Where I can found the EC2 key pair file to connect to my host?

Charly_CLAIRMONT · September 5, 2013, 8:13pm

Hi all !

I am very new to Foreman. I spent some days trying to understand where I
can found the .pem file which allows to connect via ssh to the EC2 host. I
read the manuel and did not identified any element that would help me to
get the .pem flie.

So can someone give me a solution ? Perhaps I do something wrong.

Regards.

Gwmngilfen · September 5, 2013, 8:18pm

It's stored in Foreman's database, rather than in a file on-disk. Have a
look in the key_pairs table in your Foreman db.

HTH
Greg

···

On 5 September 2013 21:13, Charly CLAIRMONT wrote:

Hi all !

I am very new to Foreman. I spent some days trying to understand where I
can found the .pem file which allows to connect via ssh to the EC2 host. I
read the manuel and did not identified any element that would help me to
get the .pem flie.

So can someone give me a solution ? Perhaps I do something wrong.

James_Bailey · September 5, 2013, 8:26pm

How I do it on mine Foreman box

[root@foreman ~]# su - postgres
-bash-4.1$ /usr/bin/psql
psql (8.4.13)
Type "help" for help.

postgres=# \c foreman
psql (8.4.13)
You are now connected to database "foreman".
foreman=# \t
Showing only tuples.
foreman=# select secret from key_pairs;

Jim

···

On 5 September 2013 21:13, Charly CLAIRMONT wrote:

Hi all !

I am very new to Foreman. I spent some days trying to understand where I
can found the .pem file which allows to connect via ssh to the EC2 host. I
read the manuel and did not identified any element that would help me to
get the .pem flie.

So can someone give me a solution ? Perhaps I do something wrong.

Regards.

–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.

Charly_CLAIRMONT · September 6, 2013, 6:19am

Hi !

Ok. I will get it from the database.

I'll keep you informed.

Thanks a lot.

···

Le jeudi 5 septembre 2013 22:26:18 UTC+2, Paradoxbound a écrit : > > How I do it on mine Foreman box > > [root@foreman ~]# su - postgres > -bash-4.1$ /usr/bin/psql > psql (8.4.13) > Type "help" for help. > > postgres=# \c foreman > psql (8.4.13) > You are now connected to database "foreman". > foreman=# \t > Showing only tuples. > foreman=# select secret from key_pairs; > > > Jim :) > > > On 5 September 2013 21:13, Charly CLAIRMONT <egw...@gmail.com > > wrote: > >> Hi all ! >> >> I am very new to Foreman. I spent some days trying to understand where I >> can found the .pem file which allows to connect via ssh to the EC2 host. I >> read the manuel and did not identified any element that would help me to >> get the .pem flie. >> >> So can someone give me a solution ? Perhaps I do something wrong. >> >> Regards. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Foreman users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to foreman-user...@googlegroups.com . >> To post to this group, send email to forema...@googlegroups.com >> . >> Visit this group at http://groups.google.com/group/foreman-users. >> For more options, visit https://groups.google.com/groups/opt_out. >> > >

Charly_CLAIRMONT · September 9, 2013, 11:16am

Hi All !

Thanks for the answer. I spent more time because of space characters in the
exported query result; so I complete the command lines of Paradoxbound :

Connect to postgres

[root@foreman ~]# su - postgres

Extract a key pair

With

<compute_resource_id> : the Compute Ressource ID your declare (EC2,

OpenStack…). take a look of compute_resources table

<Key Pair Name> : the name of the Key Pair. column key_pairs.name

[postgres@foreman ~]# echo 'select secret from key_pairs where
compute_resource_id = <compute_resource_id>;' | psql -d foreman -t |
sed -e 's/^[ \t]//' > /tmp/<Key Pair Name>*.pem

Cheers

···

Le vendredi 6 septembre 2013 08:19:31 UTC+2, Charly CLAIRMONT a écrit : > > Hi ! > > Ok. I will get it from the database. > > I'll keep you informed. > > Thanks a lot. > > Le jeudi 5 septembre 2013 22:26:18 UTC+2, Paradoxbound a écrit : >> >> How I do it on mine Foreman box >> >> [root@foreman ~]# su - postgres >> -bash-4.1$ /usr/bin/psql >> psql (8.4.13) >> Type "help" for help. >> >> postgres=# \c foreman >> psql (8.4.13) >> You are now connected to database "foreman". >> foreman=# \t >> Showing only tuples. >> foreman=# select secret from key_pairs; >> >> >> Jim :) >> >> >> On 5 September 2013 21:13, Charly CLAIRMONT wrote: >> >>> Hi all ! >>> >>> I am very new to Foreman. I spent some days trying to understand where >>> I can found the .pem file which allows to connect via ssh to the EC2 host. >>> I read the manuel and did not identified any element that would help me to >>> get the .pem flie. >>> >>> So can someone give me a solution ? Perhaps I do something wrong. >>> >>> Regards. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Foreman users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to foreman-user...@googlegroups.com. >>> To post to this group, send email to forema...@googlegroups.com. >>> Visit this group at http://groups.google.com/group/foreman-users. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >> >>

James_Bailey · September 9, 2013, 1:48pm

I was lazy and cut and pasted into vim before I cleaned up the white space.

