Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bootstrap could automatically enable --use-ssh-agent when SSH_AUTH_SOCK is present #1633

Open
zzhou1 opened this issue Dec 17, 2024 · 2 comments

Comments

@zzhou1
Copy link
Contributor

zzhou1 commented Dec 17, 2024

Here is the current oneliner:

adm@tw-1:~> sudo -E crm cluster init --use-ssh-agent -ys /dev/disk/by-partlabel/sbd -N $USER@tw-2

It would be naturally consistent with "ssh", "ssh-copy-id", etc. That means as long as SSH_AUTH_SOCK gets detected, --use-ssh-agent is automatically enabled. We can add code to enforce --use-ssh-agent no if really need to use the local ssh key.

adm@tw-1:~> sudo -E crm cluster init -ys /dev/disk/by-partlabel/sbd -N $USER@tw-2

@liangxin1300
Copy link
Collaborator

Don't get your point yet.

adm@tw-1:~> sudo -E crm cluster init --use-ssh-agent -ys /dev/disk/by-partlabel/sbd -N $USER@tw-2

Use --use-ssh-agent to tell crmsh we want to enable ssh-agent
If we don't use --use-ssh-agent option, local ssh key will be created and used:

adm@alp-1:~> sudo -E crm cluster init -ys /dev/sda9 -N adm@alp-2
INFO: Loading "default" profile from /etc/crm/profiles.yml
INFO: Loading "knet-default" profile from /etc/crm/profiles.yml
WARNING: $SSH_AUTH_SOCK is detected. As a tip, using the --use-ssh-agent option could avoid generate local root ssh keys on cluster nodes.
INFO: A new ssh keypair is generated for user adm.
INFO: A new ssh keypair is generated for user hacluster.

@liangxin1300
Copy link
Collaborator

@nicholasyang2022 What do you think about this?

On master branch:

  • Auto enable ssh agent when SSH_AUTH_SOCK is present, no need to use --use-ssh-agent
  • We can add code to enforce '--use-ssh-agent no' if really need to use the local ssh key.

I think the behavior between SLE16 and SLE15SP6+ will be different

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants