Open JacobCoffee opened 2 months ago
I wonder if we should re-evaluate this and refactor our backup setup to a "key per host" rather than a "key per backup".
It was some time ago, but I think I initially set it up as "key per backup" so that we could have non-root users running backups. In practice that has never occurred.
These are out of sync because we store the private keys in the secret pillar data. I think we could also just have salt generate them though which would avoid the issue we're running into here (creating a backup doesn't create the key).
What
When adding new backup files/directories, we will need to add related keys for this. This and other things (like SSH key changes when hosts upgrade/change) should be documented
Keys are not being made for the two new entries :(
from
probably due to missing pillar data in the secrets file for backup
Originally posted by @JacobCoffee in https://github.com/python/psf-salt/issues/474#issuecomment-2297259859