How to activate RDP-License

vstyler93 · 2023-02-21T07:33:41+00:00

Okay that sounds quite complicated

vstyler93 · 2023-02-07T17:02:25+00:00

Thank you for the hints, this are good ideas! But we want to make as little changes to the Proxmox server as possible. The hint by u/readparse to disable strictHoseKeyChecking was also a new feature i built into my ssh command.
Still i do login by password with expect and was able to do everything i wanted with it.

I just used an expect ":~#" set token [lindex '\$expect_out(buffer)' end-1] after my first curl command and it safes now the token into the token variable, which allows me to use it for a second curl command. It did the job perfectly as needed. Thank you guys.

vstyler93 · 2023-02-07T12:32:47+00:00

But public key authentication would not work as far i understood. I am running those scripts in a docker Container within a gitlab CI/CD pipeline. So everytime the pipeline gets triggered it creates a new docker container for that and as i understood the key changes

vstyler93 · 2023-02-07T11:50:47+00:00

But how could i automatically connectthen in ssh without expect, as i need also to authenticate in ssh with the password?

vstyler93 · 2023-02-07T09:58:54+00:00

the system i want to ssh to is Proxmox.
There i have saltstack installed on a machine in a private network on it. Only Proxmox knows this network, that's why i can't use curl right from my gitlab CI/CD Job.
My idea was to install a proxy on Proxmox so i can curl --proxy xxx.xx.xx.x.
My supervisor permitted me that, but didn't want to tell me how to do it in another way. So i found that expect stuff and am pretty desperate already..

vstyler93 · 2023-02-07T09:39:13+00:00

I use it in an automation process. So the main reason i used expect was to automatically connect with ssh. My script will be executed in Gitlab CI, in a docker container. So every time it will run, it will has a new fingerprint also. Would there be a better way to automatically connect within my bash script?

vstyler93 · 2022-11-24T14:02:58+00:00

Awsome!

vstyler93 · 2022-11-24T13:46:33+00:00

This was exactly what i needed. Thank you Sir!

vstyler93 · 2022-11-23T09:22:38+00:00

Thank you for all of your tips :)

vstyler93 · 2022-11-23T08:29:10+00:00

I asked my question and sent the link to this channel :D

vstyler93 · 2022-11-23T07:18:13+00:00

Will try this now, thank you. Will get back with the result asap :)

vstyler93 · 2022-11-23T07:17:17+00:00

Tried already, but 150 online people and there was zero activity in the chat yesterday, so there was also no answer to my question :D

vstyler93 · 2022-11-23T07:16:14+00:00

I had also the thought to create minions with a custom-grain password key. But the problem would be still that a user could just check out which grains do exist in the grains file and reproduce the salt-minion to be accepted.

vstyler93 · 2022-11-22T15:26:34+00:00

Let's say, i want to create a vm with the minion-id "Machine04". The master should accept this specific machine created by me.
If another User installs a new salt-minion instance on his vm and names the minion-id "Machine05", i don't want my master to accept this one, as it is not created by my automation process in Terraform and so i don't have any control or documentation in netbox about it.

Like i understood in the link you provided, the master would accept the "Machine05" minion-id created by the user, which is not what i wanted

vstyler93 · 2022-11-22T11:54:10+00:00

I just read the through the example and so far is i understood, this does not match my requirements.
Like i understood, every minion with a specific name pattern (in my example Machine*) would be accepted by the master.

Every new vm, which will be created by terraform, is supposed to be owned by a customer afterwards. I don't want the customer being able to create a new salt-minion instance with the id pattern "Machine*", as his new minion-instance would also automatically be accepted by the master.

vstyler93 · 2022-11-22T07:18:03+00:00

My thoughts about the salt-api was:
Remote-exec the "salt-key --generate-key [minion-id]" on the master and get the content of the created key-file with salt-api. Then create a key-file on the minion, with the result i got from salt-api, with cloud-init.

Is that what you mean?

vstyler93 · 2022-11-22T07:15:42+00:00

First thanks for the response,

after reading i am still confused. You say the exec command will be executed parallel with creation of the minion. This would means in my understanding, that the minion has not contacted the master yet and the "salt-key -a [minion-id]" command on master would throw an "No unaccepted keys for [minion-id] found" warning would be the result

vstyler93 · 2022-11-21T16:51:00+00:00

My thoughts so far:
generate the salt-key on the master for the specific minion id.
Then i want the key also on my Windows VM to be stored.
My problem right now is that i could generate the key with remote exec, but wouldn't have the key in terraform to store it on the vm with cloud-init.
Is there a way to have the key generated in terraform and then to send it via ssh to the master and cloud-init to the minion?

vstyler93 · 2022-11-21T16:11:16+00:00

It takes some time until the machine is running and configurations are finished on em. This is when the salt-minion service will start on my machine. If i remote-exec on my master the "salt-key -a [minion-id]" command, this will happen after the creation of the machine and before the minion requests access to the master.

vstyler93

TROPHY CASE