124 |
124 |
and works on Linux, but is not-portable; however, Ganeti doesn't work on
|
125 |
125 |
non-Linux system at the moment.
|
126 |
126 |
|
|
127 |
Luxi daemon
|
|
128 |
-----------
|
|
129 |
|
|
130 |
The ``luxid`` daemon (automatically enabled if ``confd`` is enabled at
|
|
131 |
build time) serves local (UNIX socket) queries about the run-time
|
|
132 |
configuration. Answering these means talking to other cluster nodes,
|
|
133 |
exactly as ``masterd`` does. See the notes for ``masterd`` regarding
|
|
134 |
permission-based protection.
|
|
135 |
|
127 |
136 |
Conf daemon
|
128 |
137 |
-----------
|
129 |
138 |
|
130 |
139 |
In Ganeti 2.8, the ``confd`` daemon (if enabled at build time), serves
|
131 |
|
both network-originated queries (about the static configuration) and
|
132 |
|
local (UNIX socket) queries (about the run-time configuration; answering
|
133 |
|
these means talking to other cluster nodes, which makes use of the
|
134 |
|
internal RPC SSL certificate). This makes it a bit more sensitive to
|
135 |
|
bugs (a remote attacker could get direct access to the intra-cluster
|
136 |
|
RPC), so to harden security it's recommended to:
|
137 |
|
|
138 |
|
- disable confd at build time if it's not needed in your setup
|
139 |
|
- otherwise, configure Ganeti (at build time) to use separate users, so
|
140 |
|
that the confd daemon doesn't also have access to the server SSL/TLS
|
|
140 |
network-originated queries about parts of the static cluster
|
|
141 |
configuration.
|
|
142 |
|
|
143 |
If Ganeti is not configured (at build time) to use separate users,
|
|
144 |
``confd`` has access to all Ganeti related files (including internal RPC
|
|
145 |
SSL certificates). This makes it a bit more sensitive to bugs (a remote
|
|
146 |
attacker could get direct access to the intra-cluster RPC), so to harden
|
|
147 |
security it's recommended to:
|
|
148 |
|
|
149 |
- disable confd at build time if it (and ``luxid``) is not needed in
|
|
150 |
your setup.
|
|
151 |
- configure Ganeti (at build time) to use separate users, so that the
|
|
152 |
confd daemon doesn't also have access to the server SSL/TLS
|
141 |
153 |
certificates.
|
142 |
|
|
143 |
|
NB: the second suggestion is not valid since Ganeti 2.8.0~beta1, because confd
|
144 |
|
needs access to the certificate in order to communicate on the network.
|
145 |
|
This will be fixed when the planned split of the two functionalities
|
146 |
|
(local/remote querying) of confd into two separate daemons will take place,
|
147 |
|
in a future Ganeti version.
|
|
154 |
- add firewall rules to protect the ``confd`` port or bind it to a
|
|
155 |
trusted address. Make sure that all nodes can access the daemon, as
|
|
156 |
the monitoring daemon requires it.
|
148 |
157 |
|
149 |
158 |
Monitoring daemon
|
150 |
159 |
-----------------
|