Download presentation
Presentation is loading. Please wait.
1
1 SANS Technology Institute - Candidate for Master of Science Degree 1 Diskless Cluster Computing: Security Benefit of oneSIS and Git Aron Warren September 2012 GIAC GSEC, GCIH, GCIA
2
Overview oneSIS Git Using Git to track an OS image SANS Technology Institute - Candidate for Master of Science Degree 2
3
History Reason it exists –Improve sysadmin efficiency & accuracy –Reduce number of systems to maintain –Keeps the spirit How it works SANS Technology Institute - Candidate for Master of Science Degree 3 oneSIS Intro
4
SANS Technology Institute - Candidate for Master of Science Degree 4 oneSIS in Action DISTRO: RedHat EL-6 –sp RAMSIZE: 500m NODECLASS_REGEX mountain\d+ mycluster NODECLASS_RANGEmountain[1-5] mycluster.compute NODECLASS_RANGEmountain[6-10] mycluster.web LINKDIR: /root -d LINKDIR: /tmp –d LINKDIR: /var/log -d LINKDIR: /var/run –d LINKFILE: /etc/fstab SERVICE httpd –c myclass.web
![SANS Technology Institute - Candidate for Master of Science Degree 4 oneSIS in Action DISTRO: RedHat EL-6 –sp RAMSIZE: 500m NODECLASS_REGEX mountain\d+ mycluster NODECLASS_RANGEmountain[1-5] mycluster.compute NODECLASS_RANGEmountain[6-10] mycluster.web LINKDIR: /root -d LINKDIR: /tmp –d LINKDIR: /var/log -d LINKDIR: /var/run –d LINKFILE: /etc/fstab SERVICE httpd –c myclass.web](http://images.slideplayer.com./27/9258306/slides/slide_4.jpg "SANS Technology Institute - Candidate for Master of Science Degree 4 oneSIS in Action DISTRO: RedHat EL-6 –sp RAMSIZE: 500m NODECLASS_REGEX mountain\d+ mycluster NODECLASS_RANGEmountain[1-5] mycluster.compute NODECLASS_RANGEmountain[6-10] mycluster.web LINKDIR: /root -d LINKDIR: /tmp –d LINKDIR: /var/log -d LINKDIR: /var/run –d LINKFILE: /etc/fstab SERVICE httpd –c myclass.web")
5
Symlinks in action [root@mountain1 ~]# ls -la /etc/fstab lrwxrwxrwx 1 root root 14 Aug 1 2011 /etc/fstab -> /ram/etc/fstab [root@mountain1 ~]# ls -la /ram/etc/fstab lrwxrwxrwx 1 root root 21 May 22 12:04 /ram/etc/fstab -> /etc/fstab.mycluster.compute [root@mountain1 ~]# ls -la /etc/fstab.mycluster.compute -rw-r--r-- 1 root root 972 Jun 5 2008 /etc/fstab.mycluster.compute [root@mountain1 ~]# ls -la /etc/fstab.* -rw-r--r-- 1 root root 312 Jun 2 2008 /etc/fstab.default -rw--r--r-- 1 root root 852 Oct 30 2011 /etc/fstab.mycluster.compute -rw--r--r-- 1 root root 852 Oct 31 2011 /etc/fstab.mycluster.web SANS Technology Institute - Candidate for Master of Science Degree 5
![Symlinks in action ~]# ls -la /etc/fstab lrwxrwxrwx 1 root root 14 Aug /etc/fstab -> /ram/etc/fstab ~]# ls -la /ram/etc/fstab lrwxrwxrwx 1 root root 21 May 22 12:04 /ram/etc/fstab -> /etc/fstab.mycluster.compute ~]# ls -la /etc/fstab.mycluster.compute -rw-r--r-- 1 root root 972 Jun /etc/fstab.mycluster.compute ~]# ls -la /etc/fstab.* -rw-r--r-- 1 root root 312 Jun /etc/fstab.default -rw--r--r-- 1 root root 852 Oct /etc/fstab.mycluster.compute -rw--r--r-- 1 root root 852 Oct /etc/fstab.mycluster.web SANS Technology Institute - Candidate for Master of Science Degree 5](http://images.slideplayer.com./27/9258306/slides/slide_5.jpg "Symlinks in action ~]# ls -la /etc/fstab lrwxrwxrwx 1 root root 14 Aug /etc/fstab -> /ram/etc/fstab ~]# ls -la /ram/etc/fstab lrwxrwxrwx 1 root root 21 May 22 12:04 /ram/etc/fstab -> /etc/fstab.mycluster.compute ~]# ls -la /etc/fstab.mycluster.compute -rw-r--r-- 1 root root 972 Jun /etc/fstab.mycluster.compute ~]# ls -la /etc/fstab.* -rw-r--r-- 1 root root 312 Jun /etc/fstab.default -rw--r--r-- 1 root root 852 Oct /etc/fstab.mycluster.compute -rw--r--r-- 1 root root 852 Oct /etc/fstab.mycluster.web SANS Technology Institute - Candidate for Master of Science Degree 5")
6
6 Git and our Goal History Reasons to use it –Multiple, simultaneous collaborators –Decentralized repositories –Binary files What we want to achieve? How we achieve it?
