Skip to content

Navigation Menu

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

Tendrl / documentation Public

Notifications You must be signed in to change notification settings
Fork 21
Star 70

Code
Issues 7
Pull requests 2
Actions
Projects
Wiki
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Wiki
Security
Insights

SSL Configuration for Tendrl

Martin Bukatovič edited this page Feb 21, 2019 · 20 revisions

This is overview of pending work related to SSL configuration for Tendrl.

What are the use cases?

Secure all direct user facing interfaces of Tendrl server machine (tendrl web, grafana web).
Secure all remaining services running on Tendrl server machine (etcd, carbon, ...).
Secure all communication channels within storage cluster (etcd, carbon, ...).

By secure we mean both:

TLS based encryption (aka SSL) of the communication channel
authentication of all encrypted channels (there is no point in encrypting communication channel when one can open one for themselves without authentication)

Ports opened on Tendrl server:

2379/tcp etcd (could be encrypted and authenticated via ssl, which is documented)
2003/tcp carbon
~~10080/tcp~~ graphite is no longer available via this port from the outside
~~9292/tcp~~ puma (tendrl-api) is now available via httpd: http(s)://hostname/api/1.0/
~~3000/tcp~~ Grafana dashboard is now available via httpd: http(s)://hostname/grafana/
8789/tcp webhook receiver
80/tcp (apache web server, hosting Tendrl web, API and Grafana dashboard)

Recent or Planned features related to SSL Configuration

Make grafana available via http instead of using dedicated port 3000/tcp

https://github.com/Tendrl/ui/pull/1074
https://github.com/Tendrl/api/pull/447
https://github.com/Tendrl/monitoring-integration/pull/578
https://github.com/Tendrl/tendrl-ansible/issues/127

What needs to be done

figure out which components need to use SSL:
- web browser -> tendrl (served via httpd)
- web browser -> grafana (served via httpd)
- web browser -> graphite:
  - Do we want to have graphite web available? The answer is no (the port has been recently disabled).
  - ~~If yes, we need to proxy it through httpd as well.~~ Not applicable (see above).
- various tendrl components -> graphite
- various tendrl components -> etcd (TLS client-server based authentication)
  - already documented
  - partially implemented via tendrl-ansible (when users generate TLS CA files themselves)
  - deployment of default Tendrl CA for TLS client-server based authentication
implement tendrl - grafana authentication
additional code changes may be needed (excluding tendrl-ansible), eg: some hardcoded http urls
how to configure it (initial dev docs)
how to implement default via tendrl-ansible
document when default CA deployment provided by tendrl-ansible is a good idea

Current documentation

https://github.com/Tendrl/documentation/wiki/Enabling-Https-on-tendrl-server

Previous now deprecated work

Previous guide was available on (use history to get to old state):

https://github.com/Tendrl/documentation/wiki/Enabling-Https-on-tendrl-server

Previous work done in tendrl-ansible:

https://github.com/Tendrl/tendrl-ansible/issues/30
https://github.com/Tendrl/tendrl-ansible/pull/46

Toggle table of contents Pages 49

Home
Architecture Meeting Notes
Best Practices for Response Times and Latency
Bugs triage
Developer test plan
Enabling Https on tendrl server
Etcd SSL configuration using tendrl ansible
Getting in touch with the project
How to file bugs against the Tendrl stack
How to send alerts from inside Tendrl for devs
Import Failure Modes
Information required for debugging issues on the Tendrl stack
Labels on repositories
List of Alerts and Notifications in Tendrl
Metrics
Multinode Glusterfs with All in 1 Tendrl for Monitoring Vagrant Intern Edition Notes
Performance Hackathon, June 2017
SSL Configuration for Tendrl
Steps for making upstream release for a component
Tendrl 2 Gluster 4.x (GD2) Architecture (WIP)
Tendrl Documentation Scope Overview
Tendrl firewall settings
Tendrl profiling
Tendrl release latest
Tendrl release v1.4.0 (install docs)
Tendrl release v1.4.0 (summary)
Tendrl release v1.4.1 (install doc)
Tendrl release v1.4.1 (summary)
Tendrl release v1.4.2 (install doc)
Tendrl release v1.4.2 (summary)
Tendrl release v1.5.0 (install doc)
Tendrl release v1.5.0 (summary)
Tendrl release v1.5.1 (install guide)
Tendrl release v1.5.1 (summary)
Tendrl release v1.5.2 (install guide)
Tendrl release v1.5.2 (summary)
Tendrl release v1.5.3 (install guide)
Tendrl release v1.5.4 (install guide)
Tendrl release v1.5.5 (install guide)
Tendrl release v1.6.0 (install guide)
Tendrl release v1.6.1 (install guide)
Tendrl release v1.6.2 (install guide)
Tendrl release v1.6.3 (install guide)
Tendrl Releases
Tendrl UI designs
Tendrl UI Designs for Gluster Only Monitoring Release (Tendrl Release 1.6.3 and earlier)
Tendrl with a secure etcd cluster
Units of different Metrics In grafana
UX Issues

Clone this wiki locally

Footer

© 2024 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.