root / doc / design-ssh-ports.rst @ 44ffd981
History | View | Annotate | Download (2.1 kB)
1 |
================================================ |
---|---|
2 |
Design for supporting custom SSH ports for nodes |
3 |
================================================ |
4 |
|
5 |
.. contents:: :depth: 4 |
6 |
|
7 |
This design document describes the intention of supporting running SSH servers |
8 |
on nodes with non-standard port numbers. |
9 |
|
10 |
|
11 |
Current state and shortcomings |
12 |
============================== |
13 |
|
14 |
All SSH deamons are expected to be running on the default port 22. It has been |
15 |
requested by Ganeti users (`Issue 235`_) to allow SSH daemons run on |
16 |
non-standard ports as well. |
17 |
|
18 |
.. _`Issue 235`: https://code.google.com/p/ganeti/issues/detail?id=235 |
19 |
|
20 |
|
21 |
Proposed Changes |
22 |
================ |
23 |
|
24 |
Allow users to configure groups with custom SSH ports. All nodes in such a |
25 |
group will then be using its configured SSH port. |
26 |
|
27 |
The configuration will be on the group level only as we expect all nodes in a group |
28 |
to have identical configurations. |
29 |
|
30 |
Users will be responsible for configuring the SSH daemons on machines before |
31 |
adding them as nodes to a group with a non-standard port number, or when |
32 |
modifying the port number of an existing group. Ganeti will not update SSH |
33 |
configuration by itself. |
34 |
|
35 |
|
36 |
Implementation Details |
37 |
====================== |
38 |
|
39 |
We must ensure that all operations that use SSH will use custom ports as configured. This includes: |
40 |
|
41 |
- gnt-cluster verify |
42 |
- gnt-cluster renew-crypto |
43 |
- gnt-cluster upgrade |
44 |
- gnt-node add |
45 |
- gnt-instance console |
46 |
|
47 |
Configuration Changes |
48 |
~~~~~~~~~~~~~~~~~~~~~ |
49 |
|
50 |
The node group *ndparams* will get an additional integer valued parameter *ssh_port*. |
51 |
|
52 |
Upgrades/downgrades |
53 |
~~~~~~~~~~~~~~~~~~~ |
54 |
|
55 |
To/from version 2.10 |
56 |
-------------------- |
57 |
|
58 |
During upgrade from 2.10, the default value 22 will be supplemented. |
59 |
|
60 |
During downgrade to 2.10 the downgrading script will check that there are no |
61 |
configured ports other than 22 (because this would result in a broken cluster) |
62 |
and then will remove the corresponding key/value pairs from the configuration. |
63 |
|
64 |
Future versions |
65 |
--------------- |
66 |
|
67 |
For future versions the up/downgrade operation will need to know the configured |
68 |
SSH ports. Because all daemons are stopped during the process, it will be |
69 |
necessary to include SSH ports in *ssconf*. |