On Tue, Jan 19, 2016 at 04:15:01PM +0100, 'Helga Velroyen' via ganeti-devel wrote: > There is a bug in the current implementation of > backend.RenewCrypto. Before re-generating keys, it checks > if the current key of each node is in the Ganeti public key > file. This was intended as a security feature, but actually > does not work like that. The Ganeti public key file does > only contain the keys of the potential master candidates. > In case of a key-renewal, all nodes' keys are renewed and > that includes the normal nodes (which are not potential > master candidates). This patch removes these checks to > make sure renewal does not fail if a cluster contains > normal nodes. > > Note: since potential master candidates are not fully > implemented yet, this did not show up on actual clusters. > The unit test which is implemented in a later patch of > this series revealed this flaw.
I'm a bit confused by this patch. You say, you're removing a check that was added for security reasons. Doesn't this require an update of the design and a discussion of how this affects the invariants the security model is built on? Thanks, Klaus -- Klaus Aehlig Google Germany GmbH, Dienerstr. 12, 80331 Muenchen Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschaeftsfuehrer: Matthew Scott Sucherman, Paul Terence Manicle
