From f4afc16e9b056cff6b32adc441fecaa5057fb0ca Mon Sep 17 00:00:00 2001
From: Michael Hanselmann <hansmi@google.com>
Date: Thu, 18 Oct 2012 13:38:40 +0200
Subject: [PATCH] Update for SSH design: Cluster name, ignore node daemon
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

While writing the initial version of this design I misunderstood what
β€œsetup-ssh” does. It doesn't actually start the node daemon and just
configures SSH, nothing else.

This patch adds the cluster name as a field to the JSON structure and
clarifies the purpose of the node daemon certificate given.

Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
---
 doc/design-ssh-setup.rst | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/doc/design-ssh-setup.rst b/doc/design-ssh-setup.rst
index ef8095084..700404418 100644
--- a/doc/design-ssh-setup.rst
+++ b/doc/design-ssh-setup.rst
@@ -31,8 +31,8 @@ is moved over to the added node.
 A new script named ``prepare-node-join`` is added. It receives a JSON
 data structure (defined :ref:`below <prepare-node-join-json>`) on its
 standard input. Once the data has been successfully decoded, it proceeds
-to configure the local node's SSH daemon, the Ganeti node daemon and
-restarts both.
+to configure the local node's SSH daemon and root's SSH settings, after
+which the SSH daemon is restarted.
 
 All the master node has to do to add a new node is to gather all
 required data, build the data structure, and invoke the script on the
@@ -47,21 +47,23 @@ Eventually ``setup-ssh`` can be removed.
 JSON structure
 ~~~~~~~~~~~~~~
 
-The data is given in an object containing the keys described below. All
-entries are optional with the condition that for cryptography keys,
-private and public parts or nothing at all must be given.
+The data is given in an object containing the keys described below.
+Unless specified otherwise, all entries are optional.
 
+``cluster_name``
+  Required string with the cluster name. If a local cluster name is
+  found, the join process is aborted unless the passed cluster name
+  matches the local name.
+``node_daemon_certificate``
+  Public part of cluster's node daemon certificate in PEM format. If a
+  local node certificate and key is found, the join process is aborted
+  unless this passed public part can be verified with the local key.
 ``ssh_host_key``
   List containing public and private parts of SSH host key. See below
   for definition.
 ``ssh_root_key``
   List containing public and private parts of root's key for SSH
   authorization. See below for definition.
-``node_daemon_certificate``
-  Node daemon certificate in PEM format, to be stored in ``server.pem``.
-``start_node_daemon``
-  Boolean value describing whether the node daemon should be
-  started/restarted. If not given, the daemon is not started.
 
 Lists of SSH keys use a tuple with three values. The first describes the
 key variant (``rsa`` or ``dsa``). The second and third are the public
-- 
GitLab