FAI + SaltStack anybody?
Diego Zuccato
diego.zuccato at unibo.it
Thu Oct 5 15:32:32 CEST 2023
Il 05/10/2023 15:17, Carsten Aulbert ha scritto:
> we usually try with the hardware level configuration being the "border",
> i.e. everything related to partitioning, initial OS install, at least
> initial networking set-up is done with FAI (well, and salt is installed
> configured as well).
Ok, that's good.
> Then FAI reboots the server and upon service start, the server starts a
> highstate and performs the remaining configuration.
Ok, no problem here.
> To set-up salt, we wrote our own script around fai-chboot which ssh into
> the salt-master, creates a keypair and copies the files to the
> appropriate places.
Uhm... I don't really like that ssh step. But probably can be
straightened out making salt get the pubkey from FAI's state.
> FAI will install the private key during the
> installation and the public key is already known on the master, no need
> to accept the keys anymore.
I like even less that the private key is passed from FAI to the target,
I'd prefer to only pass back the pubkey.
> Does that help a bit?
Yes, tks.
--
Diego Zuccato
DIFA - Dip. di Fisica e Astronomia
Servizi Informatici
Alma Mater Studiorum - Università di Bologna
V.le Berti-Pichat 6/2 - 40127 Bologna - Italy
tel.: +39 051 20 95786
More information about the linux-fai
mailing list