#212 new
Bruno Bonfils

keyfile as resources

Reported by Bruno Bonfils | February 21st, 2011 @ 10:59 AM

I think using a global application ssh identity file may be restrictive in some conditions. I'm thinking about the following use cases:

a XML file (keys.xml) like

<key name="group1">
 <file>$HOME/.ssh/mysecretkey</file>
</key>

with a special named default for the default key.

This way, it wil very easy to manage differents keys for a node by adding keyName attribute in a node definition, and if this attribut doesn't exists, the default key will be use.

Comments and changes to this ticket

  • Alex-SF

    Alex-SF March 21st, 2011 @ 08:05 AM

    • Milestone set to Rundeck 1.3
    • Milestone order changed from “13” to “0”
  • Greg Schueler

    Greg Schueler April 20th, 2011 @ 10:17 AM

    Perhaps we can make this more generic as well, allowing for some kind of credential definition independent of ssh.

    e.g. defining some xml/yaml files as project/X/etc/something.cred allows you to specify:

    <node name="mynode" credentialset="something/key1" .../>
    

    and something.cred:

    <credentials>
    <credential name="key1">
       <ssh-keyfile file="$HOME/.ssh/mysecretkey"/>
    </credential>
    </credentials>
    

    It is then up to the dispatcher to supply the correct credential definition to the SSH node executor.

    An alternative that could apply just to SSH would be to define a particular known key path, and then allow the node attributes to specify a key file by name:

    <node name="mynode" sshkeyfile="keyfile1".../>
    

    and have $RDECK_BASE/projects/X/etc/credentials/ be the known "keyfile path", so the keyfile1 resolves to $RDECK_BASE/projects/X/etc/credentials/keyfile1.key

  • Alex-SF

    Alex-SF June 8th, 2011 @ 11:11 AM

    • Milestone cleared.
    • Milestone order changed from “12” to “0”

    Postponing until after 1.3 release to get feedback and see usage of dispatcher plugin and custom node attributes.

  • Alex-SF

    Alex-SF July 9th, 2011 @ 01:48 PM

    • Tag set to credentials node

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

(DEPRECATED) Please use github issues for issue tracking at http://github.com/dtolabs/rundeck/issues

Shared Ticket Bins

People watching this ticket

Referenced by

Pages