Security concerns with glusterfs?GlusterFS unable to add a new peerCant mount GlusterFS volume on EC2 clientautomount volume only after bootingupHow to lower Gluster FS down peer timeout / reduce down peer impact?Does the GlusterFS “client” prefer local LAN nodes over remote LAN nodes?Automatically scale a Gluster clusterglusterfs mount on boot on clustered servers - RHEL 7GlusterFS v3.10 not mounting on boot Centos 7.3-1611Glusterfs FUSE client black magic (automatic high availability)Unable to mount gluster fs on glusterfs client: Transport endpoint is not connected
If the mass of the Earth is decreasing by sending debris in space, does its angular momentum also decrease?
Are there examples of rowers who also fought?
What does "vrit' mean with reference to documentaries?
Simplify, equivalent for (p ∨ ¬q) ∧ (¬p ∨ ¬q)
Regex version of strip() - Ch. 7 Automate the Boring Stuff
Why can't I craft scaffolding in Minecraft 1.14?
Time at 1G acceleration to travel 100 000 light years
How "fast" do astronomical events occur?
How can I ping multiple IP addresses at the same time?
First occurrence in the Sixers sequence
Simple python RFID (RC522) authentication system not working
King or Queen-Which piece is which?
How useful is the GRE Exam?
How to make a villain when your PCs are villains?
I wish, I yearn, for an answer to this riddle
What is the context for Napoleon's quote "[the Austrians] did not know the value of five minutes"?
Why is it 出差去 and not 去出差?
How can the US president give an order to a civilian?
Weird thing in 737 cabin
Is a sequel allowed to start before the end of the first book?
What does this Swiss black on yellow rectangular traffic sign with a symbol looking like a dart mean?
Can a character with the Polearm Master feat make an opportunity attack against an invisible creature that enters their reach?
What is this plant I saw for sale at a Romanian farmer's market?
How to avoid offending original culture when making conculture inspired from original
Security concerns with glusterfs?
GlusterFS unable to add a new peerCant mount GlusterFS volume on EC2 clientautomount volume only after bootingupHow to lower Gluster FS down peer timeout / reduce down peer impact?Does the GlusterFS “client” prefer local LAN nodes over remote LAN nodes?Automatically scale a Gluster clusterglusterfs mount on boot on clustered servers - RHEL 7GlusterFS v3.10 not mounting on boot Centos 7.3-1611Glusterfs FUSE client black magic (automatic high availability)Unable to mount gluster fs on glusterfs client: Transport endpoint is not connected
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I am not really good at gluster as I just started using this yesterday.
I have 2 servers. Both are running glusterfs-servers.
From server 1: I run sudo glusterfs peer probe server2 and it is added to the cluster. There was no questions asked. I did nothing to tell server2 to allow server1 to add it to the cluster. Does not make sense to me.
This confuses me. I mean, what if someone adds my glusterfs servers to their cluster. Seemed like there was absolutely no security. It is insane and I do not get it.
glusterfs
edited Jan 15 '15 at 16:58
Michael Hampton♦
180k28331664
asked Jan 15 '15 at 6:59
Ranjith RamachandraRanjith Ramachandra
205311
add a comment |
I am not really good at gluster as I just started using this yesterday.
I have 2 servers. Both are running glusterfs-servers.
From server 1: I run sudo glusterfs peer probe server2 and it is added to the cluster. There was no questions asked. I did nothing to tell server2 to allow server1 to add it to the cluster. Does not make sense to me.
This confuses me. I mean, what if someone adds my glusterfs servers to their cluster. Seemed like there was absolutely no security. It is insane and I do not get it.
glusterfs
edited Jan 15 '15 at 16:58
Michael Hampton♦
180k28331664
asked Jan 15 '15 at 6:59
Ranjith RamachandraRanjith Ramachandra
205311
add a comment |
I am not really good at gluster as I just started using this yesterday.
I have 2 servers. Both are running glusterfs-servers.
