kickstart

Commit Graph

Author	SHA1	Message	Date
Dustin	94a9ed900f	autoprovision: Trigger host online webhook To initiate the automatic host provisioning process, a new machine must trigger the _POST /host/online_ webhook. Included in the request are the hostname of the new machine and its SSH host public keys. Optionally, the request can also contain the name of a branch in the configuration policy repository. For virtual machines, this branch name can be specified by a QEMU `fw_cfg` option. The `fw_cfg` values in sysfs are only readable by root, so the service must run as root, but it does not need any additional privileges, so we can use systemd sandbox features to restrict it. This feature is enabled by default for virtual machines. I haven't quite figured out how to do the branch selection for physical machines yet, but I will enable it for them once I do.	2025-02-08 17:22:44 -06:00

Author

SHA1

Message

Date

Dustin

94a9ed900f

autoprovision: Trigger host online webhook

To initiate the automatic host provisioning process, a new machine must
trigger the _POST /host/online_ webhook.  Included in the request are
the hostname of the new machine and its SSH host public keys.
Optionally, the request can also contain the name of a branch in the
configuration policy repository.  For virtual machines, this branch
name can be specified by a QEMU `fw_cfg` option.  The `fw_cfg` values in
sysfs are only readable by root, so the service must run as root, but
it does not need any additional privileges, so we can use systemd
sandbox features to restrict it.

This feature is enabled by default for virtual machines.  I haven't
quite figured out how to do the branch selection for physical machines
yet, but I will enable it for them once I do.

2025-02-08 17:22:44 -06:00

1 Commits (5cfc410c06e8401a96c35c2e3ae0f451f2344074)