My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 275: RAPI method to add a node to the cluster
1 person starred this issue and may be notified of changes. Back to list
Status:  New
Owner:  ----


Sign in to add a comment
 
Reported by schrierc@google.com, Oct 3, 2012
gnt-cluster (ganeti v2.6.0) 2.6.0

Software version: 2.6.0
Internode protocol: 2060000
Configuration format: 2060000
OS api version: 20
Export interface: 0

What distribution are you using?
Debian GNU/Linux 6.0.6 (squeeze)

What steps will reproduce the problem?
The RAPI does not expose a method to add a node to the cluster. It would be ideal to have 'gnt-node add' exposed as a RAPI method so our automated tools do not require SSH.

What is the expected output? What do you see instead?
N/A

Please provide any additional information below.
Oct 3, 2012
#1 han...@google.com
(No comment was entered for this change.)
Labels: Type-Enhancement
Oct 3, 2012
Project Member #2 ius...@google.com
This is something that we had in mind for a while, with the following rough design:

- un-joined nodes are already running the node daemon, but with a dummy/self-signed certificate
- the master doesn't connect & start the node daemon, but rather asks the node "please join this cluster"
- node reconfigures itself, restarts the node daemon, and then the master can continue with config redistribution/etc.

However this design has a number of drawbacks:

- self-signed certificate is unsafe; do we really connect to desired node? (same as for ssh/no host key check)
- "accept any join request" is too liberal, we probably would need some token for filtering allowed masters

I'm not sure this simple design is safer than the current design, hence we did not actually proceed beyond discussion phase. At the current moment, we felt that SSH is safer as an initial handshake/join mechanism than a home-baked one. As such, RAPI is currently a method not for administrating the cluster, but rather for instance-level operations (and just _some_ node-level ops).

Should we maybe move this bug to the devel mailing list for discussion? Note however that this is a non-trivial undertaking…
Sign in to add a comment

Powered by Google Project Hosting