[Gllug] Production system - Linux 2.4.24, LVM and cciss

Rickey Costas rickey at lefteris.co.uk
Mon Jan 12 17:37:27 UTC 2004


Martin A. Brooks wrote:

> One very simple answer: ssh keys.
> 
> My current contract is with a well known search engine. Within the 
> datacentre I work there are groups of machines allocated to one customer 
> or another.  We want the people who are responsible for client Foo to be 
> able to get root access to all the nodes in their project.   cfengine is 
> used to not only push out that "service user" ssh key but to enforce the 
> keys that are present in on the servers in question.
> 
> We have around 25 projects and clusters of machinea range from 4 
> machines to 32 machines. Adding a machine to a particular project as 
> simple as adding it to a list in a text file. Next time cfengine runs 
> that machine will automatically have the right ssh keys added.
> 
> 

Ok, I've got too much on to think too hard about this, but my initial 
feeling is to use cvs to distribute. Or if its more complicated, write a 
small script which generates the keyfiles, and have the individual 
machines scp down their keyfiles, scp to them if you want immediate 
response.

Maybe even using sudo to control the root access, if thats all thats wanted.

A tiny bit of perl programming, but less than learning a new language, 
if you already know perl :-)

Not knowing the problem as well as you, obviously, I could be badly wrong.

Rickey.


-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list