16 lines
563 B
Markdown
16 lines
563 B
Markdown
---
|
|
type: task
|
|
after:
|
|
- ./watch-hosts.md
|
|
---
|
|
|
|
When a host is removed by a network admin, the admin's daemon should modify that
|
|
host's file in the common bucket, changing the HostAssigned section to indicate
|
|
that the host is no longer present in the network.
|
|
|
|
All other hosts in the network, when a host is updated with an indication that
|
|
it's no longer present in the network, should add that host's certificate
|
|
fingerprint to the `pki.blocklist` of their local nebula instance.
|
|
|
|
The `pki.disconnect_invalid` boolean should always be true in the nebula config.
|