Eucalyptus implements a secure protocol for registering separate
components so that the overall system can’t be tricked into
including a component run by an unauthorized administrator or user.
You only need to register components the first time Eucalyptus is
started after it was installed.
Most registration commands run on the CLC server. NCs, however, are
registered on each CC. You must register each NC on every CC for the
cluster on which the NC participates.
Note that each registration command will attempt an SSH as root to
the remote physical host where the registering component is assumed
to be running. The registration command also contacts the component
so it must be running at the time of the command is issued. If a
password is required to allow SSH access, the command will prompt
the user for it.
Except for NCs, each registration command requires four pieces of
information:
- The component (--register-XYZ) you are
registering, because this affects where the commands must be
executed.
- The partition (--partition) the
component will belong to. The partition is the same thing as
availability zone in AWS.
- The name (--component) ascribed to the
component. This is the name used to identify the component in a
human-friendly way. This name is also used when reporting system
state changes which require administrator attention. This name
must be globally-unique with respect to other component
registrations. To ensure this uniqueness, we recommend using a
combination of the component type (CLC, SC, CC, etc) and system
hostname or IP address when you choose your component names. For
example: clc-eucahost15 or
clc-192.168.0.15.
- The IP address (--host) of the service
being registered. The host must be specified by IP address to
function correctly.
NCs only have two pieces of information: component name and IP
address.
