Remove instructions to place GCE key in /etc/foreman#3841
Conversation
github-actions
bot
added
Needs tech review
|
The PR preview for a759109 is available at theforeman-foreman-documentation-preview-pr-3841.surge.sh The following output files are affected by this PR: |
|
One instance of "GCE_KEY" in the rendered docs is not italic: You might need double underscores. @ekohl |
|
@maximiliankolb did you have a look at my thoughts on whether we need the |
I had a glance and did not really have any input on it. On second though: Maybe we should make it more explicit by prefixing the file name with |
|
Should we drop the |
|
Maybe a prerequisite to create the JSON file on *.google.com and then in the procedure to either upload it via browser or scp it to Foreman Server? |
|
Perhaps maybe this is good enough now and we can iterate on it when we feel the need to? |
|
@ekohl This suggestion is still open: #3841 (comment) But I can also look into this after merging this PR. |
Lennonka
left a comment
Lennonka
left a comment
There was a problem hiding this comment.
I'm wondering if we could suggest an alternative path to the user that would promote a good practice where to put the key. Consider this optional for this PR.
Lennonka
added
tech review done
|
And I think it might be a good idea for some to test the new procedure. |
|
triage: kindly asking for a test from team rocket. cc @Lennonka |
I'd prefer if others can take over. This PR was more of an out-of-hand bug report. Some notes, in case it wasn't clear. Perhaps we can add a step to remove the key afterwards because it's not used. That's the whole point of this PR: it's only read by Hammer and then uploaded to Foreman where it's stored in the database. This also means the user can run the Hammer command from their own desktop (if they have Hammer installed & configured). They can drop the |
|
Oh, I missed that. Thank you. Adding a step to remove the key would make it clearer. |
|
In that case, the location of the key is irrelevant and this probably doesn't need testing. |
|
@ekohl Friendly reminder to add the step to remove the key |
Hammer uploads the key to Foreman (just like in the UI procedure) and never read again. This means there's no point in storing the file in /etc/foreman with specific permissions. Fixes: 40b1180 ("Remake GCE for Foreman Google plugin")
ekohl
force-pushed
the
gce-key-remove-redundant-instructions
branch
from
7259b30 to
a759109
Compare
|
I've dropped the scp step. |
3 participants
What changes are you introducing?
Remove the instructions to place the key in
/etc/foreman.Why are you introducing these changes? (Explanation, links to references, issues, etc.)
Hammer uploads the key to Foreman (just like in the UI procedure) and never read again. This means there's no point in storing the file in /etc/foreman with specific permissions.
It was introduced in 40b1180 (#1949).
Anything else to add? (Considerations, potential downsides, alternative solutions you have explored, etc.)
I changed the Hammer command to run as root for two reasons: the scp command also uses root and the installer sets up Hammer for root by default. 1137d3a changed it to non-root and this goes against that.
An alternative is to change the instruction to a prerequisite to have Hammer set up and the key file present. Then you only need to list the Hammer command.
Checklists
Please cherry-pick my commits into: