On Thu, Jul 23, 2015 at 09:56:01AM +0200, 'Helga Velroyen' via ganeti-devel wrote: > The option was implemented a while ago, but was missing > in the man page of gnt-cluster renew-crypto so far. > > Signed-off-by: Helga Velroyen <[email protected]> > --- > man/gnt-cluster.rst | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/man/gnt-cluster.rst b/man/gnt-cluster.rst > index dec446a..416afda 100644 > --- a/man/gnt-cluster.rst > +++ b/man/gnt-cluster.rst > @@ -855,7 +855,7 @@ RENEW-CRYPTO > | [\--new-rapi-certificate] [\--rapi-certificate *rapi-cert*] > | [\--new-spice-certificate | \--spice-certificate *spice-cert* > | \--spice-ca-certificate *spice-ca-cert*] > -| [\--new-ssh-keys] > +| [\--new-ssh-keys] [\--no-ssh-key-check] > | [\--new-cluster-domain-secret] [\--cluster-domain-secret *filename*] > > This command will stop all Ganeti daemons in the cluster and start > @@ -888,7 +888,9 @@ signing CA certificate to ``--spice-ca-certificate``. > > The option ``--new-ssh-keys`` renews all SSH keys of all nodes > and updates the ``authorized_keys`` files of all nodes to contain > -only the (new) public keys of all master candidates. > +only the (new) public keys of all master candidates. To avoid having > +to confirm the fingerprint of each node use the > +``--no-ssh-key-check`` option.
Maybe add a word of the security implications of not verifying ssh host keys? After all, this is a secuirity related... -- Klaus Aehlig Google Germany GmbH, Dienerstr. 12, 80331 Muenchen Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschaeftsfuehrer: Graham Law, Christine Elizabeth Flores
