root / doc / design-ssh-ports.rst @ 333bd799
History | View | Annotate | Download (2.1 kB)
| 1 |
================================================ |
|---|---|
| 2 |
Design for supporting custom SSH ports for nodes |
| 3 |
================================================ |
| 4 |
|
| 5 |
.. contents:: :depth: 4 |
| 6 |
|
| 7 |
This design document describes the intention of supporting running SSH servers |
| 8 |
on nodes with non-standard port numbers. |
| 9 |
|
| 10 |
|
| 11 |
Current state and shortcomings |
| 12 |
============================== |
| 13 |
|
| 14 |
All SSH deamons are expected to be running on the default port 22. It has been |
| 15 |
requested by Ganeti users (`Issue 235`_) to allow SSH daemons run on |
| 16 |
non-standard ports as well. |
| 17 |
|
| 18 |
.. _`Issue 235`: https://code.google.com/p/ganeti/issues/detail?id=235 |
| 19 |
|
| 20 |
|
| 21 |
Proposed Changes |
| 22 |
================ |
| 23 |
|
| 24 |
Allow users to configure groups with custom SSH ports. All nodes in such a |
| 25 |
group will then be using its configured SSH port. |
| 26 |
|
| 27 |
The configuration will be on the group level only as we expect all nodes in a group |
| 28 |
to have identical configurations. |
| 29 |
|
| 30 |
Users will be responsible for configuring the SSH daemons on machines before |
| 31 |
adding them as nodes to a group with a non-standard port number, or when |
| 32 |
modifying the port number of an existing group. Ganeti will not update SSH |
| 33 |
configuration by itself. |
| 34 |
|
| 35 |
|
| 36 |
Implementation Details |
| 37 |
====================== |
| 38 |
|
| 39 |
We must ensure that all operations that use SSH will use custom ports as configured. This includes: |
| 40 |
|
| 41 |
- gnt-cluster verify |
| 42 |
- gnt-cluster renew-crypto |
| 43 |
- gnt-cluster upgrade |
| 44 |
- gnt-node add |
| 45 |
- gnt-instance console |
| 46 |
|
| 47 |
Configuration Changes |
| 48 |
~~~~~~~~~~~~~~~~~~~~~ |
| 49 |
|
| 50 |
The node group *ndparams* will get an additional integer valued parameter *ssh_port*. |
| 51 |
|
| 52 |
Upgrades/downgrades |
| 53 |
~~~~~~~~~~~~~~~~~~~ |
| 54 |
|
| 55 |
To/from version 2.10 |
| 56 |
-------------------- |
| 57 |
|
| 58 |
During upgrade from 2.10, the default value 22 will be supplemented. |
| 59 |
|
| 60 |
During downgrade to 2.10 the downgrading script will check that there are no |
| 61 |
configured ports other than 22 (because this would result in a broken cluster) |
| 62 |
and then will remove the corresponding key/value pairs from the configuration. |
| 63 |
|
| 64 |
Future versions |
| 65 |
--------------- |
| 66 |
|
| 67 |
For future versions the up/downgrade operation will need to know the configured |
| 68 |
SSH ports. Because all daemons are stopped during the process, it will be |
| 69 |
necessary to include SSH ports in *ssconf*. |