From 058a60407a2aaab39bb5f15ee84c3a95b2f020b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@debian.org>
Date: Wed, 29 Jan 2020 13:26:20 -0500
Subject: [PATCH] pull from the ganeti nodes instead of pushing from KVM1

The rationale here is we don't want to extend trust from the old
machine, which we do by giving them root access on the new server. By
giving root access to the *old* server, we don't give it access to
anything it already has (or will have, in the case of the ganeti
nodes).
---
 tsa/howto/ganeti.mdwn | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tsa/howto/ganeti.mdwn b/tsa/howto/ganeti.mdwn
index 2ae4e3e4..4b8aa827 100644
--- a/tsa/howto/ganeti.mdwn
+++ b/tsa/howto/ganeti.mdwn
@@ -265,19 +265,19 @@ Import procedure:
 
           blkid -t TYPE=swap -s UUID -o value
 
- 3. setup a copy channel, on the KVM host:
+ 3. setup a copy channel, on the SPARE NODE:
  
         ssh-agent bash
         ssh-add /etc/ssh/ssh_host_ed25519_key
         cat /etc/ssh/ssh_host_ed25519_key.pub
 
-    on the ganeti SPARE NODE:
+    on the KVM NODE:
     
         echo "$KEY_FROM_KVM_HOST" >> /etc/ssh/userkeys/root
 
  4. copy the `.qcow` file over, from the KVM host to the SPARE NODE:
  
-        rsync -P /srv/vmstore/$INSTANCE/$INSTANCE-root $SPARE_NODE:/srv/
+        rsync -P $KVM_HOST:/srv/vmstore/$INSTANCE/$INSTANCE-root /srv/
 
  5. on the SPARE NODE, create and initialize a logical volume with the predetermined size:
  
-- 
GitLab