From server 1: I run sudo glusterfs peer probe server2 and it is added to the cluster. There was no questions asked. I did nothing to tell server2 to allow server1 to add it to the cluster. Does not make sense to me.
This confuses me. I mean, what if someone adds my glusterfs servers to their cluster. Seemed like there was absolutely no security. It is insane and I do not get it.
glusterfs
edited Jan 15 '15 at 16:58
Michael Hampton♦
180k28331664
asked Jan 15 '15 at 6:59
Ranjith RamachandraRanjith Ramachandra
205311
I am not really good at gluster as I just started using this yesterday.
I have 2 servers. Both are running glusterfs-servers.
From server 1: I run sudo glusterfs peer probe server2 and it is added to the cluster. There was no questions asked. I did nothing to tell server2 to allow server1 to add it to the cluster. Does not make sense to me.
This confuses me. I mean, what if someone adds my glusterfs servers to their cluster. Seemed like there was absolutely no security. It is insane and I do not get it.
glusterfs
glusterfs
edited Jan 15 '15 at 16:58
Michael Hampton♦
180k28331664
asked Jan 15 '15 at 6:59
Ranjith RamachandraRanjith Ramachandra
205311
edited Jan 15 '15 at 16:58
Michael Hampton♦
180k28331664
asked Jan 15 '15 at 6:59
Ranjith RamachandraRanjith Ramachandra
205311
edited Jan 15 '15 at 16:58
Michael Hampton♦
180k28331664
edited Jan 15 '15 at 16:58
Michael Hampton♦
180k28331664
edited Jan 15 '15 at 16:58
Michael Hampton♦
180k28331664
180k28331664
asked Jan 15 '15 at 6:59
Ranjith RamachandraRanjith Ramachandra
205311
asked Jan 15 '15 at 6:59
Ranjith RamachandraRanjith Ramachandra
205311
asked Jan 15 '15 at 6:59
Ranjith RamachandraRanjith Ramachandra
205311
205311
add a comment |
add a comment |
5 Answers
5
active
oldest
votes
TL,DR: It's safe, 3rd party cannot join an existing cluster on it's own, it needs to be invited from within.
There was no questions asked. I did nothing to tell server2 to allow server1 to add it to the cluster.
I had this question myself so I went to take a look at the documentation.
When you are creating a new cluster, you start on one server and add others using gluster peer probe OTHER_SERVER. Additional security isn't strictly required, because you are adding new, uninitialized glusterfs servers. (Unless you leave a freshly installed, uninitialized gluster running with public access - then you are in trouble).
So what prevents an attacker from joining your existing cluster? The key is the following paragraph:
Once this pool has been established, only trusted members may probe new servers into the pool. A new server cannot probe the pool, it must be probed from the pool. (source)
As the documentation says, a 3rd party/adversary cannot join your cluster, it needs to be invited from within.
Gluster also provides other security mechanisms to mitigate against related attacks:
- IP allow/deny on volume level,
gluster volume set VOL_NAME auth.allow IP1,IP2 - TLS - transport encryption as well as using identities from certificates instead of IP addresses for authorization (not enabled by default, see link)
For anything important you can also consider private links between servers (IPSec/VPN) with a firewall setup that does not allow any connections from the outside.
answered Jun 26 '16 at 21:40
Matej SnohaMatej Snoha
16614
It should be worth mentioning that the protocol will apparently not be encrypted by default, inversely indicated by gluster.readthedocs.io/en/latest/Administrator%20Guide/SSL - so saying it's safe would be a very long stretch in my book.
– dualed
Apr 5 '17 at 12:36
Thanks for mentioning it is not enabled by default - it is in the link that I included, but I will specifically mention it in the text too. However I still recommend running it over IPSec. It is easier to maintain a cipher list and other security configuration in one place than to watch out for TLS implementation specifics of each application such as glusterfs.
