foreman icon indicating copy to clipboard operation
foreman copied to clipboard
verified publisher icon theforeman

Fixes #38499 - Introduce SSH cert support

Open adamlazik1 opened this issue 6 months ago • 5 comments

adamlazik1 avatar Jun 16 '25 14:06 adamlazik1

Only drafting stage, depends on:

  • https://github.com/theforeman/foreman_remote_execution/pull/977
  • https://github.com/theforeman/smart_proxy_remote_execution_ssh/pull/126

adamlazik1 avatar Jun 16 '25 14:06 adamlazik1

I will keep this in draft because there will be four PRs in total that should get merged at roughly the same time, but I do believe that this is now ready for review.

adamlazik1 avatar Jun 23 '25 13:06 adamlazik1

I don't know how I have done it before but after several days of trying different stuff I am unable to replicate cloud-init malfunction which I had before on the current version of the PR. The sshd service is now correctly restarted and ssh certs work out of the box. I see there is only one runcmd in our cloud-init template, so if I am not mistaken, no race conditions should be able to occur, correct?

adamlazik1 avatar Jul 09 '25 09:07 adamlazik1

Currently, this PR does not support configuring cert authentication on hosts that exist before the feature is enabled the smart proxy. Should I create a job template that could do this? It would have to be run before the ssh cert authentication is enabled on smart proxy.

adamlazik1 avatar Jul 16 '25 13:07 adamlazik1

Switching back to draft since the feature got postponed to 3.16

adamlazik1 avatar Jul 21 '25 09:07 adamlazik1

@adamlazik1 does this still need to be a draft?

adamruzicka avatar Dec 17 '25 15:12 adamruzicka