doc/design-ssh-ports.rst - ganeti - Git at Google

 ================================================
 Design for supporting custom SSH ports for nodes
 ================================================

 .. contents:: :depth: 4

 This design document describes the intention of supporting running SSH servers
 on nodes with non-standard port numbers.


 Current state and shortcomings
 ==============================

 All SSH deamons are expected to be running on the default port 22. It has been
 requested by Ganeti users (`Issue 235`_) to allow SSH daemons run on
 non-standard ports as well.

 .. _`Issue 235`: https://code.google.com/p/ganeti/issues/detail?id=235


 Proposed Changes
 ================

 Allow users to configure groups with custom SSH ports. All nodes in such a
 group will then be using its configured SSH port.

 The configuration will be on the group level only as we expect all nodes in a group
 to have identical configurations.

 Users will be responsible for configuring the SSH daemons on machines before
 adding them as nodes to a group with a non-standard port number, or when
 modifying the port number of an existing group. Ganeti will not update SSH
 configuration by itself.


 Implementation Details
 ======================

 We must ensure that all operations that use SSH will use custom ports as configured. This includes:

 - gnt-cluster verify
 - gnt-cluster renew-crypto
 - gnt-cluster upgrade
 - gnt-node add
 - gnt-instance console

 Configuration Changes
 ~~~~~~~~~~~~~~~~~~~~~

 The node group *ndparams* will get an additional integer valued parameter *ssh_port*.

 Upgrades/downgrades
 ~~~~~~~~~~~~~~~~~~~

 To/from version 2.10
 --------------------

 During upgrade from 2.10, the default value 22 will be supplemented.

 During downgrade to 2.10 the downgrading script will check that there are no
 configured ports other than 22 (because this would result in a broken cluster)
 and then will remove the corresponding key/value pairs from the configuration.

 Future versions
 ---------------

 For future versions the up/downgrade operation will need to know the configured
 SSH ports. Because all daemons are stopped during the process, it will be
 necessary to include SSH ports in *ssconf*.
	================================================
	Design for supporting custom SSH ports for nodes
	================================================

	.. contents:: :depth: 4

	This design document describes the intention of supporting running SSH servers
	on nodes with non-standard port numbers.


	Current state and shortcomings
	==============================

	All SSH deamons are expected to be running on the default port 22. It has been
	requested by Ganeti users (`Issue 235`_) to allow SSH daemons run on
	non-standard ports as well.

	.. _`Issue 235`: https://code.google.com/p/ganeti/issues/detail?id=235


	Proposed Changes
	================

	Allow users to configure groups with custom SSH ports. All nodes in such a
	group will then be using its configured SSH port.

	The configuration will be on the group level only as we expect all nodes in a group
	to have identical configurations.

	Users will be responsible for configuring the SSH daemons on machines before
	adding them as nodes to a group with a non-standard port number, or when
	modifying the port number of an existing group. Ganeti will not update SSH
	configuration by itself.


	Implementation Details
	======================

	We must ensure that all operations that use SSH will use custom ports as configured. This includes:

	- gnt-cluster verify
	- gnt-cluster renew-crypto
	- gnt-cluster upgrade
	- gnt-node add
	- gnt-instance console

	Configuration Changes
	~~~~~~~~~~~~~~~~~~~~~

	The node group ndparams will get an additional integer valued parameter ssh_port.

	Upgrades/downgrades
	~~~~~~~~~~~~~~~~~~~

	To/from version 2.10
	--------------------

	During upgrade from 2.10, the default value 22 will be supplemented.

	During downgrade to 2.10 the downgrading script will check that there are no
	configured ports other than 22 (because this would result in a broken cluster)
	and then will remove the corresponding key/value pairs from the configuration.

	Future versions
	---------------

	For future versions the up/downgrade operation will need to know the configured
	SSH ports. Because all daemons are stopped during the process, it will be
	necessary to include SSH ports in ssconf.