You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@brooklyn.apache.org by bostko <gi...@git.apache.org> on 2017/04/26 17:36:56 UTC
[GitHub] brooklyn-docs pull request #174: gDefault config key
GitHub user bostko opened a pull request:
https://github.com/apache/brooklyn-docs/pull/174
gDefault config key
Ssh access should be strongly limited.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/bostko/brooklyn-docs sec/guidelines
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/brooklyn-docs/pull/174.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #174
----
commit 5f7f1d03e6b26ef9a2b282b911e80dfbf0e5346e
Author: Valentin Aitken <bo...@gmail.com>
Date: 2017-04-26T17:35:06Z
Security guidelines
Ssh access should be strongly limited.
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #174: Security guidelines
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/brooklyn-docs/pull/174
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #174: Security guidelines
Posted by drigodwin <gi...@git.apache.org>.
Github user drigodwin commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/174#discussion_r113575475
--- Diff: guide/ops/security-guidelines.md ---
@@ -72,7 +72,10 @@ root login.
### VM Users
It is strongly discouraged to use the root user on VMs being created or managed by Brooklyn.
+SSH access should be delegated on rare cases such as initial Apache Brooklyn setup and other maintenance occasions.
+Avoid putting config a lot of options in `etc/brooklyn.cfg` which one would later need to ssh and change.
+Keep location configuration it is preferable to use [Locations in the Catalog](./catalog/#locations-in-the-catalog).
--- End diff --
I think these two lines need rewording but I'm not sure what they're adding. `etc/brooklyn.cfg` is a config file in the Karaf Brooklyn distro which is not currently the default. I'm not sure we're advising people put locations in there anywhere.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #174: Security guidelines
Posted by drigodwin <gi...@git.apache.org>.
Github user drigodwin commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/174#discussion_r113574843
--- Diff: guide/ops/security-guidelines.md ---
@@ -72,7 +72,10 @@ root login.
### VM Users
It is strongly discouraged to use the root user on VMs being created or managed by Brooklyn.
+SSH access should be delegated on rare cases such as initial Apache Brooklyn setup and other maintenance occasions.
--- End diff --
I'm not sure what you mean by delegated here?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---