This however is much nicer, I think it should go in the 1.2 manual section
5.2.2 "EC2 Notes". I will clean it up a little and make a docs PR; unless
someone else wants to do it or thinks it doesn't belong?

Jim

···

On 9 September 2013 12:16, Charly CLAIRMONT wrote:

Hi All !

Thanks for the answer. I spent more time because of space characters in
the exported query result; so I complete the command lines of Paradoxbound :

Connect to postgres

[root@foreman ~]# su - postgres

Extract a key pair

With

<compute_resource_id> : the Compute Ressource ID your declare (EC2,

OpenStack…). take a look of compute_resources table

: the name of the Key Pair. column key_pairs.name

[postgres@foreman ~]# echo ‘select secret from key_pairs where
compute_resource_id = <compute_resource_id>;’ | psql -d foreman -t |
sed -e 's/^[ \t]//’ > /tmp/*.pem

Cheers

Le vendredi 6 septembre 2013 08:19:31 UTC+2, Charly CLAIRMONT a écrit :

Hi !

Ok. I will get it from the database.

I’ll keep you informed.

Thanks a lot.

Le jeudi 5 septembre 2013 22:26:18 UTC+2, Paradoxbound a écrit :

How I do it on mine Foreman box

[root@foreman ~]# su - postgres
-bash-4.1$ /usr/bin/psql
psql (8.4.13)
Type “help” for help.

postgres=# \c foreman
psql (8.4.13)
You are now connected to database “foreman”.
foreman=# \t
Showing only tuples.
foreman=# select secret from key_pairs;

Jim

On 5 September 2013 21:13, Charly CLAIRMONT egw...@gmail.com wrote:

Hi all !

I am very new to Foreman. I spent some days trying to understand where
I can found the .pem file which allows to connect via ssh to the EC2 host.
I read the manuel and did not identified any element that would help me to
get the .pem flie.

So can someone give me a solution ? Perhaps I do something wrong.

Regards.

–
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to foreman-user…@googlegroups.**com.
To post to this group, send email to forema...@googlegroups.com.
Visit this group at http://groups.google.com/**group/foreman-users http://groups.google.com/group/foreman-users
.
For more options, visit https://groups.google.com/**groups/opt_out https://groups.google.com/groups/opt_out
.

–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.

Dominic_Cleal1 · September 9, 2013, 1:51pm

That'd be great in the absence of a "supported" method, thanks!

···

On 09/09/13 14:48, James Bailey wrote: > I was lazy and cut and pasted into vim before I cleaned up the white > space. ;) > > This however is much nicer, I think it should go in the 1.2 manual > section 5.2.2 "EC2 Notes". I will clean it up a little and make a docs > PR; unless someone else wants to do it or thinks it doesn't belong?

–
Dominic Cleal
Red Hat Engineering

ohadlevy · September 9, 2013, 2:44pm

> > I was lazy and cut and pasted into vim before I cleaned up the white
> > space.
> >
> > This however is much nicer, I think it should go in the 1.2 manual
> > section 5.2.2 "EC2 Notes". I will clean it up a little and make a docs
> > PR; unless someone else wants to do it or thinks it doesn't belong?
>

In 1.3 there is a feature that encrypts the compute resource passwords (if
enabled), do you think it should also encrypt the private key?

we could add a rake task or something to print out the key as well.

Ohad

···

On Mon, Sep 9, 2013 at 4:51 PM, Dominic Cleal wrote: > On 09/09/13 14:48, James Bailey wrote:

That’d be great in the absence of a “supported” method, thanks!

–
Dominic Cleal
Red Hat Engineering

–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.

James_Bailey · September 9, 2013, 3:32pm

I think the private key should be available to Foreman admins through the
UI/CLI/API with the correct privileges. Anything sensitive should be stored
encrypted. We keep all our other provisioning keys in a password safe and
require two factor auth for access. Of course with my poor coding skills it
is easier for me to say than do.

