History | View | Annotate | Download (41.2 kB)
Adding design-doc for privilege separation work done on Ganeti 2.2
Signed-off-by: René Nussbaumer <rn@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Update the 2.2 design doc with OS parameters
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Master core scalability design doc
This initial design still lacks information about the job queue lockcontention decrease.
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
design-2.2: job queue lock analysis/remediation
This builds up on the "Master core scalability design doc" detailing thecritical situations in the job queue and proposing how to fix them. Thebulleted point list at the beginning is changed to subparagraph, as the...
utils: Add functions to sign and verify X509 certs using HMAC
Certificates exchanged via an untrusted third party should besigned to ensure they haven't been modified.
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Update inter-cluster instance move design with HMAC signatures
This also adds a large piece of pseudo code for explanatory purposes.
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Update inter-cluster instance move design with HMAC verification
Initial design for inter-cluster instance moves
Initial KVM security improvement design for 2.2
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Inter-node RPC timeout design
Add template Ganeti 2.2 design doc
Signed-off-by: Guido Trotter <ultrotter@google.com>