Skip to content

Commit 321634c

Browse files
svetlana-efimovabenradstone
svetlana-efimova
and
benradstone
authored
docs: Document how to disable SSH access for Edge hosts (#8331)
* Document the stylus.site.remoteShell.disable field * Fix table format * Empty commit to trigger Netlify * Empty commit to trigger Netlify * Update remote-shell.md * ci: auto-formatting prettier issues * Update docs/docs-content/clusters/edge/cluster-management/remote-shell.md Co-authored-by: Ben Radstone <[email protected]> * Update docs/docs-content/clusters/edge/edge-configuration/installer-reference.md Co-authored-by: Ben Radstone <[email protected]> * Update remote-shell.md * Add release note * ci: auto-formatting prettier issues * Add Palette agent version * ci: auto-formatting prettier issues * Update installer-reference.md * Update installer-reference.md * ci: auto-formatting prettier issues * Update remote-shell.md * Update release-notes.md * ci: auto-formatting prettier issues * Update installer-reference.md * ci: auto-formatting prettier issues * Update remote-shell.md * Update release-notes.md * Update installer-reference.md * ci: auto-formatting prettier issues --------- Co-authored-by: svetlana-efimova <[email protected]> Co-authored-by: Ben Radstone <[email protected]>
1 parent e1ff2cf commit 321634c

File tree

4 files changed

+30
-19
lines changed

4 files changed

+30
-19
lines changed

docs/docs-content/clusters/edge/cluster-management/remote-shell.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,11 @@ shell after 24 hours of inactivity, you need to re-enable it.
2929

3030
- An Edge host registered with your Palette account. The Edge host may or may not be part of an Edge cluster.
3131

32+
- If your Edge host is built with Palette Agent version 4.7.c-canvos or later, the `stylus.site.remoteShell.disable`
33+
parameter in the `user-data` file must be omitted or set to `false` before the Edge host registers with Palette.
34+
`false` is the default value for this attribute. If you set this value to `true`, you cannot enable remote shell in
35+
Palette. The value cannot be changed after the host registers.
36+
3237
- You are logged in as a Palette user who has the `edgehost.sshUpdate` permission in the project to which the Edge host
3338
is associated.
3439

docs/docs-content/clusters/edge/edge-configuration/installer-reference.md

Lines changed: 20 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -240,25 +240,26 @@ stylus:
240240

