Hello,
I’m trying to use git scm resource but it’s not clear in the
documentation how to authenticate chef clients with a git server so
the clients can sync the repos. How is it done?
Thanks for your time.
Jacobo García López de Araujo
blog: http://robotplaysguitar.com
http://workingwithrails.com/person/13395-jacobo-garc-a
On Apr 15, 2010, at 9:13 AM, Jacobo García wrote:
I'm trying to use git scm resource but it's not clear in the
documentation how to authenticate chef clients with a git server so
the clients can sync the repos. How is it done?
Use a key, then git can tunnel over ssh without any username password mularchy....
John
--
John Merrells
+1.415.244.5808
I'm thinking making a recipe that generates a ssh key on every client
for the shell user that runs chef-client (root in my case), so when
chef-client tries to pull the repo.
This is what you refer?
Jacobo García López de Araujo
blog: http://robotplaysguitar.com
http://workingwithrails.com/person/13395-jacobo-garc-a
On Thu, Apr 15, 2010 at 6:29 PM, John Merrells john@merrells.com wrote:
On Apr 15, 2010, at 9:13 AM, Jacobo García wrote:
I'm trying to use git scm resource but it's not clear in the
documentation how to authenticate chef clients with a git server so
the clients can sync the repos. How is it done?Use a key, then git can tunnel over ssh without any username password mularchy....
John
--
John Merrells
http://johnmerrells.com
+1.415.244.5808
On Apr 15, 2010, at 9:52 AM, Jacobo García wrote:
I'm thinking making a recipe that generates a ssh key on every client
for the shell user that runs chef-client (root in my case), so when
chef-client tries to pull the repo.This is what you refer?
Yes.
You'll also need the server key in the client's known_hosts file.
Note that you might find it more manageable to have the same
on all the client machines....
I have a recipe which creates the same
/root/.ssh/id_rsa
/root/.ssh/id_rsa.pub
/root/.ssh/knownhosts
on all the machines that pull from the same repo. Which in my
case is github.
But, yes different keys everywhere would be more secure.
John
--
John Merrells
+1.415.244.5808
I'll do that.
Thanks a lot.
Jacobo García López de Araujo
blog: http://robotplaysguitar.com
http://workingwithrails.com/person/13395-jacobo-garc-a
On Thu, Apr 15, 2010 at 7:00 PM, John Merrells john@merrells.com wrote:
On Apr 15, 2010, at 9:52 AM, Jacobo García wrote:
I'm thinking making a recipe that generates a ssh key on every client
for the shell user that runs chef-client (root in my case), so when
chef-client tries to pull the repo.This is what you refer?
Yes.
You'll also need the server key in the client's known_hosts file.
Note that you might find it more manageable to have the same
on all the client machines....I have a recipe which creates the same
/root/.ssh/id_rsa
/root/.ssh/id_rsa.pub
/root/.ssh/knownhostson all the machines that pull from the same repo. Which in my
case is github.But, yes different keys everywhere would be more secure.
John
--
John Merrells
http://johnmerrells.com
+1.415.244.5808