– Matej Snoha
Apr 6 '17 at 13:47
add a comment |
Your Gluster servers should be on their own, firewalled off section of your infrastructure. They are not intended to be exposed to the public internet.
answered Jan 15 '15 at 18:13
ceejayozceejayoz
27.5k66695
Well, GlusterFS sports geo-replication, and does not mention VPNs or dedicated links even once, and they never mention what you're saying in their documentation. They simply never address the issue of authentication and authorization, as if it doesn't exist, which doesn't make sense for me.
– haimg
Jun 13 '15 at 2:19
1
@haimg I'd say if you're big enough to need Gluster you're big enough to figure out the security side of things on your own. Anyone doing multiple datacenters with replication between them should already have VPN/dedicated links well in hand.
– ceejayoz
Jun 13 '15 at 2:42
add a comment |
I agree that this is insane: security is an add-on to glusterfs. As pointed out by @ceejayoz, glusterfs is designed to only be run on a physically secured and isolated network.
Fortunately, glusterfs has added on ssl support, which is sadly almost completely undocumented. Presumably using ssl will make things better, although since it's undocumented it's hard to say for certain. What documentation exists is in this blog. Sadly, it only gives a sequence of steps.
answered May 13 '15 at 0:45
David RoundyDavid Roundy
1112
I'd add that nowadays GlusterFS SSL documentation has got much better.
– Luke404
Oct 27 '17 at 5:44
add a comment |
I'd like to add to this topic for reference, because I too initially had security concerns with glusterfs.
My organization is in the process of deploying a quite large RHGS cluster to consolidate multiple dispersed aging storage systems.
The security concerns I had was related to the ability to run the gluster console commmands as root from a client system such as...
"yes | gluster --remote-host=rhgs1 volume delete data"
Yikes! It looks like anybody with root privileges on a system that you don't control the root account on, can destroy your data!
Luckily this is not the case. Any of the commands that modify volumes return an exit status of 1 and fail with EPOLLERR as indicated by /var/log/glusterfs/cli.log. It appears you can only get info about the volumes for which that client has access.
Basically the system has to be a cluster peer to be able to perform cluster maintenance tasks from any of the gluster nodes. Now I get why they call a glusterfs cluster a "Secure Storage Pool".
answered Jun 1 at 3:12
Billy HillBilly Hill
112
add a comment |
In my opinion, there are some ways to solve the problem:
- firewalld or iptables
- SELinux
- SSL/TLS
answered Jun 5 '18 at 7:02
i_chipsi_chips
1
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f659677%2fsecurity-concerns-with-glusterfs%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
5 Answers
5
active
oldest
votes
5 Answers
5
active
oldest
votes
active
oldest
votes
active
oldest
votes
TL,DR: It's safe, 3rd party cannot join an existing cluster on it's own, it needs to be invited from within.
There was no questions asked. I did nothing to tell server2 to allow server1 to add it to the cluster.
I had this question myself so I went to take a look at the documentation.
When you are creating a new cluster, you start on one server and add others using gluster peer probe OTHER_SERVER. Additional security isn't strictly required, because you are adding new, uninitialized glusterfs servers. (Unless you leave a freshly installed, uninitialized gluster running with public access - then you are in trouble).
So what prevents an attacker from joining your existing cluster? The key is the following paragraph:
Once this pool has been established, only trusted members may probe new servers into the pool. A new server cannot probe the pool, it must be probed from the pool. (source)
As the documentation says, a 3rd party/adversary cannot join your cluster, it needs to be invited from within.
Gluster also provides other security mechanisms to mitigate against related attacks:
- IP allow/deny on volume level,
gluster volume set VOL_NAME auth.allow IP1,IP2 - TLS - transport encryption as well as using identities from certificates instead of IP addresses for authorization (not enabled by default, see link)
For anything important you can also consider private links between servers (IPSec/VPN) with a firewall setup that does not allow any connections from the outside.
answered Jun 26 '16 at 21:40
Matej SnohaMatej Snoha
16614
It should be worth mentioning that the protocol will apparently not be encrypted by default, inversely indicated by gluster.readthedocs.io/en/latest/Administrator%20Guide/SSL - so saying it's safe would be a very long stretch in my book.
