1725731 – GlusterFS security documentation must include encryption (SSL) recommendation as per BZ#1566609

Bug 1725731 - GlusterFS security documentation must include encryption (SSL) recommendation as per BZ#1566609

Summary: GlusterFS security documentation must include encryption (SSL) recommendation...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Documentation
Sub Component:
Version:	3.11.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	---
Target Release:	3.11.z
Assignee:	Bob Furu
QA Contact:	Qin Ping
Docs Contact:	Vikram Goyal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-07-01 11:01 UTC by Pedro Amoedo
Modified:	2023-03-24 15:01 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-05-07 17:58:47 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Pedro Amoedo 2019-07-01 11:01:45 UTC

Document URL: 

https://docs.openshift.com/container-platform/3.11/install_config/persistent_storage/persistent_storage_glusterfs.html#considerations-volume-security

Section Number and Name: 
N/A

Describe the issue: 

As per BZ#1566609, "In OCS 3.x, the supported way for achieving access control to volumes is enabling I/O encryption for the respective volumes, as documented in the OCS Operations Guide[1]. Further options will be considered in OCS 4."

Suggestions for improvement: 

Please include a note strongly recommending the customers to enable SSL encryption by default as stated in OCS Operations Guide[1] because as confirmed via BZ#1566609, the use of non encrypted volumes could be a security issue.

Additional information: 

[1] - https://access.redhat.com/documentation/en-us/red_hat_openshift_container_storage/3.11/html-single/operations_guide/index#chap-Documentation-Red_Hat_Gluster_Storage_Container_Native_with_OpenShift_Platform-Enabling_Encryption

Comment 1 Pedro Amoedo 2019-07-29 15:23:00 UTC

Hi all, any update here?

Thanks and regards.

Comment 2 Pedro Amoedo 2019-09-12 11:04:17 UTC

Hi all, could be possible to obtain some update here? thks.

Comment 3 Pedro Amoedo 2020-01-20 21:17:43 UTC

Hi Vikram, could be possible to obtain an initial evaluation here? thanks.

Comment 4 Bob Furu 2020-05-01 20:23:39 UTC

Added a note that users should use SSL encryption in OCS 3.11. PR 21749: https://github.com/openshift/openshift-docs/pull/21749

Moving to QA for verification.

Comment 5 Bob Furu 2020-05-07 17:58:47 UTC

PR merged and verified live: https://docs.openshift.com/container-platform/3.11/install_config/persistent_storage/persistent_storage_glusterfs.html#considerations-volume-security

Closing BZ.

Note You need to log in before you can comment on or make changes to this bug.