On Monday 13 August 2012 09:38:42 Raphaël Badin wrote: > > […] > > 1. Worker uses Avahi to discover the MAAS and enlists itself in much the > > same way as a node does. We'd then wait for the admin to fill in the > > blank details and accept the worker. > > > > 2. Have an "Add Worker" form on the MAAS admin pages where the admin just > > does everything. > > > > Once a worker is fully defined we already have a way for it to receive an > > API key from MAAS, it just needs to be pushed down at the right point. > Like you said, having only one place to set things up has a lot of > appeal. But unless I'm missing something we still have two levels of > authentication here: > a) there is the API authentication which can be easily pushed down to > the worker once it's registered (i.e. once the corresponding nodegroup > with all the required data has been created) > b) there is also the broker information (host, port, username, password, > vhost) that the worker needs to connect to rabbitmq. > > a) can be entered in the web UI but b) needs to be set up on the worker > side when the worker package is installed. > > > R.
All good points :) I had a chat with Rob about this and he suggested that we work with a SRV record in the DNS which will contain enough information to let a new worker connect to the MAAS server and enlist itself (where an admin would accept it and enter all the DHCP details). The SRV record should just need to contain a URL to the MAAS API where workers can anonymously enlist, and RabbitMQ connection details. When accepted, the MAAS server would create a special job, routed to that specific worker, which tells it all the DHCP data and auth keys for the API. What do you all think? -- Mailing list: https://launchpad.net/~maas-devel Post to : [email protected] Unsubscribe : https://launchpad.net/~maas-devel More help : https://help.launchpad.net/ListHelp
