You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add pool.sync_trusted_certificates_from API (#7056)
Add a new API pool.sync_trusted_certificates_from to facilitate the
secure LDAP feature in pool.join case. It is also a general API to
download trusted certificates.
1. Client find proper `ldaps certs` from pool coordinator as `certs_pool`
293
-
- a. find all certs `ldaps in purpose`
294
-
- b. if no LDAPS certs, find all `general` certs
295
-
2. Client find all certs in joining host as `certs_joining_host`
296
-
3. Client identify the certs needs to be synced to joining host as `certs_to_sync = certs_pool - certs_joining_host` (certs in `certs_pool`, but not in `certs_joining_host`), the certs fingerprint should be used to identify the certs
297
-
4. Client download all `certs_to_sync`, `pool.download_trusted_certificate` from coordinator
298
-
5. Client upload all certs to joining pool, `pool.install_trusted_certificate` to joining pool, with the same purpose
299
-
6. Client trigger `pool.join` again with domain username and password
300
-
7. After pool.join:
292
+
1. Client calls `pool.sync_trusted_certificates_from` to joiner host. The call will
293
+
- a. download all trusted certificates from the pool, and
294
+
- b. install the trusted certificates into the joiner host.
295
+
2. Client trigger `pool.join` again with domain username and password
296
+
3. After pool.join:
301
297
- If pool.join failed, Client call `pool.uninstall_trusted_certificate` on joining host to revert the certs
302
298
- If pool.join succeed, do nothing as pool.join would sync the certs anyway
0 commit comments