[Labs-l] second attempt to request alternative login server
Ryan Lane
rlane at wikimedia.org
Wed Mar 6 19:41:15 UTC 2013
On Wed, Mar 6, 2013 at 9:58 AM, Tim Landscheidt <tim at tim-landscheidt.de>wrote:
> Petr Bena <benapetr at gmail.com> wrote:
>
> > [...]
>
> >>> Set up a cron script that sync a local folder on bastion with
> >>> /public/keys so that when gluster is down or that folder isn't working
> >>> login to bastion's still works.
>
> >> That might be feasible. But really the solution is don't let people
> >> kill the bastion. idk how we do that. and idk why the past social
> >> restrictions aren't sufficient. maybe we need ulimit or cgroups or
> >> something. :-(
>
> > it weren't people who kill them it was gluster or something like that
> > - we need reliable storage for keys if it's only way to login
>
> What's the point of allowing people to log into bastion only
> to find that they can't use their instances due to a gluster
> error? :-) Let's rephrase your request: "We need reliable
> storage." :-)
>
>
^^ This. I don't see the point of arguing about changing authentication to
fix a storage problem. The real problem here is an unreliable filesystem.
Let's not make things less secure to workaround a more serious issue.
- Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wikimedia.org/pipermail/labs-l/attachments/20130306/2f4f889b/attachment.html>
More information about the Labs-l
mailing list