Homec4science

Add `bin/almanac register` to associate a host with an Almanac device and trust…

Authored by epriestley <git@epriestley.com> on Jan 3 2015, 00:13.

Description

Add bin/almanac register to associate a host with an Almanac device and trust it

Summary:
Ref T2783. This is basically a more refined version of D10400, which churned a bit on things like SSH key storage, the actual way the signing protocol shook out, etc.

  • When Phabricator tries to make an intra-cluster service call as the omnipotent user, sign it with the host's device key.
  • Add bin/almanac register to say "this host is X device, identified by private key Y". This stores the keypair locally, adds the public key to Almanac, and trusts it.

Net effect is that once a host has been registered, the daemons can make calls to other nodes as the omnipotent user. This is primarily necessary so they can access repository API methods on remote hosts.

Test Plan:

  • Ran bin/almanac register with various valid and invalid inputs.
  • Verified keys get generated/added/stored properly.
  • Made a device-signed cluster Conduit call.
  • Made a normal old user-signed cluster Conduit call.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2783

Differential Revision: https://secure.phabricator.com/D11158

Details

Committed
epriestley <git@epriestley.com>Jan 3 2015, 00:13
Pushed
aubortJan 31 2017, 17:16
Parents
rPH8dee37a1320a: Fix some linter violations
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPHc84b9d408cb5: Add `bin/almanac register` to associate a host with an Almanac device and trust… (authored by epriestley <git@epriestley.com>).Jan 3 2015, 00:13