hi, i have a question regarding best practices usi...
# generalb
bored-monitor-99026
05/24/2021, 12:09 AMhi, i have a question regarding best practices using pulumi to provision & manage infrastructure.
say i have 300 bare metal machines or VPSs (not from cloud providers like GCP), i need to provide authentication credentials for pulumi to ssh into and manage those instances. then i need to manually generate 300 keypairs, right.
now, what's the best way to pass those key pairs around the team?
s
steep-sunset-89396
05/24/2021, 12:15 AMHi.
I'm not sure to understand the value of having this many ssh keys. The management overhead is going to be a nightmare. Instead you could use signed SSH keys for your team and Pulumi which would greatly reduce your number of keys.
steep-sunset-89396
05/24/2021, 12:17 AMThe gist is all your servers/vps know the ssh key "certificate authority" and implicitly trust a user/pulumi connection when presented with a correctly signed SSH key.
steep-sunset-89396
05/24/2021, 12:20 AMNetflix did something on this few years ago and the project is called "Bless". Users/Pulumi only get short-lived SSH keys.
b
billowy-army-68599
05/24/2021, 12:34 AM
it's worth pointing out at this stage: Pulumi's support for managing things at the operating system layer comes as an artifact of a mechanism called dynamic providers - these providers were not originally designed for OS management, although it is possible.
billowy-army-68599
05/24/2021, 12:34 AM
We generally recommend handing over operating system provisioning to another configuraiton management tool like puppet or ansible
👍 3
s
steep-sunset-89396
05/24/2021, 12:58 AMYes, that's an excellent point
b
bored-monitor-99026
05/26/2021, 3:58 AMthanks, appreciate your insights. lm research more on this.
6 Views