FAI + SaltStack anybody?
Diego Zuccato
diego.zuccato at unibo.it
Fri Oct 6 11:36:24 CEST 2023
I really like it a lot!
Not bulletproof but more secure than a file.
Still no way to have "hooks" run on FAI server?
Diego
Il 06/10/2023 11:18, Thomas Lange ha scritto:
>>>>>> On Fri, 06 Oct 2023 21:57:28 +1300, Andrew Ruthven <andrew at etc.gen.nz> said:
>
> > This isn't ideal as the secrets are still present in the NFSROOT for a short
> > period of time, but does solve the chicken and egg issue others mentioned
> This reminds me of a solution I once saw.
> Put some info into a fifo (named pipe), so only one receiver can read
> it. After that the fifo is empty.
>
> What about having a daemon on the FAI server which serves some secrect
> using:
> echo secrect | nc -p 12345 -l
>
> So only one FAI client can read the secrect from port 12345 once.
> This may help a little bit.
--
Diego Zuccato
DIFA - Dip. di Fisica e Astronomia
Servizi Informatici
Alma Mater Studiorum - Università di Bologna
V.le Berti-Pichat 6/2 - 40127 Bologna - Italy
tel.: +39 051 20 95786
More information about the linux-fai
mailing list