On 02/22/2012 03:57 PM, Mike Burns wrote:
There has been a lot of interest in being able to run stateless Nodes with ovirt-engine. ovirt-node has designed a way [1] to achieve this on the node side, but we need input from the engine and vdsm teams to see if we're missing some requirement or if there needs to be changes on the engine/vdsm side to achieve this.
As it currently stands, every time you reboot an ovirt-node that is stateless, it would require manually removing the host in engine, then re-registering/approving it again in engine.
Any thoughts, concerns, input on how to solve this?
Perhaps the node can perform some very basic form of authentication based on IP-address and a key derived from hardware. I see that TPM is already mentioned on the wiki, but even on systems without it, one could simply take a hash of all the MAC-addresses of the system, the CPU serial and the BIOS info from /sys/class/dmi and use that as a form of password. It's better than nothing, or approving nodes all the time (and how do you know if the node you are approving is really THE node?) -- Yours sincerely, Floris Bos