Insecure partition layout: Adjust partition layout on MOS slave nodes
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Fuel for OpenStack |
In Progress
|
High
|
Grzegorz Szafrański | ||
Mitaka |
Won't Fix
|
High
|
MOS Linux | ||
Mirantis OpenStack |
Won't Fix
|
High
|
Fuel Python (Deprecated) |
Bug Description
Observed on:
All slave nodes deployed by Fuel
Problem description:
Currently Fuel partitions target installation disk on SLAVE nodes as follows (controller example, MOS 7.0):
root@contr1:~# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/os-root 50G 2.6G 45G 6% /
none 4.0K 0 4.0K 0% /sys/fs/cgroup
udev 7.9G 12K 7.9G 1% /dev
tmpfs 1.6G 123M 1.5G 8% /run
none 5.0M 0 5.0M 0% /run/lock
none 7.9G 60M 7.8G 1% /run/shm
none 100M 0 100M 0% /run/user
/dev/vda3 196M 39M 148M 21% /boot
/dev/mapper/
/dev/mapper/
Solution proposal:
In order to improve security and meet certain compliance requirements it is required to adjust current partition layout.
Let’s introduce new partitions as follows:
/home , 10G
/tmp , 10G
/horizon , 20G
/var/log/audit , 5G
As a result we'd like to have following partition layout on slave nodes (controller example):
/
/sys/fs/cgroup
/dev
/run
/run/lock
/run/shm
/run/user
/boot
/var/log
/var/lib/mysql
/home
/horizon
/var/log/audit
Changed in fuel: | |
milestone: | none → 8.0 |
importance: | Undecided → High |
Changed in fuel: | |
assignee: | nobody → Fuel Library Team (fuel-library) |
status: | New → Confirmed |
tags: | added: area-library |
Changed in fuel: | |
assignee: | Fuel Library Team (fuel-library) → Fuel Enhancements (fuel-enhancements-team) |
description: | updated |
Changed in fuel: | |
status: | Confirmed → Triaged |
importance: | Wishlist → High |
assignee: | Fuel Enhancements (fuel-enhancements-team) → Fuel Library Team (fuel-library) |
Changed in fuel: | |
assignee: | Fuel Library Team (fuel-library) → Fuel Python Team (fuel-python) |
tags: |
added: area-python removed: area-library |
Changed in fuel: | |
milestone: | 8.0 → 9.0 |
Changed in fuel: | |
assignee: | Fuel Python (Deprecated) (fuel-python) → Fuel Sustaining (fuel-sustaining-team) |
tags: | added: customer-found feature-security |
summary: |
- Adjust partition layout on all slave nodes to meet compliance - requirements + Insecure partition layout: Adjust partition layout on MOS slave nodes |
no longer affects: | fuel/newton |
Changed in fuel: | |
assignee: | MOS Puppet Team (mos-puppet) → nobody |
Changed in fuel: | |
assignee: | nobody → Fuel Sustaining (fuel-sustaining-team) |
Changed in mos: | |
status: | New → Triaged |
importance: | Undecided → High |
assignee: | nobody → Fuel Python (Deprecated) (fuel-python) |
milestone: | none → 9.1 |
Changed in fuel: | |
status: | Triaged → Won't Fix |
Changed in fuel: | |
status: | Won't Fix → Triaged |
Changed in mos: | |
status: | Triaged → Won't Fix |
Changed in fuel: | |
assignee: | MOS Linux (mos-linux) → Grzegorz Szafrański (gszafranski-mirantis) |
Changed in fuel: | |
status: | Triaged → In Progress |
This is not a bug but a feature. Request.