search

andrewchilds / overcast

Orchestrate VMs from your terminal
MIT License
478 stars 36 forks source link

References to PEM files should work when relative #27

Closed svperfecta closed 9 years ago

svperfecta commented 9 years ago

We really dig overcast, and we've started committing some of the files to our repositories so the ops related tools are alongside the code.

Overcast doesn't seem to like complex file path for PEM files. For instance, using $HOME doesn't work as expected. The result is that currently team members must maintain their own clusters.json file. It would be nice if we could support things like ~/.ssh and $HOME.

andrewchilds commented 9 years ago

Thanks Brian! Adding support for ~/ and $HOME should be straightforward.

Overcast does support paths that are relative to the current /path/to/.overcast/keys directory (be it your home directory or some repo), so setting your ssh_key to overcast.key resolves to /path/to/.overcast/keys/overcast.key. The drawback is that requires the team to buy in to storing relevant keys in Overcast vs. in ~/.ssh.

Just for reference, at Clubhouse we have a private git server (using this recipe) just for our .overcast directory - keys and all - so a new dev just needs to clone that repo (using separate SSH keys that we control manually) to get access to our infrastructure. Revoking access means removing their key from the git server authorized_keys and changing the keys to our instances (which should be done periodically anyway).

svperfecta commented 9 years ago

That's pretty nice :) We have some more restrictive key controls (i'm not sure they really add any security tbh) but getting IT to setup and manage a git server would be a little tough. Ha!

On Thu, Dec 11, 2014 at 1:20 PM, Andrew Childs notifications@github.com wrote:

Thanks Brian! Adding support for ~/ and $HOME should be straightforward.

Overcast does support paths that are relative to the current /path/to/.overcast/keys directory (be it your home directory or some repo), so setting your ssh_key to overcast.key resolves to /path/to/.overcast/keys/overcast.key. The drawback is that requires the team to buy in to storing relevant keys in Overcast vs. in ~/.ssh.

Just for reference, at Clubhouse we have a private git server (using this recipe https://github.com/andrewchilds/overcast/tree/master/recipes/git-server) just for our .overcast directory - keys and all - so a new dev just needs to clone that repo (using separate SSH keys that we control manually) to get access to our infrastructure. Revoking access means removing their key from the git server authorized_keys and changing the keys to our instances (which should be done periodically anyway).

— Reply to this email directly or view it on GitHub https://github.com/andrewchilds/overcast/issues/27#issuecomment-66663511 .

andrewchilds commented 9 years ago

This is available as of 0.6.4. Thanks!