Backlog #948
Website documentation /var/lib/one
| Status: | Closed | Start date: | 10/31/2011 | |
|---|---|---|---|---|
| Priority: | Low | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | Documentation | Estimated time: | 10.00 hours | |
| Target version: | - |
Description
Hi,
in http://www.opennebula.org/documentation:rel3.0:ignc you mention
"If you are not going to export /var/lib/one via a shared FS, such as NFS, then you must copy the front-end /var/lib/one/.ssh directory to each one of the hosts; in the same path."
There should be an understanding, and a warning, that NFS-exporting this directory will of course make the private ssh keys visible in plain text on the wire.
This is something that "you never ever should do"[tm] and there should at least be a warning.
Good solution: have keys per host (this can be painful, but not as much as losing control of your cloud. Tools like "Monkeysphere" can reduce the pain, or ONE could handle the keys, whereas users of config management systems will have no problem setting up the keys)
Sharing keys over NFS is really, well, very comfortable.
I wouldn't know if I didn't have fallen for the same thing once by having a global home directory using automounts.
But it must never be done and definitely should not be in documentation.
History
#1
Updated by Ruben S. Montero about 8 years ago
- Tracker changed from Request to Backlog
#2
Updated by Ruben S. Montero about 8 years ago
- Status changed from New to Pending
#3
Updated by Ruben S. Montero about 8 years ago
- Target version deleted (
Release 3.4)
#4
Updated by Ruben S. Montero over 7 years ago
- Status changed from Pending to Closed