Re: [Engine-devel] Support for stateless nodes
On 02/22/2012 03:57 PM, Mike Burns wrote:
There has been a lot of interest in being able to run stateless
Nodes
with ovirt-engine. ovirt-node has designed a way [1] to achieve this on
the node side, but we need input from the engine and vdsm teams to see
if we're missing some requirement or if there needs to be changes on the
engine/vdsm side to achieve this.
As it currently stands, every time you reboot an ovirt-node that is
stateless, it would require manually removing the host in engine, then
re-registering/approving it again in engine.
Any thoughts, concerns, input on how to solve this?
Perhaps the node can perform some very basic form of authentication
based on IP-address and a key derived from hardware.
I see that TPM is already mentioned on the wiki, but even on systems
without it, one could simply take a hash of all the MAC-addresses of the
system, the CPU serial and the BIOS info from /sys/class/dmi and use
that as a form of password.
It's better than nothing, or approving nodes all the time (and how do
you know if the node you are approving is really THE node?)
--
Yours sincerely,
Floris Bos