-
Notifications
You must be signed in to change notification settings - Fork 49
Conversation
/assign |
812ae94
to
70404c5
Compare
0b4b31f
to
01bf311
Compare
/hold cancel |
/unassign |
f5f5ec2
to
d06c1a9
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
terraform/amazon/modules/tagging_control/templates/tagging_control_policy.json
Show resolved
Hide resolved
ExecStartPre=/bin/sh -c '\ | ||
set -e ;\ | ||
usermod -a -G ssh_keys wing ;\ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is that really necessary to read the public host key?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is so wing can read the ssh private keys to sign the document, to prove we have them
@@ -8,4 +8,5 @@ | |||
|
|||
package assets | |||
|
|||
//go:generate go-bindata -prefix ../../../ -pkg $GOPACKAGE -o assets_bindata.go ../../../terraform/amazon/modules/... ../../../terraform/amazon/templates/... ../../../puppet/... ../../../packer/... | |||
//go:generate go run ../../../cmd/tagging_control/main.go zip ../../../tagging_control.zip ../../../tagging_control_linux_amd64 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is really ugly, not too sure if it break during the release process
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why would this break?
c0793bf
to
b944ea9
Compare
/unassign |
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
4c2d123
to
2edf261
Compare
2edf261
to
6d92b61
Compare
function uploads Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
6d92b61
to
962cd33
Compare
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
/unassign |
I think the release tarmak version might have some issue with this change. And obviously it complicates and slowes down the build process. Other than that I seem to have a few problems where I need to delete the known_hosts file while terraform-tarmak is failing to connect to the bastion. I am gonna merge it for now but this will be an area of stabilisation/testing /approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: simonswine The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What this PR does / why we need it:
As per the proposal outlined here #643, this PR implements management of a clusters known hosts file.
During boot, wing will send it's public keys to a Lambda function which is verified and applied as tags to that instance.
Tarmak will then use these tags as a source of truth and will self maintain the known hosts file.
The SSH client is now strictly enforcing the contents of this file when connecting to instances.
Special notes for your reviewer:
The
--wing-dev-mode
needs to be used during applies with this PR./hold
Waiting for #494