Closed igalic closed 5 years ago
@igalic we still have to test remote repositories. Also it would be nice to provide authentication information for remote sources. Any ideas?
@gronke wrote:
@igalic we still have to test remote repositories. Also it would be nice to provide authentication information for remote sources. Any ideas?
so, right now, the repo i'm using is on gitlab and is only accessible with the correct SSH keys
however, it has no secretes and i could expose it publicly
as for authentication:
the easiest way would be to mount an (root's?) ~/.ssh/
?
It would also be nice if this could happen temporarily — i.e.: only during provisioning.
the easiest way would be to mount an (root's?)
~/.ssh/
?
Nein! We need proper key management to allow authenticated sources. How about an .ssh
directory in a jails dataset (next to the config.json file) and the provisioning.key=gronke
with .ssh/gronke
and .ssh/gronke.pub
as the key files.
This patch introduces Puppet (apply) as provisioning method, addressing #625
So far the design requires a (unique) name, a source (the control-repo) and an optional list of packages to be pre-installed. By default that List of packages is
puppet6
, and if the source is a git repo,rubygem-r10k
.To begin the provisioning, we
we could also consider to run puppet more than once, to guarantee idempotence.