– dualed
Apr 5 '17 at 12:36
Thanks for mentioning it is not enabled by default - it is in the link that I included, but I will specifically mention it in the text too. However I still recommend running it over IPSec. It is easier to maintain a cipher list and other security configuration in one place than to watch out for TLS implementation specifics of each application such as glusterfs.
– Matej Snoha
Apr 6 '17 at 13:47
add a comment |
TL,DR: It's safe, 3rd party cannot join an existing cluster on it's own, it needs to be invited from within.
There was no questions asked. I did nothing to tell server2 to allow server1 to add it to the cluster.
I had this question myself so I went to take a look at the documentation.
When you are creating a new cluster, you start on one server and add others using gluster peer probe OTHER_SERVER. Additional security isn't strictly required, because you are adding new, uninitialized glusterfs servers. (Unless you leave a freshly installed, uninitialized gluster running with public access - then you are in trouble).
So what prevents an attacker from joining your existing cluster? The key is the following paragraph:
Once this pool has been established, only trusted members may probe new servers into the pool. A new server cannot probe the pool, it must be probed from the pool. (source)
As the documentation says, a 3rd party/adversary cannot join your cluster, it needs to be invited from within.
Gluster also provides other security mechanisms to mitigate against related attacks:
- IP allow/deny on volume level,
gluster volume set VOL_NAME auth.allow IP1,IP2 - TLS - transport encryption as well as using identities from certificates instead of IP addresses for authorization (not enabled by default, see link)
For anything important you can also consider private links between servers (IPSec/VPN) with a firewall setup that does not allow any connections from the outside.
answered Jun 26 '16 at 21:40
Matej SnohaMatej Snoha
16614
It should be worth mentioning that the protocol will apparently not be encrypted by default, inversely indicated by gluster.readthedocs.io/en/latest/Administrator%20Guide/SSL - so saying it's safe would be a very long stretch in my book.
– dualed
Apr 5 '17 at 12:36
Thanks for mentioning it is not enabled by default - it is in the link that I included, but I will specifically mention it in the text too. However I still recommend running it over IPSec. It is easier to maintain a cipher list and other security configuration in one place than to watch out for TLS implementation specifics of each application such as glusterfs.
– Matej Snoha
Apr 6 '17 at 13:47
add a comment |
TL,DR: It's safe, 3rd party cannot join an existing cluster on it's own, it needs to be invited from within.
There was no questions asked. I did nothing to tell server2 to allow server1 to add it to the cluster.
I had this question myself so I went to take a look at the documentation.
When you are creating a new cluster, you start on one server and add others using gluster peer probe OTHER_SERVER. Additional security isn't strictly required, because you are adding new, uninitialized glusterfs servers. (Unless you leave a freshly installed, uninitialized gluster running with public access - then you are in trouble).
So what prevents an attacker from joining your existing cluster? The key is the following paragraph:
Once this pool has been established, only trusted members may probe new servers into the pool. A new server cannot probe the pool, it must be probed from the pool. (source)
As the documentation says, a 3rd party/adversary cannot join your cluster, it needs to be invited from within.
Gluster also provides other security mechanisms to mitigate against related attacks:
- IP allow/deny on volume level,
gluster volume set VOL_NAME auth.allow IP1,IP2 - TLS - transport encryption as well as using identities from certificates instead of IP addresses for authorization (not enabled by default, see link)
For anything important you can also consider private links between servers (IPSec/VPN) with a firewall setup that does not allow any connections from the outside.
answered Jun 26 '16 at 21:40
Matej SnohaMatej Snoha
16614
TL,DR: It's safe, 3rd party cannot join an existing cluster on it's own, it needs to be invited from within.
There was no questions asked. I did nothing to tell server2 to allow server1 to add it to the cluster.
I had this question myself so I went to take a look at the documentation.
When you are creating a new cluster, you start on one server and add others using gluster peer probe OTHER_SERVER. Additional security isn't strictly required, because you are adding new, uninitialized glusterfs servers. (Unless you leave a freshly installed, uninitialized gluster running with public access - then you are in trouble).
So what prevents an attacker from joining your existing cluster? The key is the following paragraph:
Once this pool has been established, only trusted members may probe new servers into the pool. A new server cannot probe the pool, it must be probed from the pool. (source)
As the documentation says, a 3rd party/adversary cannot join your cluster, it needs to be invited from within.
Gluster also provides other security mechanisms to mitigate against related attacks:
- IP allow/deny on volume level,
gluster volume set VOL_NAME auth.allow IP1,IP2 - TLS - transport encryption as well as using identities from certificates instead of IP addresses for authorization (not enabled by default, see link)
For anything important you can also consider private links between servers (IPSec/VPN) with a firewall setup that does not allow any connections from the outside.
answered Jun 26 '16 at 21:40
Matej SnohaMatej Snoha
16614
edited Apr 6 '17 at 13:51
answered Jun 26 '16 at 21:40
Matej SnohaMatej Snoha
16614
answered Jun 26 '16 at 21:40
Matej SnohaMatej Snoha
16614
answered Jun 26 '16 at 21:40
Matej SnohaMatej Snoha
16614
16614
It should be worth mentioning that the protocol will apparently not be encrypted by default, inversely indicated by gluster.readthedocs.io/en/latest/Administrator%20Guide/SSL - so saying it's safe would be a very long stretch in my book.
– dualed
Apr 5 '17 at 12:36
Thanks for mentioning it is not enabled by default - it is in the link that I included, but I will specifically mention it in the text too. However I still recommend running it over IPSec. It is easier to maintain a cipher list and other security configuration in one place than to watch out for TLS implementation specifics of each application such as glusterfs.
– Matej Snoha
Apr 6 '17 at 13:47
add a comment |
It should be worth mentioning that the protocol will apparently not be encrypted by default, inversely indicated by gluster.readthedocs.io/en/latest/Administrator%20Guide/SSL - so saying it's safe would be a very long stretch in my book.
– dualed
Apr 5 '17 at 12:36
Thanks for mentioning it is not enabled by default - it is in the link that I included, but I will specifically mention it in the text too. However I still recommend running it over IPSec. It is easier to maintain a cipher list and other security configuration in one place than to watch out for TLS implementation specifics of each application such as glusterfs.
– Matej Snoha
Apr 6 '17 at 13:47
It should be worth mentioning that the protocol will apparently not be encrypted by default, inversely indicated by gluster.readthedocs.io/en/latest/Administrator%20Guide/SSL - so saying it's safe would be a very long stretch in my book.
– dualed
Apr 5 '17 at 12:36
It should be worth mentioning that the protocol will apparently not be encrypted by default, inversely indicated by gluster.readthedocs.io/en/latest/Administrator%20Guide/SSL - so saying it's safe would be a very long stretch in my book.
– dualed
Apr 5 '17 at 12:36
Thanks for mentioning it is not enabled by default - it is in the link that I included, but I will specifically mention it in the text too. However I still recommend running it over IPSec. It is easier to maintain a cipher list and other security configuration in one place than to watch out for TLS implementation specifics of each application such as glusterfs.
– Matej Snoha
Apr 6 '17 at 13:47
Thanks for mentioning it is not enabled by default - it is in the link that I included, but I will specifically mention it in the text too. However I still recommend running it over IPSec. It is easier to maintain a cipher list and other security configuration in one place than to watch out for TLS implementation specifics of each application such as glusterfs.
– Matej Snoha
Apr 6 '17 at 13:47
add a comment |
Your Gluster servers should be on their own, firewalled off section of your infrastructure. They are not intended to be exposed to the public internet.
answered Jan 15 '15 at 18:13
ceejayozceejayoz
27.5k66695
Well, GlusterFS sports geo-replication, and does not mention VPNs or dedicated links even once, and they never mention what you're saying in their documentation. They simply never address the issue of authentication and authorization, as if it doesn't exist, which doesn't make sense for me.
– haimg
Jun 13 '15 at 2:19
1
@haimg I'd say if you're big enough to need Gluster you're big enough to figure out the security side of things on your own. Anyone doing multiple datacenters with replication between them should already have VPN/dedicated links well in hand.
– ceejayoz
Jun 13 '15 at 2:42
add a comment |
Your Gluster servers should be on their own, firewalled off section of your infrastructure. They are not intended to be exposed to the public internet.
answered Jan 15 '15 at 18:13
ceejayozceejayoz
27.5k66695
Well, GlusterFS sports geo-replication, and does not mention VPNs or dedicated links even once, and they never mention what you're saying in their documentation. They simply never address the issue of authentication and authorization, as if it doesn't exist, which doesn't make sense for me.
– haimg
Jun 13 '15 at 2:19
1
@haimg I'd say if you're big enough to need Gluster you're big enough to figure out the security side of things on your own. Anyone doing multiple datacenters with replication between them should already have VPN/dedicated links well in hand.
– ceejayoz
Jun 13 '15 at 2:42
add a comment |
Your Gluster servers should be on their own, firewalled off section of your infrastructure. They are not intended to be exposed to the public internet.
answered Jan 15 '15 at 18:13
ceejayozceejayoz
27.5k66695
Your Gluster servers should be on their own, firewalled off section of your infrastructure. They are not intended to be exposed to the public internet.
answered Jan 15 '15 at 18:13
ceejayozceejayoz
27.5k66695
answered Jan 15 '15 at 18:13
ceejayozceejayoz
27.5k66695
answered Jan 15 '15 at 18:13
ceejayozceejayoz
27.5k66695
answered Jan 15 '15 at 18:13
ceejayozceejayoz
27.5k66695
27.5k66695
Well, GlusterFS sports geo-replication, and does not mention VPNs or dedicated links even once, and they never mention what you're saying in their documentation. They simply never address the issue of authentication and authorization, as if it doesn't exist, which doesn't make sense for me.
– haimg
Jun 13 '15 at 2:19
1
@haimg I'd say if you're big enough to need Gluster you're big enough to figure out the security side of things on your own. Anyone doing multiple datacenters with replication between them should already have VPN/dedicated links well in hand.
– ceejayoz
Jun 13 '15 at 2:42
add a comment |
Well, GlusterFS sports geo-replication, and does not mention VPNs or dedicated links even once, and they never mention what you're saying in their documentation. They simply never address the issue of authentication and authorization, as if it doesn't exist, which doesn't make sense for me.
– haimg
Jun 13 '15 at 2:19
1
@haimg I'd say if you're big enough to need Gluster you're big enough to figure out the security side of things on your own. Anyone doing multiple datacenters with replication between them should already have VPN/dedicated links well in hand.
– ceejayoz
Jun 13 '15 at 2:42
Well, GlusterFS sports geo-replication, and does not mention VPNs or dedicated links even once, and they never mention what you're saying in their documentation. They simply never address the issue of authentication and authorization, as if it doesn't exist, which doesn't make sense for me.
– haimg
Jun 13 '15 at 2:19
Well, GlusterFS sports geo-replication, and does not mention VPNs or dedicated links even once, and they never mention what you're saying in their documentation. They simply never address the issue of authentication and authorization, as if it doesn't exist, which doesn't make sense for me.
– haimg
Jun 13 '15 at 2:19
1
1
@haimg I'd say if you're big enough to need Gluster you're big enough to figure out the security side of things on your own. Anyone doing multiple datacenters with replication between them should already have VPN/dedicated links well in hand.
– ceejayoz
Jun 13 '15 at 2:42
@haimg I'd say if you're big enough to need Gluster you're big enough to figure out the security side of things on your own. Anyone doing multiple datacenters with replication between them should already have VPN/dedicated links well in hand.
