Design for supporting custom SSH ports for nodes

This design document describes the intention of supporting running SSH servers on nodes with non-standard port numbers.

Current state and shortcomings

All SSH deamons are expected to be running on the default port 22. It has been requested by Ganeti users (Issue 235) to allow SSH daemons run on non-standard ports as well.

Proposed Changes

Allow users to configure groups with custom SSH ports. All nodes in such a group will then be using its configured SSH port.

The configuration will be on the group level only as we expect all nodes in a group to have identical configurations.

Users will be responsible for configuring the SSH daemons on machines before adding them as nodes to a group with a non-standard port number, or when modifying the port number of an existing group. Ganeti will not update SSH configuration by itself.

Implementation Details

We must ensure that all operations that use SSH will use custom ports as configured. This includes:

  • gnt-cluster verify
  • gnt-cluster renew-crypto
  • gnt-cluster upgrade
  • gnt-node add
  • gnt-instance console

Configuration Changes

The node group ndparams will get an additional integer valued parameter ssh_port.

Upgrades/downgrades

To/from version 2.10

During upgrade from 2.10, the default value 22 will be supplemented.

During downgrade to 2.10 the downgrading script will check that there are no configured ports other than 22 (because this would result in a broken cluster) and then will remove the corresponding key/value pairs from the configuration.

Future versions

For future versions the up/downgrade operation will need to know the configured SSH ports. Because all daemons are stopped during the process, it will be necessary to include SSH ports in ssconf.