On Thu, 2012-02-09 at 00:11 +0100, Floris Bos / Maxnet wrote:
> The biggest challenge is that pieces of the oVirt project
require there
> to be persistent storage locally. For example, when you register a node
> with the engine, a manual step is required to approve the node. After
> this manual step, some certificates are copied locally into the node and
> stored. That way, the node can immediately identify itself with the
> engine and start working with no need to identify itself.
>
> To solve this problem, we need to either
> 1. remove the need to store stuff locally
> 2. provide some way to package up this config and store it somewhere,
> then retrieve on boot
> 3. embed some sort of key or certificate in the pxe image that allows
> the engine to know that this valid machine and automatically approve it.
Is there a method to pre-generate a set of certificates/configuration
files for a node?
It is not that hard to let the boot server serve the node-specific
configuration files as a cpio (initramfs) archive, based on the
MAC-address of the node.
The kernel supports having more than one initramfs file, and simply
combines the files from both archives.
It could certainly be a possible solution. There isn't a way to do this
today, but the ability to pre-generate a config bundle is certainly an
interesting thought. My inclination is that this would be a V2 feature
of stateless. First, we need to know everything that we need in the
config bundle. Then we need a way to deploy that on boot. Having it
provided through the pxe interface is something that was brought up as a
way to embed some form of key, but not the config bundle.
Mike