| 2015-12-15 13:35:09 |
Adam Heczko |
bug |
|
|
added bug |
| 2015-12-15 13:42:03 |
Adam Heczko |
fuel: milestone |
|
8.0 |
|
| 2015-12-15 13:42:23 |
Adam Heczko |
fuel: importance |
Undecided |
High |
|
| 2015-12-15 15:02:34 |
Ilya Kutukov |
fuel: assignee |
|
Fuel Library Team (fuel-library) |
|
| 2015-12-15 15:02:38 |
Ilya Kutukov |
fuel: status |
New |
Confirmed |
|
| 2015-12-15 15:02:46 |
Ilya Kutukov |
tags |
|
area-library |
|
| 2015-12-15 15:13:42 |
Bogdan Dobrelya |
tags |
area-library |
area-library feature |
|
| 2015-12-15 15:14:21 |
Bogdan Dobrelya |
fuel: importance |
High |
Wishlist |
|
| 2015-12-18 16:41:02 |
Alexey Shtokolov |
fuel: assignee |
Fuel Library Team (fuel-library) |
Fuel Enhancements (fuel-enhancements-team) |
|
| 2015-12-22 15:10:19 |
Vladimir Sharshov |
marked as duplicate |
|
1526326 |
|
| 2015-12-22 15:23:29 |
Adam Heczko |
description |
Observed on:
All Fuel versions released so far
Problem description:
Currently Fuel partitions target installation disk on SLAVE nodes as follows (controller example, MOS 7.0):
root@contr1:~# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/os-root 50G 2.6G 45G 6% /
none 4.0K 0 4.0K 0% /sys/fs/cgroup
udev 7.9G 12K 7.9G 1% /dev
tmpfs 1.6G 123M 1.5G 8% /run
none 5.0M 0 5.0M 0% /run/lock
none 7.9G 60M 7.8G 1% /run/shm
none 100M 0 100M 0% /run/user
/dev/vda3 196M 39M 148M 21% /boot
/dev/mapper/logs-log 9.8G 5.2G 4.1G 57% /var/log
/dev/mapper/mysql-root 20G 6.3G 13G 34% /var/lib/mysql
Solution proposal:
In order to improve security and meet certain compliance requirements it is required to adjust current partition layout.
Let’s introduce new partitions as follows:
/home , 10G
/tmp , 10G
/horizon , 20G
/var/log/audit , 5G
As a result we'd like to have following partition layout on slave nodes (controller example):
/
/sys/fs/cgroup
/dev
/run
/run/lock
/run/shm
/run/user
/boot
/var/log
/var/lib/mysql
/home
/horizon
/var/log/audit |
Observed on:
All slave nodes deployed by Fuel
Problem description:
Currently Fuel partitions target installation disk on SLAVE nodes as follows (controller example, MOS 7.0):
root@contr1:~# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/os-root 50G 2.6G 45G 6% /
none 4.0K 0 4.0K 0% /sys/fs/cgroup
udev 7.9G 12K 7.9G 1% /dev
tmpfs 1.6G 123M 1.5G 8% /run
none 5.0M 0 5.0M 0% /run/lock
none 7.9G 60M 7.8G 1% /run/shm
none 100M 0 100M 0% /run/user
/dev/vda3 196M 39M 148M 21% /boot
/dev/mapper/logs-log 9.8G 5.2G 4.1G 57% /var/log
/dev/mapper/mysql-root 20G 6.3G 13G 34% /var/lib/mysql
Solution proposal:
In order to improve security and meet certain compliance requirements it is required to adjust current partition layout.
Let’s introduce new partitions as follows:
/home , 10G
/tmp , 10G
/horizon , 20G
/var/log/audit , 5G
As a result we'd like to have following partition layout on slave nodes (controller example):
/
/sys/fs/cgroup
/dev
/run
/run/lock
/run/shm
/run/user
/boot
/var/log
/var/lib/mysql
/home
/horizon
/var/log/audit |
|
| 2015-12-22 15:23:48 |
Adam Heczko |
removed duplicate marker |
1526326 |
|
|
| 2015-12-22 15:59:40 |
Alexey Shtokolov |
fuel: status |
Confirmed |
Triaged |
|
| 2015-12-22 15:59:43 |
Alexey Shtokolov |
fuel: importance |
Wishlist |
High |
|
| 2015-12-22 15:59:49 |
Alexey Shtokolov |
fuel: assignee |
Fuel Enhancements (fuel-enhancements-team) |
Fuel Library Team (fuel-library) |
|
| 2016-01-11 12:28:32 |
Michael Polenchuk |
bug |
|
|
added subscriber Michael Polenchuk |
| 2016-01-11 12:54:26 |
Ivan Ponomarev |
fuel: assignee |
Fuel Library Team (fuel-library) |
Fuel Python Team (fuel-python) |
|
| 2016-01-11 12:54:39 |
