[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #30023 [Internal Services/Tor Sysadmin Team]: improve grafana authentication

To: undisclosed-recipients: ;
Subject: [tor-bugs] #30023 [Internal Services/Tor Sysadmin Team]: improve grafana authentication
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 04 Apr 2019 17:18:29 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 04 Apr 2019 13:18:38 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#30023: improve grafana authentication
-----------------------------------------------------+--------------------
     Reporter:  anarcat                              |      Owner:  tpa
         Type:  task                                 |     Status:  new
     Priority:  Medium                               |  Milestone:
    Component:  Internal Services/Tor Sysadmin Team  |    Version:
     Severity:  Normal                               |   Keywords:
Actual Points:                                       |  Parent ID:  #29681
       Points:                                       |   Reviewer:
      Sponsor:                                       |
-----------------------------------------------------+--------------------
 the grafana server is now setup (#29684) but there are still issues
 regarding authentication. we might want to grant access to other users
 than the admin one, for example.

 the original idea was to do the same "anonymous authentication" setup than
 for Prometheus, except something came up during deployment that made me
 question that strategy. it was raised while considering deployment of
 third-party exporters:

 > something regarding authentication came up through a third-party scraper
 deployment, in #29863. there were concerns the node exporter would leak
 information that could be exploited for a side-channel attacks. the node
 exporter is firewalled, but then all that data is then made available on
 the prometheus server protected only by a trivial password. they will make
 an assessment of the exposed data and see if the additional authentication
 burden is worth the risk.

 if we do not go with "anon" authentication, we could connect the Grafana
 server with LDAP, but then it means it might go down if the LDAP server
 crashes, which is a problem for a monitoring server, obviously.

 in any case, users need to be configured through Puppet, which they
 currently are not. this is partly related to secrets management and
 generation in Puppet, which is also discussed in #30009.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30023>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #30023 [Internal Services/Tor Sysadmin Team]: improve grafana authentication
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #30023 [Internal Services/Tor Sysadmin Team]: improve grafana authentication
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #30023 [Internal Services/Tor Sysadmin Team]: improve grafana authentication
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #30023 [Internal Services/Tor Sysadmin Team]: improve grafana authentication
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #30023 [Internal Services/Tor Sysadmin Team]: improve grafana authentication
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #30023 [Internal Services/Tor Sysadmin Team]: improve grafana authentication
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #30023 [Internal Services/Tor Sysadmin Team]: improve grafana authentication
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #30001 [Core Tor/Tor]: test failure: dir_handle_get/status_vote_next_bandwidth
Next by Author: Re: [tor-bugs] #29374 [Metrics/Onionperf]: Analysis files sometimes present negative numbers in the payload_progress field
Previous by thread: [tor-bugs] [Tor Bug Tracker & Wiki] Batch modify: #29357, #29668, #30021, #29108
Next by thread: Re: [tor-bugs] #30023 [Internal Services/Tor Sysadmin Team]: improve grafana authentication
Index(es):
- Author
- Thread