[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: When adding new node, how does the broker authenticate?

Nodes gets associated with brokers over mcollective/activemq. This happens immediately/automatically
if broker is configured without districts. If districts are turned on then the node needs to be places into a
district manually.

The security here is mainly in how m-collective/activemq queues and passwords are configured.  
Activemq/m-collective auth is used to make sure that nodes/brokers are not randomly claimed/controlled.

The CONF_BROKER_IP_ADDR is used by nodes to make API calls back to the broker. It requires
a gear to be authorized by the broker and per application credentials to be placed in the gear.


On Jun 17, 2013, at 6:01 AM, Jan Pazdziora <jpazdziora redhat com> wrote:

> Hello,
> could someone please point me to documentation or part of the code
> which handles authentication of the "bootstrap" operation when new
> node (either the first one or subsequent ones) are added to the
> OpenShift setup? Enterprise Extras' openshift.sh has
> CONF_BROKER_IP_ADDR and Origin has broker_fqdn in the puppet scripts
> but how does the node know it is talking to the correct broker?
> And while I'm thinking of it -- how about vice versa? Can any machine
> come and claim it is now a node for the broker?
> Thank you,
> -- 
> Jan Pazdziora
> Principal Software Engineer, Identity Management Engineering, Red Hat
> _______________________________________________
> dev mailing list
> dev lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]