Revision 7faf5110 doc/security.rst
| b/doc/security.rst | ||
|---|---|---|
| 12 | 12 |
Host issues |
| 13 | 13 |
----------- |
| 14 | 14 |
|
| 15 |
For a host on which the Ganeti software has been installed, but not joined to a
|
|
| 16 |
cluster, there are no changes to the system. |
|
| 15 |
For a host on which the Ganeti software has been installed, but not |
|
| 16 |
joined to a cluster, there are no changes to the system.
|
|
| 17 | 17 |
|
| 18 | 18 |
For a host that has been joined to the cluster, there are very important |
| 19 | 19 |
changes: |
| ... | ... | |
| 65 | 65 |
The SSH traffic is protected (after the initial login to a new node) by |
| 66 | 66 |
the cluster-wide shared SSH key. |
| 67 | 67 |
|
| 68 |
RPC communication between the master and nodes is protected using SSL/TLS
|
|
| 69 |
encryption. Both the client and the server must have the cluster-wide
|
|
| 70 |
shared SSL/TLS certificate and verify it when establishing the connection
|
|
| 71 |
by comparing fingerprints. We decided not to use a CA to simplify the
|
|
| 72 |
key handling. |
|
| 68 |
RPC communication between the master and nodes is protected using |
|
| 69 |
SSL/TLS encryption. Both the client and the server must have the
|
|
| 70 |
cluster-wide shared SSL/TLS certificate and verify it when establishing
|
|
| 71 |
the connection by comparing fingerprints. We decided not to use a CA to
|
|
| 72 |
simplify the key handling.
|
|
| 73 | 73 |
|
| 74 | 74 |
The DRBD traffic is not protected by encryption, as DRBD does not |
| 75 | 75 |
support this. It's therefore recommended to implement host-level |
| ... | ... | |
| 83 | 83 |
Master daemon |
| 84 | 84 |
------------- |
| 85 | 85 |
|
| 86 |
The command-line tools to master daemon communication is done via an UNIX
|
|
| 87 |
socket, whose permissions are reset to ``0600`` after listening but before
|
|
| 88 |
serving requests. This permission-based protection is documented and works on
|
|
| 89 |
Linux, but is not-portable; however, Ganeti doesn't work on non-Linux system at
|
|
| 90 |
the moment. |
|
| 86 |
The command-line tools to master daemon communication is done via an |
|
| 87 |
UNIX socket, whose permissions are reset to ``0600`` after listening but
|
|
| 88 |
before serving requests. This permission-based protection is documented
|
|
| 89 |
and works on Linux, but is not-portable; however, Ganeti doesn't work on
|
|
| 90 |
non-Linux system at the moment.
|
|
| 91 | 91 |
|
| 92 | 92 |
Remote API |
| 93 | 93 |
---------- |
| 94 | 94 |
|
| 95 |
Starting with Ganeti 2.0, Remote API traffic is encrypted using SSL/TLS by
|
|
| 96 |
default. It supports Basic authentication as per RFC2617. |
|
| 95 |
Starting with Ganeti 2.0, Remote API traffic is encrypted using SSL/TLS |
|
| 96 |
by default. It supports Basic authentication as per RFC2617.
|
|
| 97 | 97 |
|
| 98 |
Paths for certificate, private key and CA files required for SSL/TLS will
|
|
| 99 |
be set at source configure time. Symlinks or command line parameters may
|
|
| 100 |
be used to use different files. |
|
| 98 |
Paths for certificate, private key and CA files required for SSL/TLS |
|
| 99 |
will be set at source configure time. Symlinks or command line
|
|
| 100 |
parameters may be used to use different files.
|
|
| 101 | 101 |
|
| 102 | 102 |
.. vim: set textwidth=72 : |
Also available in: Unified diff