[Cialug] Access credentials for new cloud instances

Matt Patterson matt at usrlocal.com
Mon Jan 23 11:01:39 CST 2012


Yup, this can be done with puppet.

Basically what I have is a template that I deploy from that the first thing that the VM does upon boot up is register itself with my puppet master server.  My default packages installed on all of my VMs ensures that certain users are on the system with their ssh keys in place so I can log into any box that is managed by the puppet system.

-Matt





On Jan 23, 2012, at 10:46 AM, Kenneth Younger wrote:

> I remember Matt talking about this at the last LUG meeting with regard
> to Puppet.
> 
> On Mon, Jan 23, 2012 at 10:04 AM, Matthew Nuzum <newz at bearfruit.org> wrote:
>> In an environment where you're using dynamic cloud instances (i.e. you spin
>> them up and down as demand grows and ebbs) there is a need for your new
>> instance to talk to your various infrastructure.
>> 
>> For example, you might need to script the installation of your code
>> downloaded from a central server. There are two ways to do such that come
>> first to mind, use hard-coded user credentials (i.e. user/password) or use a
>> hard-coded private/public key. Both of these have a problem, in that you
>> have to securely communicate this material to the new guest. A further
>> disadvantage is that you can't revoke only one instance's credentials.
>> 
>> Another option that I have thought of would be to generate credentials on
>> the guest and then some how authorize them for the new server. This also has
>> problems: namely that you need a secure channel to communicate your new
>> credentials with the server and possibly an automatic way to enable them and
>> authorize the client.
>> 
>> I was curious if anyone else here has thought about this problem and what
>> they think is a good solution. Again, the goal is to have as automated of a
>> process as possible. It would be awesome for the infrastructure to respond
>> to demand magically in the night without sysadmin intervention.
>> 
>> --
>> Matthew Nuzum
>> newz2000 on freenode, skype, linkedin and twitter
>> 
>> ♫ You're never fully dressed without a smile! ♫
>> 
>> 
>> 
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>> 
> 
> 
> 
> -- 
> Kenneth Younger III
> Founder, Sheer Focus Inc.
> e: kenny at sheerfocus.com
> p: (515) 367-0001
> t: @kenny
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug



More information about the Cialug mailing list