juju system ssh keys - revisiting
Andrew Wilkins
andrew.wilkins at canonical.com
Tue Dec 17 06:15:13 UTC 2013
On Tue, Dec 17, 2013 at 1:59 PM, John Arbash Meinel
<john at arbash-meinel.com>wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ...
>
> > 5) Juju run. In order to make this available to the GUI, it needs
> > to be executed from the API server. This means that the API server
> > machine needs to be able to SSH to all the other machines. No one
> > is going to want to upload their own private key, nor should they.
>
> This hints to me that Juju run is improperly design. We already have a
> way to inform all machines that we have work for them to do. Which
> *doesn't* require us to ssh into them (the hook triggers).
>
> Just create a "run" hook that fires a custom script when there is data
> to be run. Why would be SSH into those machines directly?
>
I believe the rationale was so that juju-run can target machines as well as
units. To target a machine without any units deployed would mean hooks are
out of the question.
> John
> =:->
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.13 (Cygwin)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlKv6EMACgkQJdeBCYSNAAPWbQCfW9NzjEfrPjIYg6XjX0jdA+Op
> zsEAn2WztdUWqij0Iup5mvJncTfEzWN1
> =2Z8z
> -----END PGP SIGNATURE-----
>
> --
> Juju-dev mailing list
> Juju-dev at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/juju-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju-dev/attachments/20131217/c5c303b8/attachment.html>
More information about the Juju-dev
mailing list