Changes between Version 3 and Version 4 of jessie-stretch-upgrade


Ignore:
Timestamp:
Sep 21, 2017, 2:14:20 PM (2 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • jessie-stretch-upgrade

    v3 v4  
    11= Jessie Stretch Upgrade Page =
     2
     3== Root gpg key and monkeysphere ==
     4
     5All of our servers can easily ssh between themselves through the monkeysphere. For the monkeysphere to work, the root user on each machine has to maintain an ssh-agent.
     6
     7Prior to stretch, we could not load a monkeysphere key into ssh-agent that didn't have a password (so we set the password to 'monkeys' for all keys). With stretch, you can't load a key into ssh-agent in an automated way that ''has'' a password. Sigh. Also, you cannot automate the change of a gpg key password.
     8
     9As a result: upon upgrading sites to stretch, you must manually remove the password for the root user's gpg key:
     10
     11{{{
     12gpg --change-password root@$(hostname).mayfirst.org
     13}}}
     14
     15The current password is: monkeys
     16
     17If you don't, you will get this warning when you run puppet:
     18
     19{{{
     20remote: Error: gpg --pinentry-mode loopback --passphrase '' --export-secret-keys  --armour 1>/dev/null 2>/dev/null returned 2 instead of one of [0]
     21remote: Error: /Stage[main]/Mayfirst::M_minimal/M_gpg::Private_key[root]/Exec[admin:please-manually-change-passphrase-from-monkeys-to-empty-for-root-user-on-this-host]/returns: change from notrun to 0 failed: gpg --pinentry-mode loopback --passphrase '' --export-secret-keys  --armour 1>/dev/null 2>/dev/null returned 2 instead of one of [0]
     22}}}
    223
    324== Predictable Network Interfaces Names ==