On 08/24/2017 09:56 AM, Karanbir Singh wrote:
On 22/08/17 03:55, Brian Stinson wrote:
If you have a feature request for us to track let's talk about it here.
been thinking through creds a bit this morning.
Duffy already sets up the user / label key so that the jobs can ssh into the remote host and do what they need to do. I am wondering if we can extend this to also cover other credentials that jobs might need. and plug in something like hash vault that then allows users to self-manage their creds, and have them auto available in the sessions on the remote hosts.
as an example, something extremely simple, like a key value file, sourced in the .bashrc of the remote shell would give you whatever is labelled for the tenant, in place.
For these kind of settings to be applied on nodes, I think Duffy API could allow user specifying a file location containing a cloud-init configuration, or a kickstart snippet, or a raw shell script to be executed.
For example:
$ cico node get --arch ppc64le --release 7 --count 1 --post-setup cloud-init=http://domain.tld/cloud-init-config.txt
$ cico node get --arch ppc64le --release 7 --count 1 --post-setup kickstart=http://domain.tld/config.ks
$ cico node get --arch ppc64le --release 7 --count 1 --post-setup shell=http://domain.tld/post-setup-commands.txt
So all the customization is delegated to the user. Duffy would just need to know if it has to run cloud-init, kickstart, or shell script.
A benefit of allowing cloud-init configuration is that users from OpenStack would need very few or none effort to update their cloud-init settings to use with Duffy.