Project

General

Profile

Actions

action #158242

closed

openQA Project - coordination #105624: [saga][epic] Reconsider how openQA handles secrets

openQA Project - coordination #157537: [epic] Secure setup of openQA test machines with secure network+secure authentication

Prevent ssh access to test VMs on svirt hypervisor hosts with firewall size:M

Added by okurz 4 months ago. Updated 3 months ago.

Status:
Rejected
Priority:
High
Assignee:
Category:
Feature requests
Target version:
Start date:
2024-03-28
Due date:
% Done:

0%

Estimated time:

Description

Motivation

In https://sd.suse.com/servicedesk/customer/portal/1/SD-150437 we are asked to handle "compromised root passwords in QA segments" including s390zl11…16

Acceptance criteria

  • AC1: firewall on OSD svirt hosts prevents direct ssh+vnc access from outside, i.e. normal office networks
  • AC2: openQA svirt jobs are still able to access ssh+vnc as necessary, e.g. from openQA workers in the same network OR openQA workers on the hypervisor hosts themselves

Suggestions


Related issues 3 (0 open3 closed)

Copied from openQA Tests - action #157555: [spike][timeboxed:10h][qe-core] Use a different ssh root password for any svirt (s390, x86, etc) installation openQA jobs size:SRejectedokurz

Actions
Copied to openQA Project - action #158455: [spike][timeboxed:10h] openQA worker native on s390xResolvedokurz2024-03-28

Actions
Copied to openQA Infrastructure - action #159066: network-level firewall preventing direct ssh+vnc access to openQA test VMs size:MResolvednicksinger2024-03-28

Actions
Actions

Also available in: Atom PDF