ohdearaugustin
commented
2 weeks ago You can refer to this old discussion about such keys: https://github.com/juanfont/headscale/issues/662
Open lorenzleutgeb opened 1 month ago
ohdearaugustin
commented
2 weeks ago You can refer to this old discussion about such keys: https://github.com/juanfont/headscale/issues/662
Why
I deploy multiple machines (both machines that run the Tailscale client, but also a machine that runs the Headscale control server). I want to automate the registration of clients to the control server as much as possible.
At the moment, I have to run
headscale preauthkeys createwhich will randomly generate a 24 byte key and store it (along with additional metadata, such as expiry, user, etc.) in the SQLite database.This means that in order to deploy a client, I first need to run a command on the control server to change its state, take the output, and use that to include it in the state to deploy to the client. Thus, I end up maintaining a list of preauth keys for my clients.
I would prefer to use the same list to also declaratively control the state of the control server. That is, I would like to set the list of preauth keys for the server (or at least add to the list), at the time I deploy it. This way I would be able to generate images for all clients and the control server, and deploy them "in one go", without having to first deploy the control server, executing
headscale preauthkyes createand only then deploying clients.Description
I would like to be able to specify keys that I have securely generate myself when I execute
headscale preauthkeys create, for example:A workaround is to use the SQLite database directly, bypassing
headscale preauthkeys, but I'd like to avoid that.The implementation would be rather straightforward, adding another optional argument to pass the key, and if it is not specified call
generateKeyas it is done unconditionally at the moment.