Easily allow ssh keys to be changed in preos and stage enviroments #194

New Issue

ungleich-gitea · 2021-11-20T15:21:11Z

ungleich-gitea commented

2021-11-20 15:21:11 +00:00

Created by: telmich

Hey @asteven - I am opening this issue to give Dave access to one infrastructure. The suggested idea to pass in ssh keys via command line is probably a bit error prone, as the length is pretty limited:

The number of kernel parameters is not limited, but the length of the
complete command line (parameters including spaces etc.) is limited to
a fixed number of characters. This limit depends on the architecture
and is between 256 and 4096 characters. It is defined in the file
./include/asm/setup.h as COMMAND_LINE_SIZE.

(from https://www.kernel.org/doc/Documentation/kernel-parameters.txt)

I will cleanup / merge preos soon into the stable branches and I hope to be able to migrate install into it this year as well :-)

*Created by: telmich* Hey @asteven - I am opening this issue to give Dave access to one infrastructure. The suggested idea to pass in ssh keys via command line is probably a bit error prone, as the length is pretty limited: The number of kernel parameters is not limited, but the length of the complete command line (parameters including spaces etc.) is limited to a fixed number of characters. This limit depends on the architecture and is between 256 and 4096 characters. It is defined in the file ./include/asm/setup.h as COMMAND_LINE_SIZE. (from https://www.kernel.org/doc/Documentation/kernel-parameters.txt) I will cleanup / merge preos soon into the stable branches and I hope to be able to migrate install into it this year as well :-)

ungleich-gitea added the

Stale

label 2021-11-20 15:21:11 +00:00

ungleich-gitea closed this issue

2021-11-20 15:21:11 +00:00

ungleich-gitea commented

2021-11-20 15:47:13 +00:00

closed

ungleich-gitea commented

2021-11-20 15:47:14 +00:00

Created by: telmich

Hey @asteven,

for me it is more about creating a generic preos and having an easy way
to just add a couple of ssh keys to it.

Regarding size, I am very open for using a different basis (and I think
we should stick to "it will be any OS, not necessarily Debian") - it
just needs to be easily buildable :-)

Do you have any other ideas at the moment for easy integration of ssh
keys into a initramfs?

Maybe we can abstract it away by creating a cdist command / parameter
related to preos:

cdist preos key-add --key .. --key ..

It could fit into other (to be refactored) commands:

cdist preos generate --output-type [iso|pxe|usb] --output foo.iso
cdist preos generate --cache-dir # to store temporary files in / for reusing

I think finishing / including preos in the stable branch opens the door
for finishing / making install more usable for others, too.

Cheers,

Nico

New PGP key: 659B 0D91 E86E 7E24 FD15 69D0 C729 21A1 293F 2D24

*Created by: telmich* Hey @asteven, for me it is more about creating a generic preos and having an easy way to just add a couple of ssh keys to it. Regarding size, I am very open for using a different basis (and I think we should stick to "it will be any OS, not necessarily Debian") - it just needs to be easily buildable :-) Do you have any other ideas at the moment for easy integration of ssh keys into a initramfs? Maybe we can abstract it away by creating a cdist command / parameter related to preos: ``` cdist preos key-add --key .. --key .. ``` It could fit into other (to be refactored) commands: ``` cdist preos generate --output-type [iso|pxe|usb] --output foo.iso cdist preos generate --cache-dir # to store temporary files in / for reusing ``` I think finishing / including preos in the stable branch opens the door for finishing / making install more usable for others, too. Cheers, Nico ## New PGP key: 659B 0D91 E86E 7E24 FD15 69D0 C729 21A1 293F 2D24

ungleich-gitea commented

2021-11-20 15:47:15 +00:00

Created by: asteven

Nico Schottelius wrote on 09/04/2014 11:40 AM:

Hey @asteven - I am opening this issue to give Dave access to one infrastructure. The suggested idea to pass in ssh keys via command line is probably a bit error prone, as the length is pretty limited:

The number of kernel parameters is not limited, but the length of the
complete command line (parameters including spaces etc.) is limited to
a fixed number of characters. This limit depends on the architecture
and is between 256 and 4096 characters. It is defined in the file
./include/asm/setup.h as COMMAND_LINE_SIZE.

(from https://www.kernel.org/doc/Documentation/kernel-parameters.txt)

I will cleanup / merge preos soon into the stable branches and I hope to be able to migrate install into it this year as well :-)

As we had discussed before, IMHO putting a full blown debian into a cpio
is not usable. The proper solution would be to build and maintain a
custom linux built using buildroot or openembedded/yocto or whatever.
That brings the size down to ~10MB vs >= 150MB.

Cheers,
Steven

*Created by: asteven* Nico Schottelius wrote on 09/04/2014 11:40 AM: > Hey @asteven - I am opening this issue to give Dave access to one infrastructure. The suggested idea to pass in ssh keys via command line is probably a bit error prone, as the length is pretty limited: > > The number of kernel parameters is not limited, but the length of the > complete command line (parameters including spaces etc.) is limited to > a fixed number of characters. This limit depends on the architecture > and is between 256 and 4096 characters. It is defined in the file > ./include/asm/setup.h as COMMAND_LINE_SIZE. > > (from https://www.kernel.org/doc/Documentation/kernel-parameters.txt) > > I will cleanup / merge preos soon into the stable branches and I hope to be able to migrate install into it this year as well :-) As we had discussed before, IMHO putting a full blown debian into a cpio is not usable. The proper solution would be to build and maintain a custom linux built using buildroot or openembedded/yocto or whatever. That brings the size down to ~10MB vs >= 150MB. Cheers, Steven

Sign in to join this conversation.