[Maas-devel] Registration of workers (aka Cluster Controllers)
Jeroen Vermeulen
jtv at canonical.com
Mon Aug 13 02:51:09 UTC 2012
On 2012-08-13 07:49, Julian Edwards wrote:
> We have a chicken and egg problem of adding new workers if we want to automate
> it. Basically, the new worker would need to discover the MAAS server ("Region
> Controller") and register itself. To do anything useful, the worker has to
> have an API key for the server so we don't want any old worker coming along
> and getting a key and potentially handling compromised nodes. Additionally,
> the workers need to be configured with DHCP details. We can fill most of
> these in automatically but not everything. Admins will still need to set up
> IP ranges, netmask, etc.
Our design has always assumed that we can send secrets to the worker
through rabbit. So I think we mostly need a secure,
bilaterally-authenticated negotiation for hooking up to rabbit. That's
where a manual verification step would seem to fit.
With that done we can send everything that the worker needs to know down
over the rabbit channel that we already trust, using a mechanism we
already have: API service location, API credentials, DHCP settings,
OMAPI key, etc.
Jeroen
More information about the Maas-devel
mailing list