Commit f4afc16e authored by Michael Hanselmann's avatar Michael Hanselmann
Browse files

Update for SSH design: Cluster name, ignore node daemon



While writing the initial version of this design I misunderstood what
“setup-ssh” does. It doesn't actually start the node daemon and just
configures SSH, nothing else.

This patch adds the cluster name as a field to the JSON structure and
clarifies the purpose of the node daemon certificate given.
Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
Reviewed-by: default avatarIustin Pop <iustin@google.com>
parent 0232b768
......@@ -31,8 +31,8 @@ is moved over to the added node.
A new script named ``prepare-node-join`` is added. It receives a JSON
data structure (defined :ref:`below <prepare-node-join-json>`) on its
standard input. Once the data has been successfully decoded, it proceeds
to configure the local node's SSH daemon, the Ganeti node daemon and
restarts both.
to configure the local node's SSH daemon and root's SSH settings, after
which the SSH daemon is restarted.
All the master node has to do to add a new node is to gather all
required data, build the data structure, and invoke the script on the
......@@ -47,21 +47,23 @@ Eventually ``setup-ssh`` can be removed.
JSON structure
~~~~~~~~~~~~~~
The data is given in an object containing the keys described below. All
entries are optional with the condition that for cryptography keys,
private and public parts or nothing at all must be given.
The data is given in an object containing the keys described below.
Unless specified otherwise, all entries are optional.
``cluster_name``
Required string with the cluster name. If a local cluster name is
found, the join process is aborted unless the passed cluster name
matches the local name.
``node_daemon_certificate``
Public part of cluster's node daemon certificate in PEM format. If a
local node certificate and key is found, the join process is aborted
unless this passed public part can be verified with the local key.
``ssh_host_key``
List containing public and private parts of SSH host key. See below
for definition.
``ssh_root_key``
List containing public and private parts of root's key for SSH
authorization. See below for definition.
``node_daemon_certificate``
Node daemon certificate in PEM format, to be stored in ``server.pem``.
``start_node_daemon``
Boolean value describing whether the node daemon should be
started/restarted. If not given, the daemon is not started.
Lists of SSH keys use a tuple with three values. The first describes the
key variant (``rsa`` or ``dsa``). The second and third are the public
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment