Update for SSH design: Cluster name, ignore node daemon

While writing the initial version of this design I misunderstood what “setup-ssh” does. It doesn't actually start the node daemon and just configures SSH, nothing else. This patch adds the cluster name as a field to the JSON structure and clarifies the purpose of the node daemon certificate given. Signed-off-by: Michael Hanselmann <hansmi@google.com> Reviewed-by: Iustin Pop <iustin@google.com>

Update for SSH design: Cluster name, ignore node daemon
While writing the initial version of this design I misunderstood what “setup-ssh” does. It doesn't actually start the node daemon and just configures SSH, nothing else. This patch adds the cluster name as a field to the JSON structure and clarifies the purpose of the node daemon certificate given. Signed-off-by: Michael Hanselmann <hansmi@google.com> Reviewed-by: Iustin Pop <iustin@google.com>
f4afc16e · Michael Hanselmann · 0232b768 · f4afc16e
Commit f4afc16e authored 12 years ago by Michael Hanselmann
--- a/doc/design-ssh-setup.rst
+++ b/doc/design-ssh-setup.rst
@@ -31,8 +31,8 @@ is moved over to the added node.
 A new script named ``prepare-node-join`` is added. It receives a JSON
 data structure (defined :ref:`below <prepare-node-join-json>`) on its
 standard input. Once the data has been successfully decoded, it proceeds
-to configure the local node's SSH daemon, the Ganeti node daemon and
-restarts both.
+to configure the local node's SSH daemon and root's SSH settings, after
+which the SSH daemon is restarted.

 All the master node has to do to add a new node is to gather all
 required data, build the data structure, and invoke the script on the
@@ -47,21 +47,23 @@ Eventually ``setup-ssh`` can be removed.
 JSON structure
 ~~~~~~~~~~~~~~

-The data is given in an object containing the keys described below. All
-entries are optional with the condition that for cryptography keys,
-private and public parts or nothing at all must be given.
+The data is given in an object containing the keys described below.
+Unless specified otherwise, all entries are optional.

+``cluster_name``
+  Required string with the cluster name. If a local cluster name is
+  found, the join process is aborted unless the passed cluster name
+  matches the local name.
+``node_daemon_certificate``
+  Public part of cluster's node daemon certificate in PEM format. If a
+  local node certificate and key is found, the join process is aborted
+  unless this passed public part can be verified with the local key.
 ``ssh_host_key``
  List containing public and private parts of SSH host key. See below
  for definition.
 ``ssh_root_key``
  List containing public and private parts of root's key for SSH
  authorization. See below for definition.
-``node_daemon_certificate``
-  Node daemon certificate in PEM format, to be stored in ``server.pem``.
-``start_node_daemon``
-  Boolean value describing whether the node daemon should be
-  started/restarted. If not given, the daemon is not started.

 Lists of SSH keys use a tuple with three values. The first describes the
 key variant (``rsa`` or ``dsa``). The second and third are the public