Revision cd30f3e6 doc/security.rst
| b/doc/security.rst | ||
|---|---|---|
| 127 | 127 |
Conf daemon |
| 128 | 128 |
----------- |
| 129 | 129 |
|
| 130 |
In Ganeti 2.7, the ``confd`` daemon (if enabled at build time), serves
|
|
| 130 |
In Ganeti 2.8, the ``confd`` daemon (if enabled at build time), serves
|
|
| 131 | 131 |
both network-originated queries (about the static configuration) and |
| 132 | 132 |
local (UNIX socket) queries (about the run-time configuration; answering |
| 133 | 133 |
these means talking to other cluster nodes, which makes use of the |
| ... | ... | |
| 138 | 138 |
- disable confd at build time if it's not needed in your setup |
| 139 | 139 |
- otherwise, configure Ganeti (at build time) to use separate users, so |
| 140 | 140 |
that the confd daemon doesn't also have access to the server SSL/TLS |
| 141 |
certificates |
|
| 141 |
certificates.
|
|
| 142 | 142 |
|
| 143 |
It is planned to split the two functionalities (local/remote querying) |
|
| 144 |
of confd into two separate daemons in a future Ganeti version. |
|
| 143 |
NB: the second suggestion is not valid since Ganeti 2.8.0~beta1, because confd |
|
| 144 |
needs access to the certificate in order to communicate on the network. |
|
| 145 |
This will be fixed when the planned split of the two functionalities |
|
| 146 |
(local/remote querying) of confd into two separate daemons will take place, |
|
| 147 |
in a future Ganeti version. |
|
| 145 | 148 |
|
| 146 | 149 |
Monitoring daemon |
| 147 | 150 |
----------------- |
Also available in: Unified diff