On Mar 5, 2010, at 4:02 AM, Brett Cave wrote:
On Fri, Mar 5, 2010 at 12:42 PM, Rudi Ahlers <Rudi@xxxxxxxxxxx> wrote:
What kind of security do you apply, both to the NFS cluster, and the
data that get accessed on it?
heya rudi, never realised u were on this list too ;)
the exports are controlled by source IP address in /etc/exports. The data on there is not sensitive data at all in our environment, and GFS is all server environment, with no user access... but I just tested using ACLs and it works 100% (added the acl option to gfs mount, and configured using setfacl). We are using ldap network authentication, so works nicely with group permissions ;)
(although we do have 1 luks volume image on the gfs filesystem that is mounted by one of the phy machines using a keyfile stored locally).
A good solution for security is to define the clustered NFS service on a "private" non-routed network and give the VMs a new interface in that network. Then the NFS won't even be visible outside the cluster. Also keeps that traffic off your physical networks. |
--
Linux-cluster mailing list
Linux-cluster@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/linux-cluster
