search

ministryofjustice / cotton

Project independent shared fabric extensions to bootstrap first VM and manage configuration within team
3 stars 2 forks source link

Bootstrapping fails if 'provisioning' user has been deleted. #45

Open mikepea opened 10 years ago

mikepea commented 10 years ago

We should not be leaving the 'provisioning' user on our nodes, as it is a shared account.

However, when it is rightly deleted, this then prevents bootstrap_minion from working, as this depends on the newly created node only having 'provisioning' available for connection.

A workaround for this is to set the 'hosts.gw.ip' value in project.yaml to 'user@ip', where user is your regular admin user account.

To me, it would be better to always use your general user account except for key bootstrapping operations (like bootstrap_minion), where 'provisioning' is the correct account to use -- by convention.

munhitsu commented 10 years ago

We can't leave the provisioning user and it should be only used on 1st run of salt. Later we need to use our own users. In fact cotton understands normal an provisioning mode By default when creating vm is uses provisioning mode and later it swaps to user mode.

To enable later the provisioning mode you use task provisioning from cotton.api

mikepea commented 10 years ago

But the problem is when you add NEW nodes to an existing cluster. The new node only has the 'provisioning' user available.

Please explain 'task provisioning' in more detail.

On 10 November 2014 13:40, Mateusz Łapsa-Malawski notifications@github.com wrote:

We can't leave the provisioning user and it should be only used on 1st run of salt. Later we need to use our own users. In fact cotton understands normal an provisioning mode By default when creating vm is uses provisioning mode and later it swaps to user mode.

To enable later the provisioning mode you use task provisioning from cotton.api

— Reply to this email directly or view it on GitHub https://github.com/ministryofjustice/cotton/issues/45#issuecomment-62384925 .

munhitsu commented 10 years ago

My apologies, I'm starting to understand the use-case. To cleanly solve it we would need some kind of metadata store. On AWS - no prob. On vCloud - in theory there is a metadata data store we could use. On static... we could introduce some shared storage. Either file based and shared through git or kv server accessible for all of us.

Last would be way faster than querying the vCloud api