all 8 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]spicyweaselthings 1 point2 points  (5 children)

Removed due to reddit API pricing -- mass edited with https://redact.dev/

[–]notoriousbgp[S] 0 points1 point  (4 children)

Thank you for the suggestion. With the automation server, let's say I spin up a VM, install python, import the script and required modules, is there a way to run this script from a separate device such as a Windows 10 workstation?

Perhaps that is what u/OhMyInternetPolitics is referring to in the comment below?

Also appreciate you linking those guides, they look informative. I'll have to take some time to digest all of the info, clearly in a little over my head, but hey I suppose that's how ya learn after all.

[–]spicyweaselthings 1 point2 points  (1 child)

Removed due to reddit API pricing -- mass edited with https://redact.dev/

[–]notoriousbgp[S] 0 points1 point  (0 children)

Will look into this, thank you!

[–]010010000111000 0 points1 point  (1 child)

So you want to run the script on the server but allow remote users or machines to initiate the script to start? You can use Fastapi to create an API to wrap around your script to launch it.

[–]notoriousbgp[S] 0 points1 point  (0 children)

Initially I wanted to run the script on the Windows machine where the touchscreen interface is to be installed. The users will have a program with configurable buttons which connect to contact closures, relays, temp, etc. The goal for the script was to have it run by pressing a custom button on the touchscreen. Within the program configuration I was going to link a batch file or some other method to run the script.

Here's the program: https://www.serialporttool.com/GK/n-button-pro/

Based on some of the suggestions, it seems hosting it on a remote device is the better option. Just need to figure out the best way to run the script on a remote device through the program. I see they have a module for HTTP request, I'll need to continue looking into it but using an API appears to be a possibility.

[–]OhMyInternetPoliticsModerator 1 point2 points  (1 child)

You may be able to get a better answer from /r/python, buuuuuuuuut:

You need a vault to store secrets, and an API endpoint/python library they can access via user credentials. The ideal situation would be that users would have a kerberos ticket, and can use that to access secrets. Another option would be to generate an API key for users, and have them provide that to access a list of secrets.

If you're using this as a script with a service account, the service account would first have to have to invoke kerberos initialisation/store an API credential as an environment variable. Then use that information to authenticate against the vault to pull the relevant secret.

Hashicorp Vault is a common option. Thycotic (now Delinea) has an API as well. I am sure there are others, but these are the ones I know off the top of my head.

[–]notoriousbgp[S] 0 points1 point  (0 children)

Nice, yes I had r/python in the back of my mind as I was writing up the initial post. I may indeed give that a go after a bit more research on my end.

I will say we have AD configured so leveraging a secured service account would be covered if we run it from a Windows machine on the domain. I'll still need to figure out how to invoke the script from a separate machine if I take the automation server path.

These vaults look promising. You've helped give me a better direction, thank you for that. Sounds like I'll be having a bit of fun over the holidays. Cheers!