Date
1 - 8 of 8
best way to achive password-less ssh between bosh vms
|
ramonskie
is there a nice way to achieve password-less ssh between each bosh job/vm
the only option i could think of is just generate a new ssh key and hardcode it a package. but this is a bit hacky any other idea's? -- View this message in context: http://cf-bosh.70367.x6.nabble.com/best-way-to-achive-password-less-ssh-between-bosh-vms-tp493.html Sent from the CF BOSH mailing list archive at Nabble.com. |
|
|
|
Gwenn Etourneau
Just a question why using a password less ?
toggle quoted message
Show quoted text
On Tue, Jul 21, 2015 at 8:28 PM, ramonskie <ramon.makkelie(a)klm.com> wrote:
is there a nice way to achieve password-less ssh between each bosh job/vm |
|
|
|
ramonskie
i wanted to create a postgres cluster with pgpool 2
toggle quoted message
Show quoted text
and this requires passwordless ssh/scp access -----Original Message-----
From: Gwenn Etourneau [via CF BOSH] <ml-node+s70367n498h26(a)n6.nabble.com<mailto:%22Gwenn%20Etourneau%20%5bvia%20CF%20BOSH%5d%22%20%3cml-node+s70367n498h26(a)n6.nabble.com%3e>> To: ramonskie <ramon.makkelie(a)klm.com<mailto:ramonskie%20%3cramon.makkelie(a)klm.com%3e>> Subject: Re: [cf-bosh] best way to achive password-less ssh between bosh vms Date: Tue, 21 Jul 2015 18:52:52 -0700 Just a question why using a password less ? On Tue, Jul 21, 2015 at 8:28 PM, ramonskie <[hidden email]</user/SendEmail.jtp?type=node&node=498&i=0>> wrote: is there a nice way to achieve password-less ssh between each bosh job/vm the only option i could think of is just generate a new ssh key and hardcode it a package. but this is a bit hacky any other idea's? -- View this message in context: http://cf-bosh.70367.x6.nabble.com/best-way-to-achive-password-less-ssh-between-bosh-vms-tp493.html Sent from the CF BOSH mailing list archive at Nabble.com. _______________________________________________ cf-bosh mailing list [hidden email]</user/SendEmail.jtp?type=node&node=498&i=1> https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh _______________________________________________ cf-bosh mailing list [hidden email]</user/SendEmail.jtp?type=node&node=498&i=2> https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh ________________________________ If you reply to this email, your message will be added to the discussion below: http://cf-bosh.70367.x6.nabble.com/best-way-to-achive-password-less-ssh-between-bosh-vms-tp493p498.html To unsubscribe from best way to achive password-less ssh between bosh vms, click here<http://cf-bosh.70367.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=493&code=cmFtb24ubWFra2VsaWVAa2xtLmNvbXw0OTN8ODk3OTU0NTE3>. NAML<http://cf-bosh.70367.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> ******************************************************** For information, services and offers, please visit our web site: http://www.klm.com. This e-mail and any attachment may contain confidential and privileged material intended for the addressee only. If you are not the addressee, you are notified that no part of the e-mail or any attachment may be disclosed, copied or distributed, and that any other action related to this e-mail or attachment is strictly prohibited, and may be unlawful. If you have received this e-mail by error, please notify the sender immediately by return e-mail, and delete this message. Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its employees shall not be liable for the incorrect or incomplete transmission of this e-mail or any attachments, nor responsible for any delay in receipt. Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch Airlines) is registered in Amstelveen, The Netherlands, with registered number 33014286 ******************************************************** -- View this message in context: http://cf-bosh.70367.x6.nabble.com/best-way-to-achive-password-less-ssh-between-bosh-vms-tp493p501.html Sent from the CF BOSH mailing list archive at Nabble.com. |
|
|
|
Aleksey Zalesov
You can put your public and private keys to the manifest like it is done for
HAProxy <https://github.com/cloudfoundry-community/cf-boshworkspace/blob/master/templates/cf-use-haproxy.yml#L84-L112> . -- View this message in context: http://cf-bosh.70367.x6.nabble.com/best-way-to-achive-password-less-ssh-between-bosh-vms-tp493p502.html Sent from the CF BOSH mailing list archive at Nabble.com. |
|
|
|
Gwenn Etourneau
Thanks but I did'nt know that ssh was required for pgpool replication ...
toggle quoted message
Show quoted text
I think you can use the user:md5password method for the loadbalancing and replication.. On Wed, Jul 22, 2015 at 6:25 PM, lexsys <aleksey.zalesov(a)altoros.com> wrote:
You can put your public and private keys to the manifest like it is done |
|
|
|
Alex Lomoff <lomov.as@...>
There is also a way how automate insertion ssh key to manifest. For instance logstash boshrelease use ERB to print config file content to manifest file.
toggle quoted message
Show quoted text
https://github.com/logsearch/logsearch-boshrelease/blob/b104a599d6084c90f140f97365d544b0cb518d71/ci/tasks/standalone-test/deployment.yml#L49 <https://github.com/logsearch/logsearch-boshrelease/blob/b104a599d6084c90f140f97365d544b0cb518d71/ci/tasks/standalone-test/deployment.yml#L49> To use this approach you’ll need to run `erb original-manifest.yml > final-manifest.yml` command. On Jul 22, 2015, at 12:25 PM, lexsys <aleksey.zalesov(a)altoros.com> wrote: |
|
|
|
ramonskie
couldn't find that in there crappy documentation [:(]
toggle quoted message
Show quoted text
but thanks for the suggestion -----Original Message-----
From: Gwenn Etourneau [via CF BOSH] <ml-node+s70367n503h81(a)n6.nabble.com<mailto:%22Gwenn%20Etourneau%20%5bvia%20CF%20BOSH%5d%22%20%3cml-node+s70367n503h81(a)n6.nabble.com%3e>> To: ramonskie <ramon.makkelie(a)klm.com<mailto:ramonskie%20%3cramon.makkelie(a)klm.com%3e>> Subject: Re: [cf-bosh] best way to achive password-less ssh between bosh vms Date: Wed, 22 Jul 2015 02:30:34 -0700 Thanks but I did'nt know that ssh was required for pgpool replication ... I think you can use the user:md5password method for the loadbalancing and replication.. On Wed, Jul 22, 2015 at 6:25 PM, lexsys <[hidden email]</user/SendEmail.jtp?type=node&node=503&i=0>> wrote: You can put your public and private keys to the manifest like it is done for HAProxy <https://github.com/cloudfoundry-community/cf-boshworkspace/blob/master/templates/cf-use-haproxy.yml#L84-L112> . -- View this message in context: http://cf-bosh.70367.x6.nabble.com/best-way-to-achive-password-less-ssh-between-bosh-vms-tp493p502.html Sent from the CF BOSH mailing list archive at Nabble.com. _______________________________________________ cf-bosh mailing list [hidden email]</user/SendEmail.jtp?type=node&node=503&i=1> https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh _______________________________________________ cf-bosh mailing list [hidden email]</user/SendEmail.jtp?type=node&node=503&i=2> https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh ________________________________ If you reply to this email, your message will be added to the discussion below: http://cf-bosh.70367.x6.nabble.com/best-way-to-achive-password-less-ssh-between-bosh-vms-tp493p503.html To unsubscribe from best way to achive password-less ssh between bosh vms, click here<http://cf-bosh.70367.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=493&code=cmFtb24ubWFra2VsaWVAa2xtLmNvbXw0OTN8ODk3OTU0NTE3>. NAML<http://cf-bosh.70367.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> ******************************************************** For information, services and offers, please visit our web site: http://www.klm.com. This e-mail and any attachment may contain confidential and privileged material intended for the addressee only. If you are not the addressee, you are notified that no part of the e-mail or any attachment may be disclosed, copied or distributed, and that any other action related to this e-mail or attachment is strictly prohibited, and may be unlawful. If you have received this e-mail by error, please notify the sender immediately by return e-mail, and delete this message. Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its employees shall not be liable for the incorrect or incomplete transmission of this e-mail or any attachments, nor responsible for any delay in receipt. Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch Airlines) is registered in Amstelveen, The Netherlands, with registered number 33014286 ******************************************************** face-sad.png (1K) <http://cf-bosh.70367.x6.nabble.com/attachment/505/0/face-sad.png> -- View this message in context: http://cf-bosh.70367.x6.nabble.com/best-way-to-achive-password-less-ssh-between-bosh-vms-tp493p505.html Sent from the CF BOSH mailing list archive at Nabble.com. |
|
|
|
Dr Nic Williams
I guess you need to setup the users & their shared keys within a job template
toggle quoted message
Show quoted text
On Wed, Jul 22, 2015 at 1:13 AM, ramonskie <ramon.makkelie(a)klm.com> wrote:
i wanted to create a postgres cluster with pgpool 2 |
|
|