maas-devel team mailing list archive

[Julian Edwards <julian.edwards@xxxxxxxxxxxxx>]

On Monday 13 August 2012 09:38:42 Raphaël Badin wrote:
> > […]
> > 1. Worker uses Avahi to discover the MAAS and enlists itself in much the
> > same way as a node does.  We'd then wait for the admin to fill in the
> > blank details and accept the worker.
> > 
> > 2. Have an "Add Worker" form on the MAAS admin pages where the admin just
> > does everything.
> > 
> > Once a worker is fully defined we already have a way for it to receive an
> > API key from MAAS, it just needs to be pushed down at the right point.
> Like you said, having only one place to set things up has a lot of
> appeal.  But unless I'm missing something we still have two levels of
> authentication here:
> a) there is the API authentication which can be easily pushed down to
> the worker once it's registered (i.e. once the corresponding nodegroup
> with all the required data has been created)
> b) there is also the broker information (host, port, username, password,
> vhost) that the worker needs to connect to rabbitmq.
> 
> a) can be entered in the web UI but b) needs to be set up on the worker
> side when the worker package is installed.
> 
> 
> R.

All good points :)

I had a chat with Rob about this and he suggested that we work with a SRV 
record in the DNS which will contain enough information to let a new worker 
connect to the MAAS server and enlist itself (where an admin would accept it 
and enter all the DHCP details).

The SRV record should just need to contain a URL to the MAAS API where workers 
can anonymously enlist, and RabbitMQ connection details.  When accepted, the 
MAAS server would create a special job, routed to that specific worker, which 
tells it all the DHCP data and auth keys for the API.

What do you all think?