241241
The `stylus.site` blocks accept the following parameters.
242242

243-
| Parameter | Description | Type | Default |
244-
| -------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- | ------- |
245-
| `stylus.site.caCerts` | The Secure Sockets Layer (SSL) Certificate Authority (CA) certificates. The certificates must be base64-encoded. | Array of strings | None |
246-
| `stylus.site.clusterId` | The ID of the cluster the Edge host belongs to. | String | `''` |
247-
| `stylus.site.clusterName` | The name of the cluster the Edge host belongs to. | String | `''` |
248-
| `stylus.site.deviceUIDPaths` | A list of file paths for reading in a product or board serial that can be used to set the device ID. The default file path is `/sys/class/dmi/id/product_uuid`. Refer to the [Device ID (UID) Parameters](#device-id-uid-parameters) section to learn more. | Array of `FileList` | None |
249-
| `stylus.site.edgeHostToken` | A token created at the tenant scope that is required for auto registration. | String | `''` |
250-
| `stylus.site.hostName` | The host name for the Edge host. This will also be the node's name when the host is added to a cluster. If you do not specify a host name, the `stylus.site.name` value becomes the host name. | String | `''` |
251-
| `stylus.site.insecureSkipVerify` | This controls whether or not a client verifies the server’s certificate chain and hostname. | boolean | `false` |
252-
| `stylus.site.name` | The Edge host ID with which the host registers with Palette. | String | `''` |
253-
| `stylus.site.network` | The network configuration settings. Refer to [Site Network Parameters](#site-network-parameters) for more details. | Object | None |
254-
| `stylus.site.paletteEndpoint` | The URL endpoint that points to Palette. Example: `api.spectrocloud.com` | String | `''` |
255-
| `stylus.site.prefix` | A prefix prepended to the Edge device hostname to form the Edge device ID. Only alphanumeric characters and `-` are allowed. | String | `edge` |
256-
| `stylus.site.projectName` | The name of the project to which the Edge host belongs. | String | `''` |
257-
| `stylus.site.projectUid` | The ID of the project to which the Edge host belongs. | String | `''` |
258-
| `stylus.site.registrationURL` | The URL that operators use to register the Edge host with Palette. | String | `''` |
259-
| `stylus.site.tags` | A parameter object you can use to provide optional key-value pairs. Refer to the [Tags](#tags) section to learn more. | Map of `string` and object value | None |
260-
| `stylus.site.tagsFromFile` | Specify tags from a file. Refer to [Tags](#tags) for more information. | `TagsFromFile` object | None |
261-
| `stylus.site.tagsFromScript` | Use a script to generate tags. Refer to [Tags](#tags) for more information. | `TagsFromScript` object | None |
243+
| Parameter | Description | Type | Default |
244+
| --------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- | ------- |
245+
| `stylus.site.caCerts` | The Secure Sockets Layer (SSL) Certificate Authority (CA) certificates. The certificates must be base64-encoded. | Array of strings | None |
246+
| `stylus.site.clusterId` | The ID of the cluster the Edge host belongs to. | String | `''` |
247+
| `stylus.site.clusterName` | The name of the cluster the Edge host belongs to. | String | `''` |
248+
| `stylus.site.deviceUIDPaths` | A list of file paths for reading in a product or board serial that can be used to set the device ID. The default file path is `/sys/class/dmi/id/product_uuid`. Refer to the [Device ID (UID) Parameters](#device-id-uid-parameters) section to learn more. | Array of `FileList` | None |
249+
| `stylus.site.edgeHostToken` | A token created at the tenant scope that is required for auto registration. | String | `''` |
250+
| `stylus.site.hostName` | The host name for the Edge host. This will also be the node's name when the host is added to a cluster. If you do not specify a host name, the `stylus.site.name` value becomes the host name. | String | `''` |
251+
| `stylus.site.insecureSkipVerify` | This controls whether or not a client verifies the server’s certificate chain and hostname. | boolean | `false` |
252+
| `stylus.site.name` | The Edge host ID with which the host registers with Palette. | String | `''` |
253+
| `stylus.site.network` | The network configuration settings. Refer to [Site Network Parameters](#site-network-parameters) for more details. | Object | None |
254+
| `stylus.site.paletteEndpoint` | The URL endpoint that points to Palette. Example: `api.spectrocloud.com` | String | `''` |
255+
| `stylus.site.prefix` | A prefix prepended to the Edge device hostname to form the Edge device ID. Only alphanumeric characters and `-` are allowed. | String | `edge` |
256+
| `stylus.site.projectName` | The name of the project to which the Edge host belongs. | String | `''` |
257+
| `stylus.site.projectUid` | The ID of the project to which the Edge host belongs. | String | `''` |
258+
| `stylus.site.registrationURL` | The URL that operators use to register the Edge host with Palette. | String | `''` |
259+
| `stylus.site.remoteShell.disable` | When set to `true`, disables remote shell access to the host. This parameter is supported for Edge hosts built with Palette agent version 4.7.c-canvos or later. | boolean | `false` |
260+
| `stylus.site.tags` | A parameter object you can use to provide optional key-value pairs. Refer to the [Tags](#tags) section to learn more. | Map of `string` and object value | None |
261+
| `stylus.site.tagsFromFile` | Specify tags from a file. Refer to [Tags](#tags) for more information. | `TagsFromFile` object | None |
262+
| `stylus.site.tagsFromScript` | Use a script to generate tags. Refer to [Tags](#tags) for more information. | `TagsFromScript` object | None |
262263

263264
:::info
264265

docs/docs-content/clusters/edge/local-ui/host-management/edit-user-data.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ After an edit has been made, the new settings will apply after the host reboots.
2727
- `stylus.site.deviceUIDPaths`
2828
- `stylus.site.tagsFromFile`
2929
- `stylus.site.tagsFromScript`
30+
- `stylus.site.remoteShell.disable`
3031
- `stylus.localUI.port`
3132
- `stylus.includeTui`
3233
- `stylus.debug`

docs/docs-content/release-notes/release-notes.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,10 @@ tags: ["release-notes"]
5252

5353
#### Improvements
5454

55+
- Remote shell access to an Edge host can now be enabled in Palette only if the parameter
56+
`stylus.site.remoteShell.disable` is omitted or set to `false` in the host’s `user-data` file before the host
57+
registers with Palette. This change applies to Edge hosts built with Palette agent version 4.7.c-canvos or later.
58+
5559
#### Bug Fixes
5660

5761
### VerteX

0 commit comments

Comments
 (0)