FAI + SaltStack anybody?
Andrew Ruthven
andrew at etc.gen.nz
Fri Oct 6 12:12:48 CEST 2023
On Fri, 2023-10-06 at 11:18 +0200, Thomas Lange wrote:
> > > > > > On Fri, 06 Oct 2023 21:57:28 +1300, Andrew Ruthven
> > > > > > <andrew at etc.gen.nz> said:
>
> > This isn't ideal as the secrets are still present in the NFSROOT for
> a short
> > period of time, but does solve the chicken and egg issue others
> mentioned
> This reminds me of a solution I once saw.
> Put some info into a fifo (named pipe), so only one receiver can read
> it. After that the fifo is empty.
>
> What about having a daemon on the FAI server which serves some secrect
> using:
> echo secrect | nc -p 12345 -l
>
> So only one FAI client can read the secrect from port 12345 once.
> This may help a little bit.
This could help. It could also do some level of validation of the IP/MAC
that the request is coming from, especially if you've used fai-chboot. Again
not ideal, but better.
The thing I like about my solution is that fcopy just works. :)
Cheers,
Andrew
--
Andrew Ruthven, Wellington, New Zealand
andrew at etc.gen.nz |
Catalyst Cloud: | This space intentionally left blank
https://catalystcloud.nz |
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.uni-koeln.de/pipermail/linux-fai/attachments/20231006/8879314f/attachment.html>
More information about the linux-fai
mailing list