Taskotron and Cloud Image tests
Tim Flink
tflink at redhat.com
Thu Apr 17 16:50:11 UTC 2014
On Thu, 17 Apr 2014 17:35:13 +0200
Vitaly Kuznetsov <vkuznets at redhat.com> wrote:
<snip>
> > Another possible snag is that I want to start locking down network
> > access on most if not all of the test clients so that it's less
> > possible for user-submitted tasks to go awry and do things they
> > shouldn't. This hasn't been done yet, though and it's something
> > that we can discuss going forward.
>
> For valid we'll require two things:
> 1) Access to Cloud's (AWS, Openstack, ...) endpoint
> 2) SSH to running VM
Interfacing with EC2 wasn't a use-case that I was thinking of for
network isolation of the taskotron clients, so those plans may change
somewhat. The clients aren't isolated yet, so this won't be a problem
immediately.
> Can we have special dedicated test client for valid? That would make
> sense from securitty pov as we need to store cloud access credentials
> there.
I suppose that we could but I'd really prefer to avoid that if at all
possible. Having one "special" client isn't an issue but it does open
the door to other task authors asking for the same thing and that will
get unmanageable pretty quick.
That being said, I'm not sure how to go about managing credentials like
that in a secure fashion. This'll require some more thought but
suggestions are certainly welcome :)
Tim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/cloud/attachments/20140417/fa278afd/attachment.sig>
More information about the cloud
mailing list