mirror of
https://github.com/holos-run/holos.git
synced 2026-03-20 01:04:59 +00:00
debc01c7de
The `make-provisioner-jwt` incorrectly used the choria broker password
as the provisioning token. In the reference [setup.sh][1] both the
token and the `broker_provisioning_password` are set to `s3cret` so I
confused the two, but they are actually different values.
This patch ensures the provisioning token configured in
`provisioner.yaml` matches the token embedded into the provisioning.jwt
file using `choria jwt provisioning` via the `make-provisioner-jwt`
script.
[1]: 6dbc8fd105/example/setup/templates/provisioner/provisioner.yaml (L6)
21 lines
816 B
Markdown
21 lines
816 B
Markdown
Initialize machine room provisioning credentials
|
|
|
|
When you want the holos controller to provision while operating in the current
|
|
working directory, run:
|
|
|
|
1. `init-choria-provisioner-creds` to populate secrets in the Holos
|
|
Provisioner Cluster (not to be confused with the Choria Provisioner).
|
|
2. `make-provisioning-jwt` to issue a `provisioning.jwt` file for `holos
|
|
controller` to use.
|
|
3. `holos controller --config=agent.cfg` to read `provisioning.jwt` and write
|
|
the provisioned config file and credentials to the current directory.
|
|
|
|
Expect the controller to provision.
|
|
|
|
Setup Notes:
|
|
|
|
The holos server flag `--provisioner-seed` must match the issuer.seed value.
|
|
To get the correct value to configure for holos server:
|
|
|
|
holos get secret choria-issuer --print-key=issuer.seed --namespace $NAMESPACE
|