Juju security model

Mark Shuttleworth mark at ubuntu.com
Mon Aug 12 07:27:10 UTC 2013 

It's worth mentioning the big weakness in current Juju, which iirc is
that there is a single credential for admin access to an environment,
and no audit trail on the environment. Creating multiple authenticated
users, and starting to take advantage of that for audit etc, is on the
roadmap for the next few months. Nevertheless, if you keep your
environments relatively small and focused the model is  adequate today.

Mark


On 10/08/13 04:13, John Meinel wrote:
>
> I realize I didn't mention it, but even direct DB connections
> currently require a unique agent id and password as well as TLS
> encryption.
>
> John
> =:->
>
> On Aug 10, 2013 7:10 AM, "John Meinel" <john at arbash-meinel.com
> <mailto:john at arbash-meinel.com>> wrote:
>
>
>     On Aug 10, 2013 1:34 AM, "Mike Sam" <mikesam460 at gmail.com
>     <mailto:mikesam460 at gmail.com>> wrote:
>     >
>     > Would you please explain juju security model?
>     >
>     > 1> How are machine and unit agents authenticate to the bootstrap
>     node? 
>
>     Machine agents are given the API server address and public cert
>     and a password via cloud-init.
>
>     They connect to the API server with TLS and require the matching
>     certificate. On first connect, the agents change their password to
>     a randomly generated string.
>
>     Unit agents are started by the machine agents.  Since they use the
>     same code, they also change their password in first connect. 
>     (They don't really need to as they got the original password on a
>     secure connection. )
>
>     >
>     > 2> Who authenticate to who? "agent to agent" or "agent to db"?
>
>     All agents will connect to the API server(s). Who then have a
>     direct DB connection. 
>
>     Today, there are some agents that are not API servers that have a
>     direct DB connection.  Though we are actively reducing that.
>
>     >
>     > 3> what do they need to provide to get authenticated? 
>
>     Agent id and unique password. They also require the cert for the
>     API server.
>
>     >
>     > 4> How many ssh keys do we have for all the machines of one
>     environment?
>
>     At present I believe there is just one ssh key.
>     >
>     > 5> Any existing concern on the security model?
>
>     As mentioned we are removing direct DB access for agents that are
>     not on the API server.
>
>     >
>     > Thanks,
>     > Mike
>     >
>     > --
>     > Juju mailing list
>     > Juju at lists.ubuntu.com <mailto:Juju at lists.ubuntu.com>
>     > Modify settings or unsubscribe at:
>     https://lists.ubuntu.com/mailman/listinfo/juju
>     >
>
>     John
>     =:->
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju/attachments/20130812/2bfbb7ce/attachment.html>

More information about the Juju mailing list