Finalize the ssh.trustnodes facility

This is the confluent approach to handling the same problem that xCAT SSH Zones do.
2024-11-22 09:32:21 +00:00 · 2021-01-08 14:05:37 -05:00 · 2021-01-08 14:05:37 -05:00 · 2d6bdffebe
commit 2d6bdffebe
parent efdbeeae0d
2 changed files with 9 additions and 2 deletions
--- a/confluent_server/confluent/config/attributes.py
+++ b/confluent_server/confluent/config/attributes.py
@ -534,6 +534,13 @@ node = {
        'description': ('Password to use when connecting to the hardware '
                        'manager'),
    },
+    'ssh.trustnodes': {
+        'description': ('Nodes that are allowed to ssh into the node, '
+                        'expressed in noderange syntax.  This is used during '
+                        'deployment if the confluent SSH certificate '
+                        'authority is configured.  Default behavior is for '
+                        'all nodes to trust each other.'),
+    },
    'pubkeys.addpolicy': {
        'description': ('Policy to use when encountering unknown public '
                        'keys.  Choices are "automatic" to accept and '
--- a/confluent_server/confluent/selfservice.py
+++ b/confluent_server/confluent/selfservice.py
@ -301,8 +301,8 @@ def get_cluster_list(nodename=None, cfg=None):
        cfg = configmanager.ConfigManager(None)
    nodes = None
    if nodename is not None:
-        sshpeers = cfg.get_node_attributes(nodename, 'ssh.peers')
-        sshpeers = sshpeers.get(nodename, {}).get('ssh.peers', {}).get(
+        sshpeers = cfg.get_node_attributes(nodename, 'ssh.trustnodes')
+        sshpeers = sshpeers.get(nodename, {}).get('ssh.trustnodes', {}).get(
            'value', None)
        if sshpeers:
            nodes = noderange.NodeRange(sshpeers, cfg).nodes