Jim

···

On 9 September 2013 15:44, Ohad Levy wrote:

On Mon, Sep 9, 2013 at 4:51 PM, Dominic Cleal dcleal@redhat.com wrote:

On 09/09/13 14:48, James Bailey wrote:

I was lazy and cut and pasted into vim before I cleaned up the white
space.

This however is much nicer, I think it should go in the 1.2 manual
section 5.2.2 “EC2 Notes”. I will clean it up a little and make a docs
PR; unless someone else wants to do it or thinks it doesn’t belong?

In 1.3 there is a feature that encrypts the compute resource passwords (if
enabled), do you think it should also encrypt the private key?

we could add a rake task or something to print out the key as well.

Ohad

That’d be great in the absence of a “supported” method, thanks!

–
Dominic Cleal
Red Hat Engineering

–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.

–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.

ohadlevy · September 9, 2013, 4:57pm

> I think the private key should be available to Foreman admins through the
> UI/CLI/API with the correct privileges. Anything sensitive should be stored
> encrypted. We keep all our other provisioning keys in a password safe and
> require two factor auth for access. Of course with my poor coding skills it
> is easier for me to say than do.
>

OK, mind adding it as a feature request?

···

On Mon, Sep 9, 2013 at 6:32 PM, James Bailey wrote:

Jim

On 9 September 2013 15:44, Ohad Levy ohadlevy@gmail.com wrote:

On Mon, Sep 9, 2013 at 4:51 PM, Dominic Cleal dcleal@redhat.com wrote:

On 09/09/13 14:48, James Bailey wrote:

I was lazy and cut and pasted into vim before I cleaned up the white
space.

This however is much nicer, I think it should go in the 1.2 manual
section 5.2.2 “EC2 Notes”. I will clean it up a little and make a docs
PR; unless someone else wants to do it or thinks it doesn’t belong?

In 1.3 there is a feature that encrypts the compute resource passwords
(if enabled), do you think it should also encrypt the private key?

we could add a rake task or something to print out the key as well.

Ohad

That’d be great in the absence of a “supported” method, thanks!

–
Dominic Cleal
Red Hat Engineering

–
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.

–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.

–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.

Robert_Vernon · March 27, 2015, 9:56am

Has any one looking into this deeper?

It would be nice to use pre-defined key pairs.

R

···

On Tuesday, September 10, 2013 at 12:57:10 AM UTC+8, ohad wrote: > > > > > On Mon, Sep 9, 2013 at 6:32 PM, James Bailey > wrote: > >> I think the private key should be available to Foreman admins through the >> UI/CLI/API with the correct privileges. Anything sensitive should be stored >> encrypted. We keep all our other provisioning keys in a password safe and >> require two factor auth for access. Of course with my poor coding skills it >> is easier for me to say than do. >> > > OK, mind adding it as a feature request? :) > > >> >> Jim >> >> >> On 9 September 2013 15:44, Ohad Levy <ohad...@gmail.com > >> wrote: >> >>> >>> >>> >>> On Mon, Sep 9, 2013 at 4:51 PM, Dominic Cleal >> > wrote: >>> >>>> On 09/09/13 14:48, James Bailey wrote: >>>> > I was lazy and cut and pasted into vim before I cleaned up the white >>>> > space. ;) >>>> > >>>> > This however is much nicer, I think it should go in the 1.2 manual >>>> > section 5.2.2 "EC2 Notes". I will clean it up a little and make a docs >>>> > PR; unless someone else wants to do it or thinks it doesn't belong? >>>> >>> >>> In 1.3 there is a feature that encrypts the compute resource passwords >>> (if enabled), do you think it should also encrypt the private key? >>> >>> we could add a rake task or something to print out the key as well. >>> >>> Ohad >>> >>>> >>>> That'd be great in the absence of a "supported" method, thanks! >>>> >>>> -- >>>> Dominic Cleal >>>> Red Hat Engineering >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Foreman users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to foreman-user...@googlegroups.com . >>>> To post to this group, send email to forema...@googlegroups.com >>>> . >>>> Visit this group at http://groups.google.com/group/foreman-users. >>>> For more options, visit https://groups.google.com/groups/opt_out. >>>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Foreman users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to foreman-user...@googlegroups.com . >>> To post to this group, send email to forema...@googlegroups.com >>> . >>> Visit this group at http://groups.google.com/group/foreman-users. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Foreman users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to foreman-user...@googlegroups.com . >> To post to this group, send email to forema...@googlegroups.com >> . >> Visit this group at http://groups.google.com/group/foreman-users. >> For more options, visit https://groups.google.com/groups/opt_out. >> > >