[Engine-devel] Support for stateless nodes
Floris Bos / Maxnet
bos at je-eigen-domein.nl
Wed Feb 22 16:03:39 UTC 2012
On 02/22/2012 03:57 PM, Mike Burns wrote:
> There has been a lot of interest in being able to run stateless Nodes
> with ovirt-engine. ovirt-node has designed a way [1] to achieve this on
> the node side, but we need input from the engine and vdsm teams to see
> if we're missing some requirement or if there needs to be changes on the
> engine/vdsm side to achieve this.
>
> As it currently stands, every time you reboot an ovirt-node that is
> stateless, it would require manually removing the host in engine, then
> re-registering/approving it again in engine.
>
> Any thoughts, concerns, input on how to solve this?
Perhaps the node can perform some very basic form of authentication
based on IP-address and a key derived from hardware.
I see that TPM is already mentioned on the wiki, but even on systems
without it, one could simply take a hash of all the MAC-addresses of the
system, the CPU serial and the BIOS info from /sys/class/dmi and use
that as a form of password.
It's better than nothing, or approving nodes all the time (how do you
know if the node you are approving is really THE node?)
--
Yours sincerely,
Floris Bos
More information about the Engine-devel
mailing list