From: Chuck Lever <chuck.lever@oracle.com>
To: Luis Chamberlain <mcgrof@kernel.org>
Cc: kdevops@lists.linux.dev, cel@kernel.org
Subject: Re: [RFC PATCH] terraform/OCI: Grab secrets from ~/.oci/config
Date: Fri, 4 Apr 2025 14:35:19 -0400 [thread overview]
Message-ID: <40de8f31-115d-4b4e-aa4f-1df5d3dac139@oracle.com> (raw)
In-Reply-To: <Z_AktiGwRGCRkbPN@bombadil.infradead.org>
On 4/4/25 2:28 PM, Luis Chamberlain wrote:
> On Fri, Apr 04, 2025 at 02:24:37PM -0400, Chuck Lever wrote:
>> On 4/4/25 2:06 PM, Luis Chamberlain wrote:
>>> On Fri, Apr 04, 2025 at 12:10:49PM -0400, Chuck Lever wrote:
>>>> On a related topic, if we ever want to fully support running the kdevops
>>>> /control host/ in the cloud, terraform supports an authentication
>>>> mechanism that just uses the local instance's service principal, so
>>>> no extra authentication material is needed for provisioning the test
>>>> runners as separate cloud instances. Interesting to consider.
>>>
>>> Sorry I failed to understand this, what is mean by separate cloud
>>> instances?
>>
>> The usual situation is the control host (where terraform runs) is
>> outside the cloud. Like, on your workstation. I'm talking about a
>> scenario where kdevops and terraform are running on an instance in the
>> same cloud as where your target nodes are going to run.
>>
>> In that case, terraform can scoop up the service principal for that
>> instance, and use it in place of dot file authentication parameters.
>> So you don't have to maintain the dot file on the instance that is
>> running terraform, if it is already in the cloud.
>
> I see, so you first bring that cloud instance, and then use that as
> your command and control for test nodes. Does that first cloud instance
> need to be instantiated through another kdevops setup?
No, you can create it with terraform or from the cloud console. Start it
up when you want, or leave it running.
I'm wondering if we can get a cloud devops pipeline to trigger it when
it sees a PR against a watched repo. Haven't really thought that
through.
--
Chuck Lever
next prev parent reply other threads:[~2025-04-04 18:35 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-03 14:49 [RFC PATCH] terraform/OCI: Grab secrets from ~/.oci/config cel
2025-04-03 17:55 ` Chuck Lever
2025-04-04 15:52 ` Luis Chamberlain
2025-04-04 16:10 ` Chuck Lever
2025-04-04 18:06 ` Luis Chamberlain
2025-04-04 18:24 ` Chuck Lever
2025-04-04 18:28 ` Luis Chamberlain
2025-04-04 18:35 ` Chuck Lever [this message]
2025-04-04 19:19 ` Luis Chamberlain
2025-04-04 20:34 ` Chuck Lever
2025-04-04 15:49 ` Luis Chamberlain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40de8f31-115d-4b4e-aa4f-1df5d3dac139@oracle.com \
--to=chuck.lever@oracle.com \
--cc=cel@kernel.org \
--cc=kdevops@lists.linux.dev \
--cc=mcgrof@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox