Although there are no plans for such a fine-grained access control, it
is a good idea. A design you can implement today is a daemon that sits
in between gmeta and your users.
Gmetad trusts nobody except localhost. When a user requests the ganglia
XML, your daemon (lets call it gsecure) intercepts the query,
authenticates the user, queries the local gmetad on the users behalf,
and prunes the tree as necessary.
Gsecure now only sends the appropriate parts of the tree to the user.
Federico
On Thursday, January 30, 2003, at 01:30 PM, Jason A. Smith wrote:
I believe that currently the gmetad collector shares all or none of its
data based on an access list of allowed IP addresses, correct?
I have a few questions about the future plans of ganglia with respect
to
security. I would basically like to know if it will be possible to
limit the type of data that is sent to other gmetad collectors. I was
looking through Matt's slides from a talk he gave and noticed that the
data will be stored in a hierarchical data structure and there will
exist a query system that will allow one to ask for only a subset of
the
data. I would like to know if this will work in the other direction so
that a collector will be able to select a subset of data it allows
other
collectors access to.
The reason I am asking is because we are planning on testing ganglia
here to monitor our servers and compute farm for both our internal
local
facility monitoring use (where we will restrict who can view the data)
and for more public use by our users. We are very concerned about some
of the data that is exported to collectors because our compute farm is
intentionally not kept up to date with the latest security patches. We
would like to have our own collector monitor everything and at the same
time allow our users access to a subset of this data for their own use,
like their own public web servers which might add in data from other
clusters, monitoring/scheduling scripts and globus MDS.
~Jason
--
/------------------------------------------------------------------\
| Jason A. Smith Email: [EMAIL PROTECTED] |
| Atlas Computing Facility, Bldg. 510M Phone: (631)344-4226 |
| Brookhaven National Lab, P.O. Box 5000 Fax: (631)344-7616 |
| Upton, NY 11973-5000 |
\------------------------------------------------------------------/
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Ganglia-developers mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ganglia-developers
Federico
Rocks Cluster Group, SDSC, San Diego
GPG Fingerprint: 3C5E 47E7 BDF8 C14E ED92 92BB BA86 B2E6 0390 8845
