2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-25 19:10:10 +00:00

Finalize the ssh.trustnodes facility

This is the confluent approach to handling the same
problem that xCAT SSH Zones do.
This commit is contained in:
Jarrod Johnson 2021-01-08 14:05:37 -05:00
parent efdbeeae0d
commit 2d6bdffebe
2 changed files with 9 additions and 2 deletions

View File

@ -534,6 +534,13 @@ node = {
'description': ('Password to use when connecting to the hardware '
'manager'),
},
'ssh.trustnodes': {
'description': ('Nodes that are allowed to ssh into the node, '
'expressed in noderange syntax. This is used during '
'deployment if the confluent SSH certificate '
'authority is configured. Default behavior is for '
'all nodes to trust each other.'),
},
'pubkeys.addpolicy': {
'description': ('Policy to use when encountering unknown public '
'keys. Choices are "automatic" to accept and '

View File

@ -301,8 +301,8 @@ def get_cluster_list(nodename=None, cfg=None):
cfg = configmanager.ConfigManager(None)
nodes = None
if nodename is not None:
sshpeers = cfg.get_node_attributes(nodename, 'ssh.peers')
sshpeers = sshpeers.get(nodename, {}).get('ssh.peers', {}).get(
sshpeers = cfg.get_node_attributes(nodename, 'ssh.trustnodes')
sshpeers = sshpeers.get(nodename, {}).get('ssh.trustnodes', {}).get(
'value', None)
if sshpeers:
nodes = noderange.NodeRange(sshpeers, cfg).nodes