[Ovirt-devel] [PATCH]: Fix ovirt-identify-node to work at boot time
Perry N. Myers
pmyers at redhat.com
Wed Jun 4 22:00:32 UTC 2008
Ian Main wrote:
> On Wed, 04 Jun 2008 17:10:39 -0400
> Darryl Pierce <dpierce at redhat.com> wrote:
>
>> Daniel P. Berrange wrote:
>>>> However, in practice oVirt may be deployed on machines with 0 local
>>>> storage and no TPM. And in these cases the keytab needs to be retrieved
>>>> on every boot. So our design is to use the local keytab if present, if
>>>> not, ask for it.
>>> That's fine - I still think the two steps should be separated as you show
>>> above, with libvirt in the middle :-) Other things which are kerberos
>>> enabled can potentially be dependant on the keytab setup besides libvirt/
>>> ovirt, so it makes sense to allow that to be completed as early in boot
>>> as possible.
>> So, to be clear, we're talking about the following steps:
>>
>> 1. managed node pings the keytab service
>> 2. keytab service generates (if necessary) a keytab and returns the filename
>> 3. managed node retrieves the keytab if it does not have one
>> 4. managed node starts libvirt
>> 5. managed node collects hardware details and pings the hardware service
>> 6. hardware service grabs the info and updates the Host table
>>
>> Is that right?
>
> That sounds right to me. The only thing I was wondering about is doing this:
>
> - start libvirt
> - run node-identify as normal
> - restart libvirt service to pick up new keytab
We should try to avoid doing funky things with init sequences if possible,
and starting/stopping libvirt would definitely be abnormal.
So the sequence that I outlined should be good as it doesn't require
libvirt to be toggled like this.
Perry
More information about the ovirt-devel
mailing list