xCAT/xcat-core
2
0
Fork 0
mirror of https://github.com/xcat2/xcat-core.git synced 2025-05-29 09:13:08 +00:00
Code Issues Releases Wiki Activity

Merge pull request #5319 from robin2008/secure_doc

Browse Source 
secureroot doc
This commit is contained in:
Yuan Bai 2018-07-05 10:25:12 +08:00 committed by GitHub
commit 29f2aa8c22
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/source/advanced/security/security.rst
View File

@ -136,6 +136,15 @@ Here is an example about how to store a MD5 encrypted password for root in ``pas
tabch key=system passwd.username=root passwd.password=`openSSL passwd -1 <password>`
During the provisioning, the root password will be set on the compute nodes. By default, xCAT stores the encrypted hash of password into installation files directly for better performance.
For example, ``/etc/shadow`` in stateless image for stateless nodes or installation files ( ``/install/autoinst/<node>`` ) for stateful nodes.
You can enable **secureroot** feature for more secure consideration. ::
chdef -t site secureroot=1
Then, after the new ``packimage`` or ``nodeset`` command, the root password hash can only be acquired on-the-fly with strict security control.
Nodes Inter-Access in The Cluster

3
docs/source/guides/admin-guides/references/man5/site.5.rst
View File

@ -295,6 +295,9 @@ site Attributes:
for each node, and put them in a directory of tftpdir(such as: /tftpboot)
If no, it will not generate the mypostscript file in the tftpdir.
secureroot: If set to 1, xCAT will use secure mode to transfer root password hash
during the installation. Default is 0.
setinstallnic: Set the network configuration for installnic to be static.
sharedtftp: Set to 0 or no, xCAT should not assume the directory