-
Notifications
You must be signed in to change notification settings - Fork 246
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFE: Allow every field to reference a remote resource #1097
Comments
I think this is reasonable. Something similar was already done for the Ignition types: #953 |
I suspect that allowing arbitrary fields to come from URLs or local files would introduce more complexity to the spec than the feature is worth. For your original use case, see #986. |
At first I thought the URL:s were downloaded by fcct (at "transpile-time" so to say) but now I see the URL:s Regarding introducing more complexity: I understand that this RFE would introduce more challenges If many of the string would be replaced in the file One way to solve it would be to define general_text_data seperately Another idea: That could be useful when a Fedora CoreOS installation is performed without internet access. |
Okay, I've moved the issue over to Ignition. We already have a reusable data type for this, |
You can also use the variant: fcos
version: 1.1.0
storage:
directories:
- path: /home/core/.ssh
user:
name: core
group:
name: core
mode: 0700
- path: /home/core/.ssh/authorized_keys.d
user:
name: core
group:
name: core
mode: 0700
files:
- path: /home/core/.ssh/authorized_keys.d/github
user:
name: core
group:
name: core
mode: 0600
contents:
source: https://github.com/bgilbert.keys
- path: /etc/systemd/system/example.service
contents:
source: https://example.com/example.service
systemd:
units:
- name: example.service
enabled: true |
List of use casesUse case 1. Including a systemd unit file from the file systemIt seems to be addressed in This use case can also be worked around by using I did that in an experiment of mine
(although that example uses systemd user units) Use case 2. Being able to specify an SSH public key as an URLBeing able to specify an URL, it would be easier to identify the person being granted access just by looking @bgilbert Yes, your suggestion in #1097 (comment) to use Some more thoughtsMy first thought by creating this RFE was that over time there will always pop up RFE:s requesting conversion of a string datatype into the I've been thinking a bit more about this RFE. As there are workarounds, I don't have such a big need for it. If you want you could close this issue, or just keep it open to gather user feedback. |
I noticed at
https://github.com/coreos/fcct/blob/master/docs/configuration-v1_1.md
that systemd -> contents does not have variant for including the contents from a local file. For me it would have been convenient to have that feature.
Why not generalize the data input, so that strings and bytearrays always can be included from URLs, local files or inline?
Something like two new "datatypes":
general_text_data and general_binary_data
Just a sketch:
http
,https
,s3
,tftp
, and [data
][rfc2397]. Note: When usinghttp
, it is advisable to use the verification option to ensure the contents haven't been modified. Mutually exclusive withinline
andlocal
.source
andlocal
.--files-dir
command-line argument. Mutually exclusive withsource
andinline
.http
andhttps
source schemes only.<type>-<value>
where type is eithersha512
orsha256
.If it would be possible to reference the string contents of one of
passwd -> users -> ssh_authorized_keys
with a general_text_data, you could start referencing your public ssh key from Github, as they are downloadable like this
The text was updated successfully, but these errors were encountered: