Page MenuHomePhabricator

Add `bin/almanac register` to associate a host with an Almanac device and trust it
ClosedPublic

Authored by epriestley on Jan 2 2015, 8:20 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Nov 21, 3:33 AM
Unknown Object (File)
Sun, Nov 17, 9:39 AM
Unknown Object (File)
Sat, Nov 16, 3:53 AM
Unknown Object (File)
Sun, Nov 10, 2:03 PM
Unknown Object (File)
Wed, Oct 30, 11:49 PM
Unknown Object (File)
Oct 22 2024, 11:39 PM
Unknown Object (File)
Oct 17 2024, 7:12 AM
Unknown Object (File)
Oct 15 2024, 3:35 AM
Subscribers

Details

Summary

Ref T2783. This is basically a more refined version of D10400, which churned a bit on things like SSH key storage, the actual way the signing protocol shook out, etc.

  • When Phabricator tries to make an intra-cluster service call as the omnipotent user, sign it with the host's device key.
  • Add bin/almanac register to say "this host is X device, identified by private key Y". This stores the keypair locally, adds the public key to Almanac, and trusts it.

Net effect is that once a host has been registered, the daemons can make calls to other nodes as the omnipotent user. This is primarily necessary so they can access repository API methods on remote hosts.

Test Plan
  • Ran bin/almanac register with various valid and invalid inputs.
  • Verified keys get generated/added/stored properly.
  • Made a device-signed cluster Conduit call.
  • Made a normal old user-signed cluster Conduit call.

Diff Detail

Repository
rP Phabricator
Branch
devkeys
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 3495
Build 3503: [Placeholder Plan] Wait for 30 Seconds

Event Timeline

epriestley retitled this revision from to Add `bin/almanac register` to associate a host with an Almanac device and trust it.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: btrahan.
btrahan edited edge metadata.
This revision is now accepted and ready to land.Jan 2 2015, 10:14 PM
This revision was automatically updated to reflect the committed changes.