Allow multiple keys to be injected into user's authorized_keys#982
Allow multiple keys to be injected into user's authorized_keys#982jovial wants to merge 1 commit into
Conversation
|
Based on a complaint about terraform wanting to reprovision the baremetal computes to change ssh keys when we were managing these with user_data. I thought we could manage the SSH public keys in ansible instead. I didn't want to ignore changes to user_data in terrrform since that could mask important updates. Was hoping that this would allow users to all checkout the code with their own account, but of course the compute_init technique can't be used for the control plane and login nodes. I thought this would all be possible just by changing basic_users, but turns out it was more complicated since that is only for users on the shared storage. |
Use cases: 1) User has multiple keys e.g primary yubikey and a backup yubikey 2) Multiple operators can have their own public key configured for the rocky user. This improves the audit trail rather than sharing a common key and allows the operators to each maintain their own checkout of the slurm appliance. 3) Similar to 2, but one KEY for CI and one key for local operator. We already run basic_users in ansible-init, so the only change that needs to made is to make the public_key take a list rather than a single key.
8eb9f76 to
3439954
Compare
|
Yes, can we discuss?? I think this needs some design. There is already |
This is a valid problem though, I have wondered about being able to do provisioning key rotation without delete/recreate. |
Adds support for multiple keys to basic_users, along with ability to remove keys.
Use cases:
Adds support for disabling and adding additional keys to rocky user; this can be useful for debugging if LDAP is down.