canonical-ci-engineering team mailing list archive

[Evan Dandrea <evan.dandrea@xxxxxxxxxxxxx>]

On Tuesday, November 5, 2013, Andy Doan wrote:

> I don't have access to these systems, so there's nothing I can really do.
> Beyond this issue, I'd like to push hard once and for all on making SSH
> access to all our systems very simple. LDAP/etc are a pain and don't "just
> work". We created something at Linaro[1] that can run via cron that gives a
> list of launchpad users and/or groups SSH access to a system based on their
> LP public keys. As users are added/removed/modified, the script handles
> everything. Each user has their own account and can optionally be
> configured as a sudoer on a machine by machine basis[2].
>
> Its dead-simple to setup and I can't think of a reason not to just start
> moving each system over to this. Can we agree to start moving to this?
>

 Hi Andy,

IS already has a system for managing credentials across all the machines in
the data centre: userdir-ldap. Is there a specific concern you have with
this approach?

Rick and Larry were working on getting this deployed across all our systems.

Thanks!