Diese Nachricht wurde eingewickelt um DMARC-kompatibel zu sein. Die eigentliche Nachricht steht dadurch in einem Anhang.
This message was wrapped to be DMARC compliant. The actual message text is therefore in an attachment.
--- Begin Message ---On Thursday, 5 October 2023 14:59:40 CEST Diego Zuccato wrote: > Hello all. > > Does someone use FAI to install the base system that will be managed by > Salt? > I'm trying to integrate 'em but there's still something that doesn't > "click"... > > My current idea is to use Salt to orchestrate the install, but maybe > it's better left to FAI? How can I "pass around" minion key so I don't > have to manually re-approve the new key every time? > The ideal scenario would be: target generates its keypair, sends the > pubkey to FAI that "certifies" it's from the system being installed and > passes it to Salt. Should I write a custom fai-monitor (that would be > needed anyway to disable netboot once system is reinstalled)? > > TIA. My solution at the moment is non-interactive. In classes I have a script which asks for username and password for the salt api to save a cookie which is valid for a 30min. Later during the fai installation a script uses the cookie to get the salt key via the salt api. After the first boot salt is doing the rest... Instead of using the non-interactive approach I guess you could also provide the cookie base64 encoded via boot parameter or dhcp. regards Markus -- Markus Koeberl Graz University of Technology Signal Processing and Speech Communication Laboratory E-mail: markus.koeb...@tugraz.atsignature.asc
Description: This is a digitally signed message part.
--- End Message ---