Opened 6 years ago

Closed 21 months ago

#11829 closed task (fixed)

Form an opinion if/which services running on baron directly should better be moved to a VM

Reported by: zooey Owned by: haiku-web
Priority: normal Milestone:
Component: Sys-Admin Version:
Keywords: Cc:
Blocked By: Blocking:
Platform: All


Currently, a couple of services run on baron directly:

  • buildbot master
  • rsync daemon feeding our mirrors

From a security perspective, this isn't very nice, as baron is the hypervisor, which means that any break-in via a service running on it could provide access to all VMs, too. Having those services run in a (maybe additional) VM would limit the risk of an intrusion at least to some extent.

Some of these services (most notable: and the mirror feed) have been put onto baron for a reason: they place considerable demands on network bandwidth and disk space, so moving them to a VM isn't straightforward.

Change History (2)

comment:1 by nielx, 2 years ago

Owner: changed from haiku-sysadmin to haiku-web
Status: newassigned

The haiku-sysadmin user no longer exists, changing to haiku-web.

comment:2 by kallisti5, 21 months ago

Resolution: fixed
Status: assignedclosed

This is no longer relevant. All services run isolated within containers on the new infrastructure.

The code for all of our infrastructure is in git at: You can standup "everything" based on that.

Note: See TracTickets for help on using tickets.