Reading through your original post - I think there might be some confusion
as to what SaltStack does and what FAI does (if not, I apologize).
SaltStack is a configuration management tool that is normally used to
ensure the target minion's configuration is exactly as it should, while FAI
is a provis
On Fri, 2023-10-06 at 06:47 +0200, Diego Zuccato wrote:
> Il 05/10/2023 15:54, Laura Smith via linux-fai ha scritto:
> > Its been a while since I worked with Salt, but IIRC it sounds like what
> > is not "clicking" is that you need to fix the TOFU problem.
>
> Actually there are 2 distinct problem
Il 06/10/2023 10:36, Sinh Lam ha scritto:
Reading through your original post - I think there might be some
confusion as to what SaltStack does and what FAI does (if not, I
apologize). SaltStack is a configuration management tool that is
normally used to ensure the target minion's configuration
> On Fri, 06 Oct 2023 21:57:28 +1300, Andrew Ruthven
> said:
> This isn't ideal as the secrets are still present in the NFSROOT for a
short
> period of time, but does solve the chicken and egg issue others mentioned
This reminds me of a solution I once saw.
Put some info into a
I really like it a lot!
Not bulletproof but more secure than a file.
Still no way to have "hooks" run on FAI server?
Diego
Il 06/10/2023 11:18, Thomas Lange ha scritto:
On Fri, 06 Oct 2023 21:57:28 +1300, Andrew Ruthven said:
> This isn't ideal as the secrets are still present in the N
On Fri, 2023-10-06 at 11:36 +0200, Diego Zuccato wrote:
> I really like it a lot!
> Not bulletproof but more secure than a file.
>
> Still no way to have "hooks" run on FAI server?
We kind of do this, we call it Semi Automatic Installer (SAI). But the
problem is that you still need to have some c
On Fri, 2023-10-06 at 11:18 +0200, Thomas Lange wrote:
> > > > > > On Fri, 06 Oct 2023 21:57:28 +1300, Andrew Ruthven
> > > > > > said:
>
> > This isn't ideal as the secrets are still present in the NFSROOT for
> a short
> > period of time, but does solve the chicken and egg issue others
> On Oct 6, 2023, at 10:59, Diego Zuccato wrote:
>
> Il 06/10/2023 10:36, Sinh Lam ha scritto:
>> With the above said, I do not see what you mean there is a chicken and the
>> egg problem.
>
> To approve a minion key, Salt does have to trust the request is coming from
> the right minion, b
Il 06/10/2023 15:15, Johan Beisser ha scritto:
With that, on the salt-master, either autoaccept, or find a way to place the minion's
public key in `/etc/salt/pki/master/minions/` and that will bypass
the key acceptance entirely. Keys, inside of salt, are just managing where the file
sits unde
Moin,
On Thu, Oct 05, 2023 at 02:59:40PM +0200, Diego Zuccato wrote:
> Does someone use FAI to install the base system that will be managed by
> Salt?
Do you have a concrete reason for introducing Salt on top of FAI?
FAI can be used to do most of your configuration management via
``fai softupdate
On Fri, Oct 06, 2023 at 05:21:30PM +0200, Henning Glawe wrote:
> Do you have a concrete reason for introducing Salt on top of FAI?
I don't wanna speak for the original poster, but your question sounds a bit
like "Do you have a concrete reason for introducing LibreOffice on top of
this Unix system
Yes. They're different tools with different objectives. FAI excels at
reinstalling a system, but is not a configuration manager: say you have a
webserver (actually 3: dev, test and prod) and you need to change the PHP
version in use. Sure, you can reinstall from scratch with FAI, but why? Way
f
On Thu, Oct 5, 2023 at 9:00 AM Diego Zuccato wrote:
>
> My current idea is to use Salt to orchestrate the install, but maybe
> it's better left to FAI? How can I "pass around" minion key so I don't
> have to manually re-approve the new key every time?
This is how we manage it. FAI knows what our
Moin,
as I mentioned: check ``fai softupdate``, this feature of
FAI makes it a configuration manager.
Your running system gets updated to the state you define
in your FAI config without a downtime. No reinstall required.
p.s.: call me biased, as I implemented ``softupdate`` almost 20 years ago
On Fri, 2023-10-06 at 20:02 +0200, Henning Glawe wrote:
> p.s.: call me biased, as I implemented ``softupdate`` almost 20 years ago
> and use it since then as a configuration manager for a few 1k hosts in
> various contexts
softupdate is very handy. We used to use it at work (and I still do at hom
Il 06/10/2023 18:33, Matthew Pounsett ha scritto:
You could store the public
keys that FAI generates in a repository on the FAI server, and have it
trigger a Salt webhook to tell the master when it needs to retrieve
and install new ones.
I'll have to have a look at webhooks. Didn't considere '
16 matches
Mail list logo
