Hi all, I've been looking into using sysclone within xcat recently and I was hoping the community might have some guidance on how to use sysclone provisioning in a secure manner.
Perhaps I'm doing something incorrect in how I'm setting up sysclone, but I've found that by default there is no authentication on the rsyncd process that systemimager uses for sysclone, so any user with access to the networks that sysclone is provisioning over (which if we were using sysclone to provision cluster compute nodes would be any user in the cluster) can use rsync to copy any sysclone image from the xcat server eg: [user@compute-node] $ rsync -n xcat-server::my_sysclone_image ...returns contents of the images... It seems to me to imply that I should be doing some of the following: - I should only expose rsyncd to a trusted provisioning network. However we were looking at sysclone to replace our use of statelite on a future user-facing compute cluster. So to provision this cluster, compute nodes would need access to the provisioning network, and thus rsyncd would be exposed to users on this cluster. Do other people use a dedicated provisioning vlan, that is distinct from their node management/ssh vlan? Perhaps we could use some clever automation whereby a node that we are provisioning has it's switch ports added to a special provisioning vlan when a node is initially syscloned, and then this vlan is removed after the proccess is complete? Although this would complicate updatenode or imgcapture for future node management. - I should ensure that all sysclone images are purged of any potentially sensitive information - logs, ssh keys, password hashes etc, and need processes to ensure this cleaning is done on every imgcapture. Sensitive information could then be distributed to the nodes via another method, such as configuration management tools, puppet/ansible etc... - Perhaps there is a way to configure rsync/systemimager to use ssh transport, with some ssh keypair distributed as part of the sysclone genesis image perhaps? But then the genesis image is available over tftp so this keypair would be possible to reach for a motivated attacker, thereby only making access to rsyncd harder, but not impossible. Does anyone use sysclone in production in a compute cluster environment, particularly with nodes that have untrusted users on them that are provisioned via sysclone? How do you secure your xcat server so rsyncd is not exposed like this? I'd be grateful for details on how other people do this, Kind regards, Matt ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xcat-user
