Revision 7faf5110 doc/security.rst
b/doc/security.rst | ||
---|---|---|
12 | 12 |
Host issues |
13 | 13 |
----------- |
14 | 14 |
|
15 |
For a host on which the Ganeti software has been installed, but not joined to a
|
|
16 |
cluster, there are no changes to the system. |
|
15 |
For a host on which the Ganeti software has been installed, but not |
|
16 |
joined to a cluster, there are no changes to the system.
|
|
17 | 17 |
|
18 | 18 |
For a host that has been joined to the cluster, there are very important |
19 | 19 |
changes: |
... | ... | |
65 | 65 |
The SSH traffic is protected (after the initial login to a new node) by |
66 | 66 |
the cluster-wide shared SSH key. |
67 | 67 |
|
68 |
RPC communication between the master and nodes is protected using SSL/TLS
|
|
69 |
encryption. Both the client and the server must have the cluster-wide
|
|
70 |
shared SSL/TLS certificate and verify it when establishing the connection
|
|
71 |
by comparing fingerprints. We decided not to use a CA to simplify the
|
|
72 |
key handling. |
|
68 |
RPC communication between the master and nodes is protected using |
|
69 |
SSL/TLS encryption. Both the client and the server must have the
|
|
70 |
cluster-wide shared SSL/TLS certificate and verify it when establishing
|
|
71 |
the connection by comparing fingerprints. We decided not to use a CA to
|
|
72 |
simplify the key handling.
|
|
73 | 73 |
|
74 | 74 |
The DRBD traffic is not protected by encryption, as DRBD does not |
75 | 75 |
support this. It's therefore recommended to implement host-level |
... | ... | |
83 | 83 |
Master daemon |
84 | 84 |
------------- |
85 | 85 |
|
86 |
The command-line tools to master daemon communication is done via an UNIX
|
|
87 |
socket, whose permissions are reset to ``0600`` after listening but before
|
|
88 |
serving requests. This permission-based protection is documented and works on
|
|
89 |
Linux, but is not-portable; however, Ganeti doesn't work on non-Linux system at
|
|
90 |
the moment. |
|
86 |
The command-line tools to master daemon communication is done via an |
|
87 |
UNIX socket, whose permissions are reset to ``0600`` after listening but
|
|
88 |
before serving requests. This permission-based protection is documented
|
|
89 |
and works on Linux, but is not-portable; however, Ganeti doesn't work on
|
|
90 |
non-Linux system at the moment.
|
|
91 | 91 |
|
92 | 92 |
Remote API |
93 | 93 |
---------- |
94 | 94 |
|
95 |
Starting with Ganeti 2.0, Remote API traffic is encrypted using SSL/TLS by
|
|
96 |
default. It supports Basic authentication as per RFC2617. |
|
95 |
Starting with Ganeti 2.0, Remote API traffic is encrypted using SSL/TLS |
|
96 |
by default. It supports Basic authentication as per RFC2617.
|
|
97 | 97 |
|
98 |
Paths for certificate, private key and CA files required for SSL/TLS will
|
|
99 |
be set at source configure time. Symlinks or command line parameters may
|
|
100 |
be used to use different files. |
|
98 |
Paths for certificate, private key and CA files required for SSL/TLS |
|
99 |
will be set at source configure time. Symlinks or command line
|
|
100 |
parameters may be used to use different files.
|
|
101 | 101 |
|
102 | 102 |
.. vim: set textwidth=72 : |
Also available in: Unified diff