Il 05/10/2023 15:17, Carsten Aulbert ha scritto:
we usually try with the hardware level configuration being the "border",
i.e. everything related to partitioning, initial OS install, at least
initial networking set-up is done with FAI (well, and salt is installed
configured as well).
Ok, that's good.
Then FAI reboots the server and upon service start, the server starts a
highstate and performs the remaining configuration.
Ok, no problem here.
To set-up salt, we wrote our own script around fai-chboot which ssh into
the salt-master, creates a keypair and copies the files to the
appropriate places.
Uhm... I don't really like that ssh step. But probably can be
straightened out making salt get the pubkey from FAI's state.
FAI will install the private key during the
installation and the public key is already known on the master, no need
to accept the keys anymore.
I like even less that the private key is passed from FAI to the target,
I'd prefer to only pass back the pubkey.
Does that help a bit?
Yes, tks.
--
Diego Zuccato
DIFA - Dip. di Fisica e Astronomia
Servizi Informatici
Alma Mater Studiorum - Università di Bologna
V.le Berti-Pichat 6/2 - 40127 Bologna - Italy
tel.: +39 051 20 95786
