Comments (6)
adamedx
commented on August 25, 2024
@tessus it doesn't get uploaded, it's used to connect to the remote system. Is there anything in particular that led you to believe it was being uploaded?
from knife-azure.
adamedx
commented on August 25, 2024
For reference @tessus, the private key is used to generate the public key which is then configured on the remote system: https://github.com/chef/knife-azure/blob/master/lib/azure/service_management/certificate.rb#L50-L58
from knife-azure.
tessus
commented on August 25, 2024
@adamedx I think you misunderstood my question.
I know that I can create a public key from a private key, but there's no reason to do that. I have a key pair in my .ssh directory. To connect to a remote machine, the public key has to be uploaded to the remote system.
There should be no need for you to touch my private key in any way.
Thus you should be able to specify the public key with this parameter and this key should then be uploaded and put into the authorized_keys file.
from knife-azure.
adamedx
commented on August 25, 2024
Right, we could just use your public key for just provisioning the remote system, but we also need the private key because after the VM boots up, we create an ssh connection to the remote system and use that to bootstrap. Again, the private key is never sent to the remote system.
Since we need the private key to start the ssh connection, we just ask you to specify that. We could also ask you for the public key, but since we can generate that, it's not necessary and avoids the complexity of supplying extra arguments and making sure the keys match up.
Here's another place where you'll see the private key used: bootstrapping an existing system via the knife command that comes with chef: https://github.com/chef/chef/blob/master/lib/chef/knife/bootstrap.rb#L80-L83. This is actually the same case here, the difference is that with knife-azure we actually create the system, and we also configure it with a public key before resuming with the sequence in plain knife.
from knife-azure.
adamedx
commented on August 25, 2024
One other suggestion if you're looking at this from a security standpoint: an even safer way than using ssh for bootstrap is using the --bootstrap-protocol cloud-api option. That simply uses the Azure api to inject Chef into the VM rather than sending commands via ssh. For that flow you don't have to specify a private key, and you could enable ssh via a cookbook with a public key rather than through knife itself.
from knife-azure.
tessus
commented on August 25, 2024
Thank you for the info.
I didn't realize the bootstrap part. For some reason I thought this would be either part of the image or done via other means.
Now it makes sense. I just got nervous having to specify a private key without knowing why it was necessary and what was done with the key.
from knife-azure.
Related Issues (20)
- Master is broken for any azurerm server create operations that involve virtual networks
- `--delete-resource-group` works, but exits as failed HOT 1
- knife-azure does not work with latest chefdk (2.3.1). gem collision error HOT 1
- Unable to execute chef cookbooks in azure RM VM HOT 7
- knife azurerm command returns "azure: not recognized as an internal or external command" HOT 10
- Azure VM not created on using knife azurerm server create command HOT 5
- IniFile::Error HOT 6
- Creating VM using custom azure images HOT 5
- unable to use existing storage account / Vnet while creating new VM HOT 3
- azure_mgmt_resources conflict HOT 3
- Validatorless boostrap fails with error for knife azurerem server create.
- Not able to create VM with Standard_F2 size
- azure_mgmt_resources and azure_mgmt_network conflict errors HOT 2
- Improper error handling, always displays "Something went wrong". HOT 1
- --bootstrap-version is not working HOT 1
- Dependabot can't parse your Gemfile
- Azure VM not created on using knife azurerm server create command HOT 4
- Update the default platform versions to supported releases
- Move to the latest azure profile instead of 2018 API release
- Remove the legacy knife azure commands
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from knife-azure.