https://pulumi.com logo
Powered by
#general
Title
# general
b

bored-monitor-99026

05/24/2021, 12:09 AM
hi, i have a question regarding best practices using pulumi to provision & manage infrastructure. say i have 300 bare metal machines or VPSs (not from cloud providers like GCP), i need to provide authentication credentials for pulumi to ssh into and manage those instances. then i need to manually generate 300 keypairs, right. now, what's the best way to pass those key pairs around the team?
s

steep-sunset-89396

05/24/2021, 12:15 AM
Hi. I'm not sure to understand the value of having this many ssh keys. The management overhead is going to be a nightmare. Instead you could use signed SSH keys for your team and Pulumi which would greatly reduce your number of keys.
The gist is all your servers/vps know the ssh key "certificate authority" and implicitly trust a user/pulumi connection when presented with a correctly signed SSH key.
Netflix did something on this few years ago and the project is called "Bless". Users/Pulumi only get short-lived SSH keys.
b

billowy-army-68599

05/24/2021, 12:34 AM
it's worth pointing out at this stage: Pulumi's support for managing things at the operating system layer comes as an artifact of a mechanism called dynamic providers - these providers were not originally designed for OS management, although it is possible.
We generally recommend handing over operating system provisioning to another configuraiton management tool like puppet or ansible
👍 3
s

steep-sunset-89396

05/24/2021, 12:58 AM
Yes, that's an excellent point
b

bored-monitor-99026

05/26/2021, 3:58 AM
thanks, appreciate your insights. lm research more on this.
2 Views
Powered by