[Pkg-ganeti-devel] [ganeti] 147/165: Add ``--no-ssh-key-check`` to manpage of renew-crypto
Apollon Oikonomopoulos
apoikos at moszumanska.debian.org
Tue Aug 11 13:53:22 UTC 2015
This is an automated email from the git hooks/post-receive script.
apoikos pushed a commit to branch master
in repository ganeti.
commit 903c351867036a7ea03d41b1b781e8e41b1d00fc
Author: Helga Velroyen <helgav at google.com>
Date: Wed Jul 22 11:23:40 2015 +0200
Add ``--no-ssh-key-check`` to manpage of renew-crypto
The option was implemented a while ago, but was missing
in the man page of gnt-cluster renew-crypto so far.
Signed-off-by: Helga Velroyen <helgav at google.com>
Reviewed-by: Klaus Aehlig <aehlig at google.com>
---
man/gnt-cluster.rst | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/man/gnt-cluster.rst b/man/gnt-cluster.rst
index dec446a..f84fef8 100644
--- a/man/gnt-cluster.rst
+++ b/man/gnt-cluster.rst
@@ -855,7 +855,7 @@ RENEW-CRYPTO
| [\--new-rapi-certificate] [\--rapi-certificate *rapi-cert*]
| [\--new-spice-certificate | \--spice-certificate *spice-cert*
| \--spice-ca-certificate *spice-ca-cert*]
-| [\--new-ssh-keys]
+| [\--new-ssh-keys] [\--no-ssh-key-check]
| [\--new-cluster-domain-secret] [\--cluster-domain-secret *filename*]
This command will stop all Ganeti daemons in the cluster and start
@@ -888,7 +888,10 @@ signing CA certificate to ``--spice-ca-certificate``.
The option ``--new-ssh-keys`` renews all SSH keys of all nodes
and updates the ``authorized_keys`` files of all nodes to contain
-only the (new) public keys of all master candidates.
+only the (new) public keys of all master candidates. To avoid having
+to confirm the fingerprint of each node use the
+``--no-ssh-key-check`` option. Be aware of that this includes a
+security risk as you omit verifying the machines' identities.
Finally ``--new-cluster-domain-secret`` generates a new, random
cluster domain secret, and ``--cluster-domain-secret`` reads the
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ganeti/ganeti.git
More information about the Pkg-ganeti-devel
mailing list