[Pulp-list] Pulp (MongoDB) Security Configuration
Brian Bouterse
bbouters at redhat.com
Wed Jan 27 18:35:06 UTC 2016
see inline
On 01/27/2016 01:21 PM, Lesley Kimmel wrote:
> All;
>
> I am attempting to secure Satellite/Katello per DoD security guidance.
> The first few items I need to do is to limit incoming connections and to
> enable access control. Along those lines can anyone answer:
>
> a) How many connections to MongoDB does Pulp require? Is it configurable?
I think the best way to answer this question is to look at how Pulp
components configure PyMongo [0]. Each Pulp process will call
initialize() once. The #mongodb community could speak more to how many
connections that translates to with replica sets and seeds.
> b) Out of the box there is no access control between Pulp and MongoDB.
> What are the minimum permissions/roles needed for a user to allow Pulp
> do do what it needs to do?
Use the roles documented here [1].
>
>
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list
>
[0]:
https://github.com/pulp/pulp/blob/master/server/pulp/server/db/connection.py#L35
[1]:
http://pulp.readthedocs.org/en/latest/user-guide/installation.html#server
More information about the Pulp-list
mailing list