Revision cd30f3e6 doc/security.rst
b/doc/security.rst | ||
---|---|---|
127 | 127 |
Conf daemon |
128 | 128 |
----------- |
129 | 129 |
|
130 |
In Ganeti 2.7, the ``confd`` daemon (if enabled at build time), serves
|
|
130 |
In Ganeti 2.8, the ``confd`` daemon (if enabled at build time), serves
|
|
131 | 131 |
both network-originated queries (about the static configuration) and |
132 | 132 |
local (UNIX socket) queries (about the run-time configuration; answering |
133 | 133 |
these means talking to other cluster nodes, which makes use of the |
... | ... | |
138 | 138 |
- disable confd at build time if it's not needed in your setup |
139 | 139 |
- otherwise, configure Ganeti (at build time) to use separate users, so |
140 | 140 |
that the confd daemon doesn't also have access to the server SSL/TLS |
141 |
certificates |
|
141 |
certificates.
|
|
142 | 142 |
|
143 |
It is planned to split the two functionalities (local/remote querying) |
|
144 |
of confd into two separate daemons in a future Ganeti version. |
|
143 |
NB: the second suggestion is not valid since Ganeti 2.8.0~beta1, because confd |
|
144 |
needs access to the certificate in order to communicate on the network. |
|
145 |
This will be fixed when the planned split of the two functionalities |
|
146 |
(local/remote querying) of confd into two separate daemons will take place, |
|
147 |
in a future Ganeti version. |
|
145 | 148 |
|
146 | 149 |
Monitoring daemon |
147 | 150 |
----------------- |
Also available in: Unified diff