Hi, So, I have been working on tightening the internal network of the gluster community cage part of the world, e.g., all the servers in *.int.rht.gluster.org. That's mostly internal infra servers, and newer non cloud builder, but I plan to later also move gerrit/jenkins and various servers. The goal is to reduce IP v4 usage (cause that's limited), and increase security (no direct access to attack, and more difficult to later exploit in case of compromission). That's mostly non impacting people (or I would have asked for maintainance windows) but I just switched all servers in the internal network to use the firewall (masamune.rht.gluster.org) as a gateway rather than IT firewall, so if anything is broken on a *.int.rht.gluster.org server, please tell me and I will look. Everything is in HA, and I have done several tests and reboot during the day without trouble. In fact, more than half of the servers were using that. Right now, the firewall is not yet blocking anything, but that's planned, server by server. Next steps are to prevent direct internet access (so start to use the firewall), and provides both a web proxy and a dns server, so we can log and control what is going on. And move more servers on the internal network (postgresql for example, gerrit/jenkins too), by locking and opening access as needed. -- Michael Scherer Sysadmin, Community Infrastructure and Platform, OSAS
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Gluster-devel mailing list Gluster-devel@xxxxxxxxxxx http://lists.gluster.org/mailman/listinfo/gluster-devel