7
Git in Action [root@server]# cd /var/lib/oneSIS/images/image-prod [root@server image-prod]# git init Initialized empty Git repository in /var/lib/oneSIS/images/image-prod/.git/ [root@server image-prod]# cat.gitignore dev proc [root@server image-prod]# tar cvf dev.tar dev/* [root@server image-prod]# find. -name.git -prune -o -type d -empty - exec touch {}/.gitignore \; SANS Technology Institute - Candidate for Master of Science Degree 7
![Git in Action cd /var/lib/oneSIS/images/image-prod image-prod]# git init Initialized empty Git repository in /var/lib/oneSIS/images/image-prod/.git/ image-prod]# cat.gitignore dev proc image-prod]# tar cvf dev.tar dev/* image-prod]# find.](http://images.slideplayer.com./27/9258306/slides/slide_7.jpg "-name.git -prune -o -type d -empty - exec touch {}/.gitignore \; SANS Technology Institute - Candidate for Master of Science Degree 7.")
8
Git in Action Part 2 [root@localhost image-prod]# cd.git/hooks/ [root@localhost hooks]# cp /usr/share/git-core /contrib/hooks/*. setgitperms.perl : [root@localhost image-prod]# cd.git/hooks/ [root@localhost hooks]# cp /usr/share/git-core /contrib/hooks/*. [root@server image-prod]# git add -f * SANS Technology Institute - Candidate for Master of Science Degree 8
![Git in Action Part 2 image-prod]# cd.git/hooks/ hooks]# cp /usr/share/git-core /contrib/hooks/*.](http://images.slideplayer.com./27/9258306/slides/slide_8.jpg "setgitperms.perl : image-prod]# cd.git/hooks/ hooks]# cp /usr/share/git-core /contrib/hooks/*. image-prod]# git add -f * SANS Technology Institute - Candidate for Master of Science Degree 8.")
9
Git in Action – Final Bits [root@server image-prod]# git commit -m "Initial Commit" --author="Aron Warren " [master (root-commit) 3311f7e] Initial Commit Author: Aron Warren Committer: root 310406 files changed, 41830189 insertions(+), 0 deletions(-) create mode 100644.gitmeta create mode 100755 bin/alsaunmute create mode 100755 bin/arch... SANS Technology Institute - Candidate for Master of Science Degree 9
![Git in Action – Final Bits image-prod]# git commit -m Initial Commit --author= Aron Warren [master (root-commit) 3311f7e] Initial Commit Author: Aron Warren Committer: root files changed, insertions(+), 0 deletions(-) create mode gitmeta create mode bin/alsaunmute create mode bin/arch...](http://images.slideplayer.com./27/9258306/slides/slide_9.jpg "SANS Technology Institute - Candidate for Master of Science Degree 9.")
10
10 Pros Integrity Rollback of Changes Immediate Rollout of Changes (single pull) – Leads to Staged Rollouts
11
SANS Technology Institute - Candidate for Master of Science Degree 11 Cons RPMs Image size grows over time File permissions
12
Some commands that help diff –u.gitmeta <(.git/hooks/setgitperms.perl –r –s) git update-index --really-refresh git clean -d -f git reset --hard commit-id SANS Technology Institute - Candidate for Master of Science Degree 12
13
SANS Technology Institute - Candidate for Master of Science Degree 13 Sneak Peek Version 3 Fixes the above mentioned issues Much more flexibility
14
Reference Materials Google. (2007, May 14). Tech Talk: Linus Torvalds on git. Retrieved February 25, 2012, from YouTube: http://www.youtube.com/watch?v=4XpnKHJAok8 Schroeder, B., Gibson, G. A. (2007). Understanding disk failure rates: What does an MTTF of 1,000,000 hours mean to you?. Trans. Storage, 3(3), 8:1-8:31. DOI=10.1145/1288783.1288785 SANS Technology Institute - Candidate for Master of Science Degree 14
15
SANS Technology Institute - Candidate for Master of Science Degree 15 Summary oneSIS + Git = easy way to manage a diskless image Provides image integrity Provides easy upgrade and rollback paths
Similar presentations
