Dynamic addition of nodes
Lars Kruse
lists at sumpfralle.de
Sat Dec 26 00:39:24 CET 2015
Hi Ameir,
> [..] Is there a way to join the network without copying all certificates to
> the known node?
Tinc (as far as I know) does not support any kind of in-band key distribution.
Thus you need to take care for this on your own. I consider this as a good
approach.
Personally I use the following approaches in different situations:
* store the public keys ("hosts" directory) in a shared version control
repository (subversion/git)
* use rsync/scp for distributing the public keys from one central location
* configuration management (puppet, ansible, ...)
If you are using ansible for other administration tasks then maybe the attached
ansible task file helps you getting started. Just ignore it, if you are not
used to ansible.
I would suggest that you do not complicate things too much. Just extend the
tools that you are already using for your server or network administration.
Cheers,
Lars
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tinc.yml
Type: application/x-yaml
Size: 1735 bytes
Desc: not available
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20151226/2dd6a3ba/attachment.bin>
More information about the tinc
mailing list