forked from juju/juju
-
Notifications
You must be signed in to change notification settings - Fork 0
/
system-ssh-key.txt
24 lines (19 loc) · 1.13 KB
/
system-ssh-key.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
The idea of having a system SSH key is to support a number of real and
potential use-cases.
* The system ssh key could be used to monitor the bootstrap process, and this
would benefit the new users that don't have an existing SSH key
* Allows the api server machines to ssh to other machines in the model
* could be used to set up ssh tunnels through a single public facing IP
address on the server
* allows juju-exec commands to be run on remote machiens
Juju already creates a private key for serving the mongo database. It was an
option to also use this key, but in the end, having different keys for
different purposes just seems like a more robust idea.
A system key is generated when the model is bootstrapped, and uploaded
as part of the cloud-init machine creation process. The public key part is
added to the authorized keys list.
This means that we need to generate an identity file and the authorized key
line prior to creating the new machine.
If subsequent controller machines are created, they also need to have the
system identity file on them. Actually, it is most likely the API server jobs
that we really care about.