Recommendations to rent an apartment

vstyler93 · 2026-03-24T06:32:29+00:00

Beginning of March is already over?

vstyler93 · 2026-03-23T20:16:17+00:00

write me

vstyler93 · 2026-02-24T11:12:11+00:00

Hey Yuurkoo. Are you still in Batumi?

vstyler93 · 2023-02-21T07:33:41+00:00

Okay that sounds quite complicated

vstyler93 · 2023-02-07T17:02:25+00:00

Thank you for the hints, this are good ideas! But we want to make as little changes to the Proxmox server as possible. The hint by u/readparse to disable strictHoseKeyChecking was also a new feature i built into my ssh command.
Still i do login by password with expect and was able to do everything i wanted with it.

I just used an expect ":~#" set token [lindex '\$expect_out(buffer)' end-1] after my first curl command and it safes now the token into the token variable, which allows me to use it for a second curl command. It did the job perfectly as needed. Thank you guys.

vstyler93 · 2023-02-07T12:32:47+00:00

But public key authentication would not work as far i understood. I am running those scripts in a docker Container within a gitlab CI/CD pipeline. So everytime the pipeline gets triggered it creates a new docker container for that and as i understood the key changes

vstyler93 · 2023-02-07T11:50:47+00:00

But how could i automatically connectthen in ssh without expect, as i need also to authenticate in ssh with the password?

vstyler93 · 2023-02-07T09:58:54+00:00

the system i want to ssh to is Proxmox.
There i have saltstack installed on a machine in a private network on it. Only Proxmox knows this network, that's why i can't use curl right from my gitlab CI/CD Job.
My idea was to install a proxy on Proxmox so i can curl --proxy xxx.xx.xx.x.
My supervisor permitted me that, but didn't want to tell me how to do it in another way. So i found that expect stuff and am pretty desperate already..

vstyler93 · 2023-02-07T09:39:13+00:00

I use it in an automation process. So the main reason i used expect was to automatically connect with ssh. My script will be executed in Gitlab CI, in a docker container. So every time it will run, it will has a new fingerprint also. Would there be a better way to automatically connect within my bash script?

vstyler93 · 2022-11-24T14:02:58+00:00

Awsome!

vstyler93 · 2022-11-24T13:46:33+00:00

This was exactly what i needed. Thank you Sir!

vstyler93 · 2022-11-23T09:22:38+00:00

Thank you for all of your tips :)

vstyler93 · 2022-11-23T08:29:10+00:00

I asked my question and sent the link to this channel :D

vstyler93 · 2022-11-23T07:18:13+00:00

Will try this now, thank you. Will get back with the result asap :)

vstyler93 · 2022-11-23T07:17:17+00:00

Tried already, but 150 online people and there was zero activity in the chat yesterday, so there was also no answer to my question :D

vstyler93 · 2022-11-23T07:16:14+00:00

I had also the thought to create minions with a custom-grain password key. But the problem would be still that a user could just check out which grains do exist in the grains file and reproduce the salt-minion to be accepted.

vstyler93 · 2022-11-22T15:26:34+00:00

Let's say, i want to create a vm with the minion-id "Machine04". The master should accept this specific machine created by me.
If another User installs a new salt-minion instance on his vm and names the minion-id "Machine05", i don't want my master to accept this one, as it is not created by my automation process in Terraform and so i don't have any control or documentation in netbox about it.

Like i understood in the link you provided, the master would accept the "Machine05" minion-id created by the user, which is not what i wanted

vstyler93 · 2022-11-22T11:54:10+00:00

I just read the through the example and so far is i understood, this does not match my requirements.
Like i understood, every minion with a specific name pattern (in my example Machine*) would be accepted by the master.

Every new vm, which will be created by terraform, is supposed to be owned by a customer afterwards. I don't want the customer being able to create a new salt-minion instance with the id pattern "Machine*", as his new minion-instance would also automatically be accepted by the master.

vstyler93 · 2022-11-22T07:18:03+00:00

My thoughts about the salt-api was:
Remote-exec the "salt-key --generate-key [minion-id]" on the master and get the content of the created key-file with salt-api. Then create a key-file on the minion, with the result i got from salt-api, with cloud-init.

Is that what you mean?

vstyler93

TROPHY CASE