Opened 10 years ago
Closed 6 years ago
#11829 closed task (fixed)
Form an opinion if/which services running on baron directly should better be moved to a VM
| Reported by: | zooey | Owned by: | haiku-web |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | Sys-Admin | Version: | |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Platform: | All |
Description
Currently, a couple of services run on baron directly:
- buildbot master
- downloads.haiku-os.org
- server-stats.haiku-os.org
- web-stats.haiku-os.org
- rsync daemon feeding our mirrors
From a security perspective, this isn't very nice, as baron is the hypervisor, which means that any break-in via a service running on it could provide access to all VMs, too. Having those services run in a (maybe additional) VM would limit the risk of an intrusion at least to some extent.
Some of these services (most notable: download.haiku-os.org and the mirror feed) have been put onto baron for a reason: they place considerable demands on network bandwidth and disk space, so moving them to a VM isn't straightforward.
Change History (2)
comment:1 by , 6 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 6 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
This is no longer relevant. All services run isolated within containers on the new infrastructure.
The code for all of our infrastructure is in git at: http://github.com/haiku/infrastructure You can standup "everything" based on that.
The haiku-sysadmin user no longer exists, changing to haiku-web.