Cluster registry » History » Version 2
Ward Vandewege, 03/07/2018 10:27 PM
| 1 | 1 | Ward Vandewege | h1. Cluster registry |
|---|---|---|---|
| 2 | |||
| 3 | h2. Problem description |
||
| 4 | |||
| 5 | 2 | Ward Vandewege | As part of the [[Federated identity]] feature, a configuration option was added to the Arvados API server to indicate which remote API servers are trusted to authenticate user IDs ('remote_hosts'). |
| 6 | 1 | Ward Vandewege | |
| 7 | This allows for basic federated identity between a group of Arvados clusters. Each time the membership of the API server group changes (an API server is added or removed), every API server in the group needs to have its configuration updated. This is not ideal. |
||
| 8 | |||
| 9 | h2. Simplifying assumptions |
||
| 10 | |||
| 11 | An Arvados API server can only be part of one federated identity group (aka 'federation'). |
||
| 12 | |||
| 13 | h2. Proposed solution |
||
| 14 | |||
| 15 | A cluster registry service, which is managed centrally by the federation admin. All API servers in the federation sync the federation membership list from the registry service automatically. |