Disable compute-init by default, warn of security issue

stackhpc · Feb 18, 2025 · 458e0bb · 458e0bb
1 parent 25eea00
commit 458e0bb
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/ansible/roles/compute_init/README.md b/ansible/roles/compute_init/README.md
@@ -3,6 +3,11 @@
 Experimental functionality to allow compute nodes to rejoin the cluster after
 a reboot without running the `ansible/site.yml` playbook.
 
+**CAUTION:** The approach used here of exporting cluster secrets over NFS
+is considered to be a security risk due to the potential for cluster users to
+mount the share on a user-controlled machine by tunnelling through a login
+node. This feature should not be enabled on production clusters at this time.
+
 To enable this:
 1. Add the `compute` group (or a subset) into the `compute_init` group. This is
    the default when using cookiecutter to create an environment, via the

diff --git a/environments/common/layouts/everything b/environments/common/layouts/everything
@@ -93,9 +93,8 @@ cluster
 [sshd]
 # Hosts where the OpenSSH server daemon should be configured
 
-[compute_init:children]
+[compute_init]
 # EXPERIMENTAL: Compute hosts to enable joining cluster on boot on
-compute
 
 [k3s:children]
 # Hosts to run k3s server/agent