– ceejayoz
Jun 13 '15 at 2:42
add a comment |
I agree that this is insane: security is an add-on to glusterfs. As pointed out by @ceejayoz, glusterfs is designed to only be run on a physically secured and isolated network.
Fortunately, glusterfs has added on ssl support, which is sadly almost completely undocumented. Presumably using ssl will make things better, although since it's undocumented it's hard to say for certain. What documentation exists is in this blog. Sadly, it only gives a sequence of steps.
answered May 13 '15 at 0:45
David RoundyDavid Roundy
1112
I'd add that nowadays GlusterFS SSL documentation has got much better.
– Luke404
Oct 27 '17 at 5:44
add a comment |
I agree that this is insane: security is an add-on to glusterfs. As pointed out by @ceejayoz, glusterfs is designed to only be run on a physically secured and isolated network.
Fortunately, glusterfs has added on ssl support, which is sadly almost completely undocumented. Presumably using ssl will make things better, although since it's undocumented it's hard to say for certain. What documentation exists is in this blog. Sadly, it only gives a sequence of steps.
answered May 13 '15 at 0:45
David RoundyDavid Roundy
1112
I'd add that nowadays GlusterFS SSL documentation has got much better.
– Luke404
Oct 27 '17 at 5:44
add a comment |
I agree that this is insane: security is an add-on to glusterfs. As pointed out by @ceejayoz, glusterfs is designed to only be run on a physically secured and isolated network.
Fortunately, glusterfs has added on ssl support, which is sadly almost completely undocumented. Presumably using ssl will make things better, although since it's undocumented it's hard to say for certain. What documentation exists is in this blog. Sadly, it only gives a sequence of steps.
answered May 13 '15 at 0:45
David RoundyDavid Roundy
1112
I agree that this is insane: security is an add-on to glusterfs. As pointed out by @ceejayoz, glusterfs is designed to only be run on a physically secured and isolated network.
Fortunately, glusterfs has added on ssl support, which is sadly almost completely undocumented. Presumably using ssl will make things better, although since it's undocumented it's hard to say for certain. What documentation exists is in this blog. Sadly, it only gives a sequence of steps.
answered May 13 '15 at 0:45
David RoundyDavid Roundy
1112
answered May 13 '15 at 0:45
David RoundyDavid Roundy
1112
answered May 13 '15 at 0:45
David RoundyDavid Roundy
1112
answered May 13 '15 at 0:45
David RoundyDavid Roundy
1112
1112
I'd add that nowadays GlusterFS SSL documentation has got much better.
– Luke404
Oct 27 '17 at 5:44
add a comment |
I'd add that nowadays GlusterFS SSL documentation has got much better.
– Luke404
Oct 27 '17 at 5:44
I'd add that nowadays GlusterFS SSL documentation has got much better.
– Luke404
Oct 27 '17 at 5:44
I'd add that nowadays GlusterFS SSL documentation has got much better.
– Luke404
Oct 27 '17 at 5:44
add a comment |
I'd like to add to this topic for reference, because I too initially had security concerns with glusterfs.
My organization is in the process of deploying a quite large RHGS cluster to consolidate multiple dispersed aging storage systems.
The security concerns I had was related to the ability to run the gluster console commmands as root from a client system such as...
"yes | gluster --remote-host=rhgs1 volume delete data"
Yikes! It looks like anybody with root privileges on a system that you don't control the root account on, can destroy your data!
Luckily this is not the case. Any of the commands that modify volumes return an exit status of 1 and fail with EPOLLERR as indicated by /var/log/glusterfs/cli.log. It appears you can only get info about the volumes for which that client has access.
Basically the system has to be a cluster peer to be able to perform cluster maintenance tasks from any of the gluster nodes. Now I get why they call a glusterfs cluster a "Secure Storage Pool".
answered Jun 1 at 3:12
Billy HillBilly Hill
112
add a comment |
I'd like to add to this topic for reference, because I too initially had security concerns with glusterfs.
