Scope 42on remote access to Ceph cluster
Problem / Opportunity Statement
42on is our Ceph support vendor. During the Ceph cluster malfunction resulting from April 14 power outage, we gave Spencer MacPhee at 42on SSH access to j2m1. 42on user, in the sudoers file too.
By the principle of least privilege, we should not leave a vendor with ongoing root access to the entire cloud.
Resolution
- Decide what level of access 42on should have to JS2 systems on an ongoing basis, and document the decision.
- Possibly:
- Root shell directly to two storage nodes, maybe
r07s01and one additional node via public IPs. - No root access to j2m1.
- No shell access to j2m1 at all?
- Root shell directly to two storage nodes, maybe
- Possibly:
- Identify which SSH public keys 42on will use, and possibly which source IPs they can connect from.
- Implement what we decide, and revoke any additional temporary access granted on April 15.
- Ask 42on to test their access and confirm that it works.
Edited by Chris Martin