~rogpeppe/juju-core/themue-058-debug-log-api

« back to all changes in this revision

Viewing changes to doc/system-ssh-key.txt

Committer: Frank Mueller
Date: 2014-01-07 13:59:00 UTC
mfrom: (2152.1.32 juju-core)
Revision ID: frank.mueller@canonical.com-20140107135900-t3akd2tp3s5fsujf

merged trunk

files added:
cmd/charm-admin

cmd/charm-admin/config.go

cmd/charm-admin/config_test.go

cmd/charm-admin/deletecharm.go

cmd/charm-admin/deletecharm_test.go

cmd/charm-admin/main.go

cmd/charm-admin/suite_test.go

doc/system-ssh-key.txt

replicaset

replicaset/replicaset.go

replicaset/replicaset_test.go

state/apiserver/client/status.go

state/statecmd

state/statecmd/status.go

store/config.go

store/config_test.go

utils/ssh/generate.go

utils/ssh/generate_test.go

files renamed:
cmd/plugins/juju-update-bootstrap/ => cmd/plugins/juju-restore/

cmd/plugins/juju-update-bootstrap/updatebootstrap.go => cmd/plugins/juju-restore/restore.go

environs/manual/detection.go => environs/manual/init.go

environs/manual/detection_test.go => environs/manual/init_test.go

files modified:
Makefile

agent/bootstrap.go

agent/bootstrap_test.go

cloudinit/sshinit/configure.go

cloudinit/sshinit/configure_test.go

cmd/charmd/main.go

cmd/charmload/main.go

cmd/juju/addmachine.go

cmd/juju/addmachine_test.go

cmd/juju/addunit_test.go

cmd/juju/deploy_test.go

cmd/juju/status.go

cmd/juju/status_test.go

cmd/jujud/agent_test.go

cmd/jujud/bootstrap_test.go

cmd/jujud/machine_test.go

cmd/plugins/juju-backup/juju-backup

cmd/plugins/juju-metadata/imagemetadata.go

cmd/plugins/juju-metadata/signmetadata.go

cmd/plugins/juju-metadata/toolsmetadata.go

dependencies.tsv

environs/bootstrap/state.go

environs/cloudinit.go

environs/cloudinit/cloudinit.go

environs/cloudinit/cloudinit_test.go

environs/config/authkeys.go

environs/config/config.go

environs/filestorage/filestorage.go

environs/jujutest/livetests.go

environs/manual/bootstrap.go

environs/manual/bootstrap_test.go

environs/manual/fakessh.go

environs/manual/provisioner.go

environs/manual/provisioner_test.go

environs/sshstorage/storage.go

environs/sshstorage/storage_test.go

juju/deploy.go

provider/common/bootstrap.go

provider/common/bootstrap_test.go

provider/dummy/environs.go

provider/ec2/local_test.go

provider/local/environ.go

provider/local/environprovider.go

provider/null/config.go

provider/null/config_test.go

provider/null/environ.go

provider/null/environ_test.go

scripts/checktesting.bash

scripts/win-installer/setup.iss

state/addmachine.go

state/address.go

state/api/client.go

state/api/params/params.go

state/api/provisioner/provisioner_test.go

state/apiserver/agent/agent_test.go

state/apiserver/client/api_test.go

state/apiserver/client/client.go

state/apiserver/client/client_test.go

state/apiserver/client/perm_test.go

state/apiserver/provisioner/provisioner_test.go

state/assign_test.go

state/cleanup_test.go

state/export_test.go

state/machine.go

state/machine_test.go

state/settings_test.go

state/state_test.go

state/unit.go

state/watcher.go

store/store.go

store/store_test.go

testing/mgo.go

testing/mgo_test.go

utils/file.go

utils/file_test.go

utils/ssh/authorisedkeys.go

utils/ssh/authorisedkeys_test.go

version/version.go

worker/authenticationworker/worker.go

worker/authenticationworker/worker_test.go

worker/provisioner/container_initialisation_test.go

worker/provisioner/kvm-broker_test.go

worker/provisioner/lxc-broker_test.go

worker/provisioner/provisioner_test.go

Show diffs side-by-side

added added

removed removed

doc/system-ssh-key.txt

The idea of having a system SSH key is to support a number of real and

potential use-cases.

* The system ssh key could be used to monitor the bootstrap process, and this

would benefit the new users that don't have an existing SSH key

* Allows the api server machines to ssh to other machines in the environment

* could be used to set up ssh tunnels through a single public facing IP

address on the server

* allows juju-run commands to be run on remote machiens

Juju already creates a private key for serving the mongo database. It was an

option to also use this key, but in the end, having different keys for

different purposes just seems like a more robust idea.

A system key is generated when the environment is bootstrapped, and uploaded

as part of the cloud-init machine creation process. The public key part is

added to the authorized keys list.

This means that we need to generate an identity file and the authorized key

line prior to creating the new machine.

If subsequent state server machines are created, they also need to have the

system identity file on them. Actually, it is most likely the API server jobs

that we really care about.

Older »