On Thu, 17 Apr 2014 17:35:13 +0200 Vitaly Kuznetsov <vkuznets@xxxxxxxxxx> wrote: <snip> > > Another possible snag is that I want to start locking down network > > access on most if not all of the test clients so that it's less > > possible for user-submitted tasks to go awry and do things they > > shouldn't. This hasn't been done yet, though and it's something > > that we can discuss going forward. > > For valid we'll require two things: > 1) Access to Cloud's (AWS, Openstack, ...) endpoint > 2) SSH to running VM Interfacing with EC2 wasn't a use-case that I was thinking of for network isolation of the taskotron clients, so those plans may change somewhat. The clients aren't isolated yet, so this won't be a problem immediately. > Can we have special dedicated test client for valid? That would make > sense from securitty pov as we need to store cloud access credentials > there. I suppose that we could but I'd really prefer to avoid that if at all possible. Having one "special" client isn't an issue but it does open the door to other task authors asking for the same thing and that will get unmanageable pretty quick. That being said, I'm not sure how to go about managing credentials like that in a secure fashion. This'll require some more thought but suggestions are certainly welcome :) Tim
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ cloud mailing list cloud@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/cloud Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
