On Mon, Sep 9, 2013 at 9:57 AM, David Cheney <david.che...@canonical.com>wrote:
> > > > As of 1.13.3 you can now do this: > > juju add-machine ssh:[user@]host > > * Does this user have to be root ? If the user has to be root, do we > have to get into the business of telling people how to adjust their > /etc/ssh/sshd to allow root login ? > No. The command will ssh to the remote host, and sudo on the remote machine. So you need to be able to sudo, but you definitely don't need to be able to ssh in as root. > * What happens if I do, juju add-machine ssh:localhost ? I can't > imagine anything good will come from that. Should there be a provision > to prohibit this ? > As long as you're not running a local provider environment, that'll work just fine. Really, add-machine is just a matter of: - detect machine characteristics - get tools from storage, unpack into the right location (/var/lib/juju/...) - create a log directory - install an upstart script I say "as long as you're not running a local provider environment" because there are checks that no juju agents exist on the target machine. * What happens if the machine you are ssh'ing to is via a jump/bastian > host, the target won't be able to communate with the outside world or > bootstrap node, right ? That sounds like a huge support timesuck. > Right, it won't work. You'll get an error from add-machine because add-machine won't be able to remotely fetch the tools. This is one of the caveats I listed; the target machine must be able to communicate with the state server and storage. We'll want to document this bit well, and provide some suggestions on what to do in those kinds of environments. > - There is no change in supported operating systems; the machine being > > provisioned must be running Ubuntu 12.04+ > > Is this enforced in code ? Only in so far as default-series, etc., are enforced. There's nothing special about manual provisioning here. > - Multiple invocations of ssh will be made, and sudo is used on the > remote > > host to install the machine agent. To reduce noisy prompts, you should > use > > public key authentication. To completely eliminate prompting, you'll also > > need to enable passwordless sudo on the target host. > > Can we automate this with a file in /etc/sudoers.d ? > Naturally that will require root ;) This is up to the person doing the install.
-- Juju mailing list Juju@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju
