Open shtlrs opened 5 months ago
Do we still want this?
At present I can't think of commands we would run through this, except perhaps fail2ban. But so far that has worked, plus the affected team members have surely by now switched to password managers and no longer run into those issues.
Fail2ban is the only thing that comes to mind right now also.
Potentially fetching info like things from "doveadm who" could be nice but isn't a big deal.
I think it's fine to keep open but not prioritize implementation, it doesn't hurt us.
What should the command do?
The idea is us being able to execute specific actions on one of our NetCup boxes.
For this to happen, a King-Arthur user needs to be created on all of our boxes. Then, using its own private key, KA can SSH into a particular box and execute a command from there.
I am not sure how to scope this in terms of commands/cogs, but i thought we could have a NetCup cog which contains 2 commands
raw
command, to allow flexibility of using any command we want, and this needs to be granted to only a set of particular people. Ideally this command will prompt user for confirmation before using it.All these commands will need to take the box name in param obviously.
APIs
Who should be authorized to use this command?
DevOps