1 / 15

Diskless Cluster Computing:  Security Benefit of oneSIS and Git

Diskless Cluster Computing:  Security Benefit of oneSIS and Git. Aron Warren September 2012 GIAC GSEC, GCIH, GCIA. Overview. oneSIS Git Using Git to track an OS image. oneSIS Intro. History Reason it exists Improve sysadmin efficiency & accuracy Reduce number of systems to maintain

juliette
Download Presentation

Diskless Cluster Computing:  Security Benefit of oneSIS and Git

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Diskless Cluster Computing:  Security Benefit of oneSIS and Git Aron Warren September 2012 GIAC GSEC, GCIH, GCIA SANS Technology Institute - Candidate for Master of Science Degree

  2. Overview • oneSIS • Git • Using Git to track an OS image SANS Technology Institute - Candidate for Master of Science Degree

  3. oneSIS Intro • History • Reason it exists • Improve sysadmin efficiency & accuracy • Reduce number of systems to maintain • Keeps the spirit • How it works SANS Technology Institute - Candidate for Master of Science Degree

  4. oneSIS in Action DISTRO: RedHat EL-6 –sp RAMSIZE: 500m NODECLASS_REGEX mountain\d+ mycluster NODECLASS_RANGE mountain[1-5] mycluster.compute NODECLASS_RANGE mountain[6-10] mycluster.web LINKDIR: /root -d LINKDIR: /tmp –d LINKDIR: /var/log -d LINKDIR: /var/run –d LINKFILE: /etc/fstab SERVICE httpd –c myclass.web SANS Technology Institute - Candidate for Master of Science Degree

  5. Symlinks in action [root@mountain1 ~]# ls -la /etc/fstab lrwxrwxrwx 1 root root 14 Aug 1 2011 /etc/fstab -> /ram/etc/fstab [root@mountain1 ~]# ls -la /ram/etc/fstab lrwxrwxrwx 1 root root 21 May 22 12:04 /ram/etc/fstab -> /etc/fstab.mycluster.compute [root@mountain1 ~]# ls -la /etc/fstab.mycluster.compute -rw-r--r-- 1 root root 972 Jun 5 2008 /etc/fstab.mycluster.compute [root@mountain1 ~]# ls -la /etc/fstab.* -rw-r--r-- 1 root root 312 Jun 2 2008 /etc/fstab.default -rw--r--r-- 1 root root 852 Oct 30 2011 /etc/fstab.mycluster.compute -rw--r--r-- 1 root root 852 Oct 31 2011 /etc/fstab.mycluster.web SANS Technology Institute - Candidate for Master of Science Degree

  6. Git and our Goal • History • Reasons to use it • Multiple, simultaneous collaborators • Decentralized repositories • Binary files • What we want to achieve? • How we achieve it? SANS Technology Institute - Candidate for Master of Science Degree

  7. Git in Action [root@server]# cd /var/lib/oneSIS/images/image-prod [root@server image-prod]# git init Initialized empty Git repository in /var/lib/oneSIS/images/image-prod/.git/ [root@server image-prod]# cat .gitignore dev proc [root@server image-prod]# tar cvf dev.tar dev/* [root@server image-prod]# find . -name .git -prune -o -type d -empty -exec touch {}/.gitignore \; SANS Technology Institute - Candidate for Master of Science Degree

  8. Git in Action Part 2 [root@localhost image-prod]# cd .git/hooks/ [root@localhost hooks]# cp /usr/share/git-core /contrib/hooks/* . setgitperms.perl : [root@localhost image-prod]# cd .git/hooks/ [root@localhost hooks]# cp /usr/share/git-core /contrib/hooks/* . [root@server image-prod]# git add -f * SANS Technology Institute - Candidate for Master of Science Degree

  9. Git in Action – Final Bits [root@server image-prod]# git commit -m "Initial Commit" --author="Aron Warren <aronwarren@gmail.com>" [master (root-commit) 3311f7e] Initial Commit Author: Aron Warren <aronwarren@gmail.com> Committer: root <root@localhost.localdomain> 310406 files changed, 41830189 insertions(+), 0 deletions(-) create mode 100644 .gitmeta create mode 100755 bin/alsaunmute create mode 100755 bin/arch ... SANS Technology Institute - Candidate for Master of Science Degree

  10. Pros • Integrity • Rollback of Changes • Immediate Rollout of Changes (single pull) – Leads to Staged Rollouts SANS Technology Institute - Candidate for Master of Science Degree

  11. Cons • RPMs • Image size grows over time • File permissions SANS Technology Institute - Candidate for Master of Science Degree

  12. Some commands that help • diff –u .gitmeta <(.git/hooks/setgitperms.perl –r –s) • git update-index --really-refresh • git clean -d -f • git reset --hard commit-id SANS Technology Institute - Candidate for Master of Science Degree

  13. Sneak Peek • Version 3 • Fixes the above mentioned issues • Much more flexibility SANS Technology Institute - Candidate for Master of Science Degree

  14. Reference Materials • Google. (2007, May 14). Tech Talk: Linus Torvalds on git . Retrieved February 25, 2012, from YouTube: http://www.youtube.com/watch?v=4XpnKHJAok8 • Schroeder, B., Gibson, G. A. (2007). Understanding disk failure rates: What does an MTTF of 1,000,000 hours mean to you?. Trans. Storage, 3(3), 8:1-8:31. DOI=10.1145/1288783.1288785 SANS Technology Institute - Candidate for Master of Science Degree

  15. Summary • oneSIS + Git = easy way to manage a diskless image • Provides image integrity • Provides easy upgrade and rollback paths SANS Technology Institute - Candidate for Master of Science Degree

More Related