 7 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Category:
-
Difficulty:
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

Provide a method for automatically adding ssh keys to the authorized_keys on hosts that are provisioned via Foreman with the Remote Execution plugin enabled.

Optionally also include the necessary package installations for various operating systems to ensure that SSH is installed and available.


Related issues

Related to Foreman - Refactor #12243: Make Foreman KeyPair reusuable by other modelsNew2015-10-21
Related to Foreman - Feature #12330: Support plugin snippets in templatesNew

Associated revisions

Revision dc42bc9e (diff)
Added by Stephen Benjamin almost 7 years ago

refs #11633 - template support for deploying ssh keys

Revision 3e6c37a7
Added by Stephen Benjamin almost 7 years ago

Merge pull request #55 from stbenjam/11633

refs #11633 - template support for deploying ssh keys

History

#1 Updated by Marek Hulán almost 7 years ago

This also mean we have to introduce private key management in Foreman, the key can differ per user/hostgroup/host etc. We could use parameters as a storage but private keys are sensitive data and parameters do not help with different key per user scenario.

#2 Updated by Stephen Benjamin almost 7 years ago

Is there a story for per-foreman user keys to hosts? I would think we have one key per smart proxy, and use foreman access control/auditing for users.

#3 Updated by Marek Hulán almost 7 years ago

There's no story about this in the original design AFAIK but it seems natural to support more keys for one proxy. Maybe per user is too much for now, but I don't see big difference.

#4 Updated by Stephen Benjamin almost 7 years ago

I view an SSH keypair for a proxy similar to a client SSL certificate - its the cryptographic identity of that particular proxy, what's the use case for having more than one?

I would suggest the default setup be each proxy has only one keypair.

#5 Updated by Marek Hulán almost 7 years ago

By more keys for one proxy I meant more keys can be used through one proxy, sorry for bad wording. The idea is that every user would use his own private key (or each host, hostgroup, location, ...) so when one key is compromised, not the whole infrastructure is compromised. Also it would add additional level of granularity, so you could limit users <-> targets access. Anyway it's probably more like "would be nice" or "food for thought" in this phase.

#6 Updated by Ivan Necas almost 7 years ago

  • Target version set to 87

#7 Updated by Stephen Benjamin almost 7 years ago

  • Assignee set to Stephen Benjamin

#8 Updated by The Foreman Bot almost 7 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman_remote_execution/pull/55 added
  • Pull request deleted ()

#9 Updated by Stephen Benjamin almost 7 years ago

  • Related to Refactor #12243: Make Foreman KeyPair reusuable by other models added

#10 Updated by Marek Hulán almost 7 years ago

  • Related to Feature #12330: Support plugin snippets in templates added

#11 Updated by Marek Hulán almost 7 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
  • Legacy Backlogs Release (now unused) set to 103

Also available in: Atom PDF