Commit 3ff2cf55 authored by Petr Pudlak's avatar Petr Pudlak Committed by Klaus Aehlig
Browse files

Design document for custom SSH ports

See issue 235. It turned out the feature is a bit more complex than expected,
hence this design doc.
Signed-off-by: default avatarPetr Pudlak <>
Signed-off-by: default avatarKlaus Aehlig <>
Reviewed-by: default avatarKlaus Aehlig <>
parent d16e3ce4
......@@ -541,6 +541,7 @@ docinput = \
doc/design-storagetypes.rst \
doc/design-upgrade.rst \
doc/design-hsqueeze.rst \
doc/design-ssh-ports.rst \
doc/devnotes.rst \
doc/glossary.rst \
doc/hooks.rst \
......@@ -19,6 +19,7 @@ Design document drafts
.. vim: set textwidth=72 :
.. Local Variables:
Design for supporting custom SSH ports for nodes
.. contents:: :depth: 4
This design document describes the intention of supporting running SSH servers
on nodes with non-standard port numbers.
Current state and shortcomings
All SSH deamons are expected to be running on the default port 22. It has been
requested by Ganeti users (`Issue 235`_) to allow SSH daemons run on
non-standard ports as well.
.. _`Issue 235`:
Proposed Changes
Allow users to configure groups with custom SSH ports. All nodes in such a
group will then be using its configured SSH port.
The configuration will be on the group level only as we expect all nodes in a group
to have identical configurations.
Users will be responsible for configuring the SSH daemons on machines before
adding them as nodes to a group with a non-standard port number, or when
modifying the port number of an existing group. Ganeti will not update SSH
configuration by itself.
Implementation Details
We must ensure that all operations that use SSH will use custom ports as configured. This includes:
- gnt-cluster verify
- gnt-cluster renew-crypto
- gnt-cluster upgrade
- gnt-node add
- gnt-instance console
Configuration Changes
The node group *ndparams* will get an additional integer valued parameter *ssh_port*.
To/from version 2.10
During upgrade from 2.10, the default value 22 will be supplemented.
During downgrade to 2.10 the downgrading script will check that there are no
configured ports other than 22 (because this would result in a broken cluster)
and then will remove the corresponding key/value pairs from the configuration.
Future versions
For future versions the up/downgrade operation will need to know the configured
SSH ports. Because all daemons are stopped during the process, it will be
necessary to include SSH ports in *ssconf*.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment