Proxmox, clones and cf-key

16 views
Skip to first unread message

Martin Simons

unread,
Mar 4, 2022, 11:06:45 AM3/4/22
to help-cfengine
Dear CFEngineer,

For years I have been struggling with OpenNebula in order to create my private cloud. I never got it to work properly.
In January I found a reference to Proxmox and I decided to give it hinge. I really is working great, I am over the moon and I don't understand why there is so little publicity about the product.Spinning up and migrating VM's is a piece of cake.

Now the issue:
I looked at the cf-key output and I noticed that only a couple of machines were reported. The different machines seem to share the same MD5 key.

How does CFEngine generate those keys?

Best regards,
Martin.

Nick Anderson

unread,
Mar 4, 2022, 11:23:07 AM3/4/22
to Martin Simons, help-c...@googlegroups.com

Martin Simons <mjcm....@gmail.com> writes:

Now the issue: I looked at the cf-key output and I noticed that only a couple of machines were reported. The different machines seem to share the same MD5 key.

How does CFEngine generate those keys?

If the keys are identical then I would expect that those hosts were cloned from a machine that had cfengine installed.

Typically, when you install a cfengine package cf-key is executed to generate a key pair. In environments with more stringent requirements keys are generated ahead of time and placed during provisioning.

If you install cfengine into a template then you should clear out the ppkeys and state dir so that those are fresh for a vm provisioned from that template.

Personally, I prefer to have cfengine installed on first boot so that I don't have to update the template later but there are numerous ways to skin that cat.

Martin Simons

unread,
Mar 4, 2022, 12:12:45 PM3/4/22
to help-cfengine
Hi Nick,

It is great to hear from you.

True.
CFEngine is installed on the template VM, but it did not bootstrap.

So, I have to add the cf-key stuff in the init-clone script.

Have a great weekend.

My thoughts are with the people in Ukraine.

Best regards,
Martin.

Martin Simons

unread,
Mar 4, 2022, 12:26:03 PM3/4/22
to help-cfengine
Well, not quite.
cf-key keeps generating the same md5 hash key after removal of the original one.
So the first question remains.
I feel I have to dive into UUID's a bit.
Best regards,
Martin.


On Friday, 4 March 2022 at 17:23:07 UTC+1 Nick Anderson wrote:

Nick Anderson

unread,
Mar 4, 2022, 3:02:21 PM3/4/22
to Martin Simons, help-c...@googlegroups.com

Martin Simons <mjcm....@gmail.com> writes:

Well, not quite. cf-key keeps generating the same md5 hash key after removal of the original one. So the first question remains. I feel I have to dive into UUID's a bit.

That sounds pretty strange to me.

Generating a key should result in different output each time: 

exec 2>&1
cf-key --output-file /tmp/key1  
cf-key --output-file /tmp/key2
cf-key -p /tmp/key1.pub
cf-key -p /tmp/key2.pub
:

SHA=93342875b1b9b4a7df3ec84baae749c93c9e706b65fe4d75c0cd80617d53ec62
SHA=d7db6aa18990edb18a9ba2da4cc4052a00859b11bf076d782572e0d0101158d5

Martin Simons

unread,
Mar 5, 2022, 5:40:24 PM3/5/22
to help-cfengine
Dear Nick,

Looks like the removal of everything in ppkeys and a key generation solves the problem.

Best regards,
Martin.
Reply all
Reply to author
Forward
0 new messages