[Linux-cluster] Shared storage across clustered VMs?
Jeff Karpinski
jeff at 3d0g.net
Fri Mar 5 12:07:09 UTC 2010
On Mar 5, 2010, at 4:02 AM, Brett Cave wrote:
>
> On Fri, Mar 5, 2010 at 12:42 PM, Rudi Ahlers <Rudi at softdux.com> wrote:
>
>
> What kind of security do you apply, both to the NFS cluster, and the data that get accessed on it?
>
> heya rudi, never realised u were on this list too ;)
>
> the exports are controlled by source IP address in /etc/exports. The data on there is not sensitive data at all in our environment, and GFS is all server environment, with no user access... but I just tested using ACLs and it works 100% (added the acl option to gfs mount, and configured using setfacl). We are using ldap network authentication, so works nicely with group permissions ;)
>
> (although we do have 1 luks volume image on the gfs filesystem that is mounted by one of the phy machines using a keyfile stored locally).
>
A good solution for security is to define the clustered NFS service on a "private" non-routed network and give the VMs a new interface in that network. Then the NFS won't even be visible outside the cluster. Also keeps that traffic off your physical networks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-cluster/attachments/20100305/374b4323/attachment.htm>
More information about the Linux-cluster
mailing list