Ivan Ponomarev |
tags |
area-library feature |
area-python feature |
|
| 2016-01-20 12:54:02 |
Alexey Shtokolov |
fuel: milestone |
8.0 |
9.0 |
|
| 2016-03-23 14:56:27 |
Roman Prykhodchenko |
fuel: milestone |
9.0 |
10.0 |
|
| 2016-04-22 12:56:11 |
Sergii Golovatiuk |
fuel: importance |
High |
Medium |
|
| 2016-06-22 14:44:35 |
Dmitry Pyzhov |
fuel: assignee |
Fuel Python (Deprecated) (fuel-python) |
Fuel Sustaining (fuel-sustaining-team) |
|
| 2016-06-24 20:44:49 |
Adam Heczko |
tags |
area-python feature |
area-python customer-found feature feature-security |
|
| 2016-06-24 20:45:31 |
Adam Heczko |
summary |
Adjust partition layout on all slave nodes to meet compliance requirements |
Insecure partition layout: Adjust partition layout on MOS slave nodes |
|
| 2016-06-24 20:45:43 |
Adam Heczko |
nominated for series |
|
fuel/newton |
|
| 2016-06-24 20:45:43 |
Adam Heczko |
bug task added |
|
fuel/newton |
|
| 2016-06-24 20:46:04 |
Adam Heczko |
nominated for series |
|
fuel/mitaka |
|
| 2016-06-24 20:46:04 |
Adam Heczko |
bug task added |
|
fuel/mitaka |
|
| 2016-06-24 20:46:14 |
Adam Heczko |
fuel/mitaka: status |
New |
Triaged |
|
| 2016-06-24 20:46:18 |
Adam Heczko |
fuel/mitaka: importance |
Undecided |
Medium |
|
| 2016-06-24 20:46:38 |
Adam Heczko |
fuel/newton: assignee |
Fuel Sustaining (fuel-sustaining-team) |
MOS Puppet Team (mos-puppet) |
|
| 2016-06-24 20:46:49 |
Adam Heczko |
fuel/mitaka: assignee |
|
MOS Puppet Team (mos-puppet) |
|
| 2016-06-24 20:46:59 |
Adam Heczko |
fuel/mitaka: milestone |
|
9.0 |
|
| 2016-06-24 20:57:58 |
Maksim Malchuk |
bug task deleted |
fuel/newton |
|
|
| 2016-06-28 09:49:26 |
Ivan Berezovskiy |
fuel: assignee |
MOS Puppet Team (mos-puppet) |
|
|
| 2016-06-28 09:49:28 |
Ivan Berezovskiy |
fuel/mitaka: assignee |
MOS Puppet Team (mos-puppet) |
|
|
| 2016-06-28 10:33:13 |
Dmitry Pyzhov |
fuel/mitaka: status |
Triaged |
Won't Fix |
|
| 2016-06-28 10:33:22 |
Dmitry Pyzhov |
fuel: assignee |
|
Fuel Sustaining (fuel-sustaining-team) |
|
| 2016-06-28 11:04:20 |
Vladimir Kozhukalov |
fuel: status |
Triaged |
Invalid |
|
| 2016-06-28 11:04:32 |
Vladimir Kozhukalov |
fuel/mitaka: status |
Won't Fix |
Invalid |
|
| 2016-06-28 12:14:37 |
Adam Heczko |
fuel: status |
Invalid |
Triaged |
|
| 2016-06-28 12:14:42 |
Adam Heczko |
fuel/mitaka: status |
Invalid |
Triaged |
|
| 2016-06-29 08:38:24 |
Adam Heczko |
fuel: importance |
Medium |
High |
|
| 2016-06-29 08:38:28 |
Adam Heczko |
fuel/mitaka: importance |
Medium |
High |
|
| 2016-06-29 08:38:48 |
Adam Heczko |
fuel: assignee |
Fuel Sustaining (fuel-sustaining-team) |
MOS Linux (mos-linux) |
|
| 2016-06-29 08:38:57 |
Adam Heczko |
fuel/mitaka: assignee |
|
MOS Linux (mos-linux) |
|
| 2016-06-29 11:16:38 |
Adam Heczko |
bug task added |
|
mos |
|
| 2016-06-29 11:16:50 |
Adam Heczko |
mos: status |
New |
Triaged |
|
| 2016-06-29 11:16:55 |
Adam Heczko |
mos: importance |
Undecided |
High |
|
| 2016-06-29 11:17:22 |
Adam Heczko |
mos: assignee |
|
Fuel Python (Deprecated) (fuel-python) |
|
| 2016-06-29 11:17:31 |
Adam Heczko |
mos: milestone |
|
9.1 |
|
| 2016-06-29 11:18:11 |
Adam Heczko |
fuel/mitaka: status |
Triaged |
Won't Fix |
|
| 2016-06-29 11:18:20 |
Adam Heczko |
fuel: status |
Triaged |
Won't Fix |
|
| 2016-07-06 09:09:32 |
Adam Heczko |
fuel: status |
Won't Fix |
Triaged |
|
| 2016-07-06 09:18:23 |
Adam Heczko |
mos: status |
Triaged |
Won't Fix |
|
| 2016-07-06 09:20:23 |
Adam Heczko |
fuel: assignee |
MOS Linux (mos-linux) |
Grzegorz Szafrański (gszafranski-mirantis) |
|
| 2016-07-12 10:06:26 |
OpenStack Infra |
fuel: status |
Triaged |
In Progress |
|