My organization is in the process of deploying a quite large RHGS cluster to consolidate multiple dispersed aging storage systems.
The security concerns I had was related to the ability to run the gluster console commmands as root from a client system such as...
"yes | gluster --remote-host=rhgs1 volume delete data"
Yikes! It looks like anybody with root privileges on a system that you don't control the root account on, can destroy your data!
Luckily this is not the case. Any of the commands that modify volumes return an exit status of 1 and fail with EPOLLERR as indicated by /var/log/glusterfs/cli.log. It appears you can only get info about the volumes for which that client has access.
Basically the system has to be a cluster peer to be able to perform cluster maintenance tasks from any of the gluster nodes. Now I get why they call a glusterfs cluster a "Secure Storage Pool".
answered Jun 1 at 3:12
Billy HillBilly Hill
112
add a comment |
I'd like to add to this topic for reference, because I too initially had security concerns with glusterfs.
My organization is in the process of deploying a quite large RHGS cluster to consolidate multiple dispersed aging storage systems.
The security concerns I had was related to the ability to run the gluster console commmands as root from a client system such as...
"yes | gluster --remote-host=rhgs1 volume delete data"
Yikes! It looks like anybody with root privileges on a system that you don't control the root account on, can destroy your data!
Luckily this is not the case. Any of the commands that modify volumes return an exit status of 1 and fail with EPOLLERR as indicated by /var/log/glusterfs/cli.log. It appears you can only get info about the volumes for which that client has access.
Basically the system has to be a cluster peer to be able to perform cluster maintenance tasks from any of the gluster nodes. Now I get why they call a glusterfs cluster a "Secure Storage Pool".
answered Jun 1 at 3:12
Billy HillBilly Hill
112
I'd like to add to this topic for reference, because I too initially had security concerns with glusterfs.
My organization is in the process of deploying a quite large RHGS cluster to consolidate multiple dispersed aging storage systems.
The security concerns I had was related to the ability to run the gluster console commmands as root from a client system such as...
"yes | gluster --remote-host=rhgs1 volume delete data"
Yikes! It looks like anybody with root privileges on a system that you don't control the root account on, can destroy your data!
Luckily this is not the case. Any of the commands that modify volumes return an exit status of 1 and fail with EPOLLERR as indicated by /var/log/glusterfs/cli.log. It appears you can only get info about the volumes for which that client has access.
Basically the system has to be a cluster peer to be able to perform cluster maintenance tasks from any of the gluster nodes. Now I get why they call a glusterfs cluster a "Secure Storage Pool".
answered Jun 1 at 3:12
Billy HillBilly Hill
112
answered Jun 1 at 3:12
Billy HillBilly Hill
112
answered Jun 1 at 3:12
Billy HillBilly Hill
112
answered Jun 1 at 3:12
Billy HillBilly Hill
112
112
add a comment |
add a comment |
In my opinion, there are some ways to solve the problem:
- firewalld or iptables
- SELinux
- SSL/TLS
answered Jun 5 '18 at 7:02
i_chipsi_chips
1
add a comment |
In my opinion, there are some ways to solve the problem:
- firewalld or iptables
- SELinux
- SSL/TLS
answered Jun 5 '18 at 7:02
i_chipsi_chips
1
add a comment |
In my opinion, there are some ways to solve the problem:
- firewalld or iptables
- SELinux
- SSL/TLS
answered Jun 5 '18 at 7:02
i_chipsi_chips
1
In my opinion, there are some ways to solve the problem:
- firewalld or iptables
- SELinux
- SSL/TLS
answered Jun 5 '18 at 7:02
i_chipsi_chips
1
answered Jun 5 '18 at 7:02
i_chipsi_chips
1
answered Jun 5 '18 at 7:02
i_chipsi_chips
1
answered Jun 5 '18 at 7:02
i_chipsi_chips
1
1
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f659677%2fsecurity-concerns-with-glusterfs%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
