| Thread Previous • Date Previous • Date Next • Thread Next |
On 2012-08-13 07:49, Julian Edwards wrote:
We have a chicken and egg problem of adding new workers if we want to automate
it. Basically, the new worker would need to discover the MAAS server ("Region
Controller") and register itself. To do anything useful, the worker has to
have an API key for the server so we don't want any old worker coming along
and getting a key and potentially handling compromised nodes. Additionally,
the workers need to be configured with DHCP details. We can fill most of
these in automatically but not everything. Admins will still need to set up
IP ranges, netmask, etc.
Our design has always assumed that we can send secrets to the worker through rabbit. So I think we mostly need a secure, bilaterally-authenticated negotiation for hooking up to rabbit. That's where a manual verification step would seem to fit.
With that done we can send everything that the worker needs to know down over the rabbit channel that we already trust, using a mechanism we already have: API service location, API credentials, DHCP settings, OMAPI key, etc.
Jeroen
| Thread Previous • Date Previous • Date Next • Thread Next |
