[PATCH master] Add design for changing node SSH setup

2 views
Skip to first unread message

Michael Hanselmann

unread,
Oct 15, 2012, 1:03:57 PM10/15/12
to ganeti...@googlegroups.com
---
Makefile.am | 1 +
doc/design-draft.rst | 1 +
doc/design-ssh-setup.rst | 70 ++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 72 insertions(+), 0 deletions(-)
create mode 100644 doc/design-ssh-setup.rst

diff --git a/Makefile.am b/Makefile.am
index 2565da7..77ee7b1 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -363,6 +363,7 @@ docrst = \
doc/design-remote-commands.rst \
doc/design-resource-model.rst \
doc/design-shared-storage.rst \
+ doc/design-ssh-setup.rst \
doc/design-virtual-clusters.rst \
doc/design-x509-ca.rst \
doc/devnotes.rst \
diff --git a/doc/design-draft.rst b/doc/design-draft.rst
index 585d501..e3ca681 100644
--- a/doc/design-draft.rst
+++ b/doc/design-draft.rst
@@ -16,6 +16,7 @@ Design document drafts
design-autorepair.rst
design-partitioned.rst
design-remote-commands.rst
+ design-ssh-setup.rst

.. vim: set textwidth=72 :
.. Local Variables:
diff --git a/doc/design-ssh-setup.rst b/doc/design-ssh-setup.rst
new file mode 100644
index 0000000..263230d
--- /dev/null
+++ b/doc/design-ssh-setup.rst
@@ -0,0 +1,70 @@
+Design for setting up SSH
+=====================================
+
+.. contents:: :depth: 3
+
+
+Current state and shortcomings
+------------------------------
+
+Before a node can be added to a cluster, its SSH daemon must be
+re-configured to use the cluster-wide SSH host key. Ganeti 2.3.0 changed
+the way this is done by moving all related code to a separate script,
+``tools/setup-ssh``, using Paramiko. Before all such configuration was
+done from ``lib/bootstrap.py`` using the system's own SSH client and a
+shell script given to said client through parameters.
+
+Both solutions controlled all actions on the connecting machine; the
+newly added node was merely executing commands. This implies and
+requires a tight coupling and equality between nodes (e.g. paths to
+files being the same). Most of the logic and error handling is also done
+on the connecting machine.
+
+
+Proposed changes
+----------------
+
+The main goal is to move more logic to the newly added node. Instead of
+having a relatively large script executed on the master node, most of it
+is moved over to the added node.
+
+A new script named ``prepare-node-join`` is added. It receives a JSON
+data structure (defined :ref:`below <prepare-node-join-json>`) on its
+standard input. Once the data has been successfully decoded, it proceeds
+to configure the local node's SSH daemon, the Ganeti node daemon and
+restarts both.
+
+All the master node has to do to add a new node is to gather all
+required data, build the data structure, and invoke the script on the
+node to be added. This will enable us to once again use the system's own
+SSH client and to drop the dependency on Paramiko for Ganeti itself
+(``ganeti-listrunner`` is going to continue using Paramiko).
+
+Eventually ``setup-ssh`` can be removed.
+
+.. _prepare-node-join-json:
+
+JSON structure
+~~~~~~~~~~~~~~
+
+The data is given in an object containing the keys described below. All
+entries are optional with the condition that for cryptography keys,
+private and public parts or nothing at all must be given.
+
+``ssh_host_key_rsa_private``, ``ssh_host_key_rsa_public``
+ Public and private parts of host's RSA key for SSH.
+``ssh_host_key_dsa_private``, ``ssh_host_key_dsa_public``
+ Public and private parts of host's DSA key for SSH.
+``ssh_root_key_dsa_private``, ``ssh_root_key_dsa_public``
+ Public and private parts of root's DSA key for SSH authorization.
+``node_daemon_certificate``
+ Node daemon certificate, to be stored in ``server.pem``.
+``start_node_daemon``
+ Whether the node daemon should be started/restarted. If not given, the
+ daemon is not started.
+
+.. vim: set textwidth=72 :
+.. Local Variables:
+.. mode: rst
+.. fill-column: 72
+.. End:
--
1.7.7.3

Iustin Pop

unread,
Oct 15, 2012, 1:14:52 PM10/15/12
to Michael Hanselmann, ganeti...@googlegroups.com
I'd like here to move away from DSA-only, and either use RSA or allow
the algorithm to be chosen at cluster creation. As such, can we make the
structure more flexible?

thanks,
iustin

Michael Hanselmann

unread,
Oct 16, 2012, 5:41:37 AM10/16/12
to Iustin Pop, ganeti...@googlegroups.com
2012/10/15 Iustin Pop <ius...@google.com>:
Ack.

--- a/doc/design-ssh-setup.rst
+++ b/doc/design-ssh-setup.rst
@@ -51,17 +51,30 @@ The data is given in an object containing the keys
described below. All
entries are optional with the condition that for cryptography keys,
private and public parts or nothing at all must be given.

-``ssh_host_key_rsa_private``, ``ssh_host_key_rsa_public``
- Public and private parts of host's RSA key for SSH.
-``ssh_host_key_dsa_private``, ``ssh_host_key_dsa_public``
- Public and private parts of host's DSA key for SSH.
-``ssh_root_key_dsa_private``, ``ssh_root_key_dsa_public``
- Public and private parts of root's DSA key for SSH authorization.
+``ssh_host_key``
+ List containing public and private parts of SSH host key. See below
+ for definition.
+``ssh_root_key``
+ List containing public and private parts of root's key for SSH
+ authorization. See below for definition.
``node_daemon_certificate``
- Node daemon certificate, to be stored in ``server.pem``.
+ Node daemon certificate in PEM format, to be stored in ``server.pem``.
``start_node_daemon``
- Whether the node daemon should be started/restarted. If not given, the
- daemon is not started.
+ Boolean value describing whether the node daemon should be
+ started/restarted. If not given, the daemon is not started.
+
+Lists of SSH keys use a tuple with three values. The first describes the
+key variant (``rsa`` or ``dsa``). The second and third are the public
+and private part of the key. Example:
+
+.. highlight:: javascript
+
+::
+
+ [
+ ("rsa", "AAAA...", "-----BEGIN RSA PRIVATE KEY-----..."),
+ ("dsa", "AAAA...", "-----BEGIN DSA PRIVATE KEY-----..."),
+ ]

.. vim: set textwidth=72 :
.. Local Variables:

Michael

Iustin Pop

unread,
Oct 16, 2012, 5:47:06 AM10/16/12
to Michael Hanselmann, ganeti...@googlegroups.com
On Tue, Oct 16, 2012 at 11:41:37AM +0200, Michael Hanselmann wrote:
> 2012/10/15 Iustin Pop <ius...@google.com>:
> > On Mon, Oct 15, 2012 at 07:03:57PM +0200, Michael Hanselmann wrote:
> >> +The data is given in an object containing the keys described below. All
> >> +entries are optional with the condition that for cryptography keys,
> >> +private and public parts or nothing at all must be given.
> >
> > I'd like here to move away from DSA-only, and either use RSA or allow
> > the algorithm to be chosen at cluster creation. As such, can we make the
> > structure more flexible?
>
> Ack.

LGTM. Thanks for working on this!

iustin
Reply all
Reply to author
Forward
0 new messages