maas-devel team mailing list archive

[Mark Shuttleworth <mark@xxxxxxxxxx>]

Hi folks

I'm not sure where this thread came out, but I'm concerned I didn't see a clear path to public-key based authentication of region and cluster so here's guidance based on this week's conversations, which should be a target for 1.8 (with as much getting into 1.7 as possible):

 * the region generates a public/private keypair on installation
 * clusters generate a public private keypair on installation
    * these keys are what will really authenticate the machines to one another long term

 * short-term, rather than a shared secret, think of cluster registration as being based on a *one-time token*
   * the admin can tell the region they want to add a cluster, and the region gives them a token
     * this can be done over the web interface (as long as we get to https) or the cli on the maas-regiond server
     * having generated the token it is listed in the cluster interface as a list of "outstanding tokens", they can be deleted there
     * the tokens should be hardened for readibility because they might be passed around verbally (i.e strip characters easily misread: o0Oli1 etc)

   * the cluster admin can then tell the cluster (a) region URL and (b) token for registration
     * by local cli on the cluster server, or web UI if we have HTTPS

 * longer term, we provide a way for the admin to register the cluster with its public key directly
   * i.e. the cluster provides a self-signed cert to the admin, and the admin pastes that into region cluster registration page
   * the region provides it's certificate to the admin at that point
   * then the admin tells the cluster where to find the region, and the cert to expect it to use
   * the cluster can then use its self-signed cert to authenticate all connections OR the region can issue a region-signed cert to be used

The goal asap is public-key based authentication between cluster and region.

Mark

Attachment: signature.asc
Description: OpenPGP digital signature