Hello,
Thank you for the replies! I tried to replicate your setup with the
following;
[root@cobbler ~]# cat /var/lib/cobbler/triggers/install/post/chef-key.sh
#!/bin/bash
/usr/bin/scp -i /root/.ssh/id_rsa -o "StrictHostKeyChecking no" -p
/root/chef.key ${3}:/root/chef.key
Using Ubuntu 16.04 preseed with the following post install commands;
d-i preseed/late_command string in-target /usr/bin/ssh-keygen -f
/root/.ssh/id_rsa -t rsa -N '' ; \
echo 'ssh-rsa $COBBLER_PUBLIC_KEY cobbler' >
/target/root/.ssh/authorized_keys ; \
mkdir -p /target/var/run/sshd ; \
in-target /usr/sbin/sshd ; \
wget -O-
http://$http_server/cblr/svc/op/script/$what/$name/?script=preseed_late_default
| chroot /target /bin/sh -s ; \
in-target wget http://$http_server/xenial-sources.list -O
/etc/apt/sources.list ;
However I am getting a lost connection whenever it tries to run the post
trigger;
Tue Nov 1 23:41:58 2016 - DEBUG | running shell triggers from
/var/lib/cobbler/triggers/install/post/*
Tue Nov 1 23:41:58 2016 - DEBUG | running shell trigger
/var/lib/cobbler/triggers/install/post/chef-key.sh
Tue Nov 1 23:41:58 2016 - INFO | running:
['/var/lib/cobbler/triggers/install/post/chef-key.sh', 'system',
'cobbler-test', '192.168.1.50']
Tue Nov 1 23:42:13 2016 - INFO | received on stdout:
Tue Nov 1 23:42:13 2016 - DEBUG | received on stderr:
ssh_exchange_identification: read: Connection reset by peer
lost connection
I inserted a sleep after the final post command and I could manually run
the scp command fine while the system was still in the "running preseed"
stage.
[root@cobbler ~]# /var/lib/cobbler/triggers/install/post/chef-key.sh system
cobbler-test 192.168.1.50
...
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:1
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle
attacks.
chef.key
100% 1679 1.6KB/s 00:00
Thanks for your help!
On Wed, Oct 26, 2016 at 6:51 PM, Orion Poplawski <orion(a)cora.nwra.com>
wrote:
On 10/25/2016 09:49 PM, Tyler Wilson wrote:
> Hey All,
>
> New Cobbler user here. What is the best method of ensuring deployed
> nodes have sensitive keys (chef keys, ssh, etc) securely uploaded when
> completed? Am I able to send them securely from the cobbler host somehow?
>
> Thanks for any and all tips!
>
I fire up sshd on my target system in %post:
# Create temporary host key(s)
# EL7
/usr/sbin/sshd-keygen
# Fedora
/usr/libexec/openssh/sshd-keygen rsa
# Start sshd so that we can copy over the ansible key in the cobbler post
trigger
/usr/sbin/sshd
Then I have a cobbler install trigger copy the ssh key over:
# cat /var/lib/cobbler/triggers/install/post/ansible_key
#!/bin/bash
[ "$1" = system ] &&
/usr/bin/scp -i /root/.ssh/id_rsa_cobbler -o "StrictHostKeyChecking no"
-p /root/.ssh/id_rsa_ansible ${2}:/root/.ssh/id_rsa_ansible
I suppose someone could the activate the trigger directly and receive the
key, but this is the best that I was able to come up with.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane orion(a)cora.nwra.com
Boulder, CO 80301
http://www.cora.nwra.com
_______________________________________________
cobbler mailing list -- cobbler(a)lists.fedorahosted.org
To unsubscribe send an email to cobbler-leave(a)lists.fedorahosted.org