General discussion about Chef

[chef] Re: Re: Re: Re: authentication of chef clients with a git repo


Chronological Thread 
  • From: Jacobo García < >
  • To:
  • Subject: [chef] Re: Re: Re: Re: authentication of chef clients with a git repo
  • Date: Thu, 15 Apr 2010 19:09:16 +0200
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding; b=HGiy7m95RD1xeS5REikyEz4h1u7Js9jRML2BrrNFlgZsoCvjoeRGGP+EwlPOOc9EWd kAFsooAR5VGF01M+yTDxSlndFsm9bbiZImWVCJ7ieB4ItLMuvNjk/Tm31gC0SnNpxSQI KmG39Gjwt0VaUYJQeaA2xTvY1q6zU9AKA4ozw=
I'll do that.

Thanks a lot.

Jacobo García López de Araujo
blog: http://robotplaysguitar.com
http://workingwithrails.com/person/13395-jacobo-garc-a




On Thu, Apr 15, 2010 at 7:00 PM, John Merrells 
< >
 wrote:
>
> On Apr 15, 2010, at 9:52 AM, Jacobo García wrote:
>
>> I'm thinking making a recipe that generates a ssh key on every client
>> for the shell user that runs chef-client (root in my case), so when
>> chef-client tries to pull the repo.
>>
>> This is what you refer?
>
>
> Yes.
>
> You'll also need the server key in the client's known_hosts file.
>
> Note that you might find it more manageable to have the same
> on all the client machines....
>
> I have a recipe which creates the same
>
> /root/.ssh/id_rsa
> /root/.ssh/id_rsa.pub
> /root/.ssh/knownhosts
>
> on all the machines that pull from the same repo. Which in my
> case is github.
>
> But, yes different keys everywhere would be more secure.
>
> John
>
> --
> John Merrells
> http://johnmerrells.com
> +1.415.244.5808
>
>
>
>
>
>
>

Archive powered by MHonArc 2.6.16.

§