-
I see what you mean https://github.com/chrisgo/fabric2-example/blob/159ca5ea1844...
Also, I am obligated to point it out every time I see it: `curl --fail` for life otherwise bash will cheerfully try and execute the 503 html that curl writes out https://github.com/chrisgo/fabric2-example/blob/159ca5ea1844...
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
This is what cloud-init[1], Puppet[2] et al a for. I haven't done this with shell scripts in at least 15 years.
[1] https://github.com/canonical/cloud-init
[2] https://www.puppet.com/
-
https://github.com/EternityForest/KaithemAutomation/tree/mas...
These are all meant for RasPi embedded controls, so they don't handle security.
I set the password with the flasher utility, then have my app server just use Linux authentication so I have fewer things to mess with and more that can be done with standard tools.
Unfortunately MQTT can't do that and the PKI model is hard to set up fully automatically, but almost all routers have guest networks and such, so relying on WPA3 is fine for non-critical stuff.
If I need remote access, I use Zrok.io and avoid having to manage certs myself.
-
Love zrok.io, I work on its parent, OpenZiti. It makes me wonder; OpenZiti makes PKI much simpler while providing the secure overlay, we even used our SDKs to demonstrate zero trust overlay networking built into MQTT - https://github.com/ekoby/mqziti... could that be useful for your use case??
-
Strongly do NOT recommend what we are doing
- https://github.com/chrisgo/fabric-example
- https://github.com/chrisgo/fabric2-example
-
ground-init
Install a Linux machine locally with something that is almost, but not quite, cloud-init
Like others have said, cloud-init is the way. For the few instances that may not have the right tooling baked into their base image or where it’s not fully supported by the orchestrator (like Proxmox containers), I use https://github.com/rcarmo/ground-init (which I first wrote to set up my laptop and local machines and lets me re-use cloud-init files).
-
Thanks, will take a look at that curl thing. We are still using this and been working for us for ~15 years (python 2, ported to python 3) and this is just an example of how to take https://fabfile.org to the extreme but still is not the best way to do it. We only ~50 servers so it is not a massive fleet. The convenience of typing `fab ` to do things under control is still better than nothing :)