bstein/metis
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

metis: source peer access keys from env-backed secrets

Browse Source
This commit is contained in:
Brad Stein 2026-04-05 10:06:55 -03:00
parent edb718a5f6
commit da6bb1aaab
2 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
inventory.titan-rpi4.yaml
View File

@ -283,7 +283,7 @@ nodes:
ssh_user: atlas ssh_user: atlas
ssh_authorized_keys: ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOb8oMX6u0z3sH/p/WBGlvPXXdbGETCKzWYwR/dd6fZb titan-bastion - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOb8oMX6u0z3sH/p/WBGlvPXXdbGETCKzWYwR/dd6fZb titan-bastion
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBlmAXoeYVcX3zE+MSsvjB7gpAHRX0djiWYxoAuAFEQx brad.stein@bstein.dev - ${METIS_SSH_KEY_BRAD}
- name: titan-db - name: titan-db
class: rpi5-ubuntu-host class: rpi5-ubuntu-host
hostname: titan-db hostname: titan-db
@ -294,8 +294,8 @@ nodes:
ssh_user: atlas ssh_user: atlas
ssh_authorized_keys: ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOb8oMX6u0z3sH/p/WBGlvPXXdbGETCKzWYwR/dd6fZb titan-bastion - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOb8oMX6u0z3sH/p/WBGlvPXXdbGETCKzWYwR/dd6fZb titan-bastion
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBlmAXoeYVcX3zE+MSsvjB7gpAHRX0djiWYxoAuAFEQx brad.stein@bstein.dev - ${METIS_SSH_KEY_BRAD}
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA48uzhL71cXeFDb+LGla1z0kFUYfWPWIgby7uaaGAaY hecate-tethys-forward - ${METIS_SSH_KEY_HECATE_TETHYS}
- name: titan-24 - name: titan-24
class: amd64-debian-worker class: amd64-debian-worker
hostname: titan-24 hostname: titan-24
@ -306,7 +306,7 @@ nodes:
ssh_user: atlas ssh_user: atlas
ssh_authorized_keys: ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOb8oMX6u0z3sH/p/WBGlvPXXdbGETCKzWYwR/dd6fZb titan-bastion - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOb8oMX6u0z3sH/p/WBGlvPXXdbGETCKzWYwR/dd6fZb titan-bastion
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBlmAXoeYVcX3zE+MSsvjB7gpAHRX0djiWYxoAuAFEQx brad.stein@bstein.dev - ${METIS_SSH_KEY_BRAD}
- name: titan-0a - name: titan-0a
class: rpi5-ubuntu-control-plane class: rpi5-ubuntu-control-plane
hostname: titan-0a hostname: titan-0a

11
pkg/inventory/types.go
View File

@ -3,6 +3,7 @@ package inventory
import ( import (
"fmt" "fmt"
"os" "os"
"strings"
"gopkg.in/yaml.v3" "gopkg.in/yaml.v3"
) )
@ -106,9 +107,15 @@ func expandInventory(inv *Inventory) {
for taintIdx, value := range inv.Nodes[idx].Taints { for taintIdx, value := range inv.Nodes[idx].Taints {
inv.Nodes[idx].Taints[taintIdx] = os.ExpandEnv(value) inv.Nodes[idx].Taints[taintIdx] = os.ExpandEnv(value)
} }
for keyIdx, value := range inv.Nodes[idx].SSHAuthorized { expandedKeys := make([]string, 0, len(inv.Nodes[idx].SSHAuthorized))
inv.Nodes[idx].SSHAuthorized[keyIdx] = os.ExpandEnv(value) for _, value := range inv.Nodes[idx].SSHAuthorized {
expanded := strings.TrimSpace(os.ExpandEnv(value))
if expanded == "" {
continue
}
expandedKeys = append(expandedKeys, expanded)
} }
inv.Nodes[idx].SSHAuthorized = expandedKeys
for diskIdx := range inv.Nodes[idx].LonghornDisks { for diskIdx := range inv.Nodes[idx].LonghornDisks {
inv.Nodes[idx].LonghornDisks[diskIdx].Mountpoint = os.ExpandEnv(inv.Nodes[idx].LonghornDisks[diskIdx].Mountpoint) inv.Nodes[idx].LonghornDisks[diskIdx].Mountpoint = os.ExpandEnv(inv.Nodes[idx].LonghornDisks[diskIdx].Mountpoint)
inv.Nodes[idx].LonghornDisks[diskIdx].UUID = os.ExpandEnv(inv.Nodes[idx].LonghornDisks[diskIdx].UUID) inv.Nodes[idx].LonghornDisks[diskIdx].UUID = os.ExpandEnv(inv.Nodes[idx].LonghornDisks[diskIdx].UUID)