Filing this under commissaire-http because the solution I have in mind applies here.
Currently a host can only be registered with a container manager by the investigator service after a successful bootstrap. However if the host does not specify a cluster to join up front, then it cannot register with a container manager later even if the cluster it's joining is associated with a container manager. This is because an existing host joining a cluster does not invoke the investigator service again.
The solution is to register the host with a container manager when explicitly adding the host to a cluster... but with a caveat.
Because registering with a container manager is currently gated on a successful bootstrap, the aforementioned solution would effectively bypass the bootstrap check: one could add a host to a cluster while the bootstrapping procedure is still running.
Therefore I'd like Commissaire to reject adding a host to a cluster (and thereby registering with a container manager) unless the host's status is either active or disassociated. If the status is investigating, bootstrapping, or failed, Commissaire should respond with a "405 Method Not Allowed".
This should help prevent a non-functioning node from joining a cluster and causing further errors.
mbarnes
commented
7 years ago 
Filing this under
commissaire-httpbecause the solution I have in mind applies here.Currently a host can only be registered with a container manager by the investigator service after a successful bootstrap. However if the host does not specify a cluster to join up front, then it cannot register with a container manager later even if the cluster it's joining is associated with a container manager. This is because an existing host joining a cluster does not invoke the investigator service again.
The solution is to register the host with a container manager when explicitly adding the host to a cluster... but with a caveat.
Because registering with a container manager is currently gated on a successful bootstrap, the aforementioned solution would effectively bypass the bootstrap check: one could add a host to a cluster while the bootstrapping procedure is still running.
Therefore I'd like Commissaire to reject adding a host to a cluster (and thereby registering with a container manager) unless the host's status is either
activeordisassociated. If the status isinvestigating,bootstrapping, orfailed, Commissaire should respond with a "405 Method Not Allowed".This should help prevent a non-functioning node from joining a cluster and causing further errors.