Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a new rsync-based mover that uses stunnel w/ PSK instead of ssh #364

Closed
Tracked by #363
JohnStrunk opened this issue Aug 11, 2022 · 5 comments · Fixed by #511, #516 or #510
Closed
Tracked by #363

Create a new rsync-based mover that uses stunnel w/ PSK instead of ssh #364

JohnStrunk opened this issue Aug 11, 2022 · 5 comments · Fixed by #511, #516 or #510
Assignees
@JohnStrunk
Labels
enhancement New feature or request
Projects
VolSync work items
Milestone
Version 0.7

Comments

@JohnStrunk
Copy link
Member

JohnStrunk commented Aug 11, 2022
edited
Loading

Describe the feature you'd like to have.
We need a new data mover that is similar to the existing rsync over ssh mover, except that it should use stunnel (TLS/PSK) as the transport instead of ssh.

What is the value to the end user? (why is it a priority?)

  • The existing rsync/ssh mover requires sshd on the destination, and sshd requires additional capabilities that we'd like to remove, specifically, CAP_AUDIT_WRITE.

How will we know we have a good solution? (acceptance criteria)
The overall target is feature parity with current rsync/ssh

  • Within and cross-cluster 1:1 replication
  • Support for all copyMethods
  • Option to auto-generate or use a provided key on both the source and destination

Additional context
The motivation for an additional mover instead of just changing the existing one is for ease of managing permissions, deprecation, and subsequent removal.
@project-bot project-bot bot added this to Incoming in VolSync work items Aug 11, 2022
@JohnStrunk JohnStrunk changed the title Create a new rsync-based mover that uses stunnel w/ PSK instead of ssh to protect the transfer. Create a new rsync-based mover that uses stunnel w/ PSK instead of ssh Aug 11, 2022
@JohnStrunk JohnStrunk added the enhancement New feature or request label Aug 11, 2022
@JohnStrunk JohnStrunk mentioned this issue Aug 11, 2022
Open
@JohnStrunk
Copy link
Member Author

/assign @pranavgaikwad

Pranav has agreed to take on this work.

@project-bot project-bot bot moved this from Incoming to Assigned issues in VolSync work items Aug 11, 2022
This was referenced Aug 11, 2022
Closed
Open
Open
@JohnStrunk
Copy link
Member Author

@pranavgaikwad Are you still planning to work on this? If so, could you provide an update?
We're trying to get an idea of the remaining work related to permission reduction.

@JohnStrunk
Copy link
Member Author

/assign

@JohnStrunk JohnStrunk mentioned this issue Nov 18, 2022
Merged
@JohnStrunk JohnStrunk added this to the Version 0.7 milestone Nov 30, 2022
@JohnStrunk JohnStrunk mentioned this issue Dec 7, 2022
Merged
4 tasks
This was linked to pull requests Dec 7, 2022
Add controller code for rsync-tls mover #511
Merged
rsync-tls: Add documentation for new rsync-tls mover #516
Merged
Add new rsync-tls mover #510
Merged
@JohnStrunk
Copy link
Member Author

/reopen
Still needs #516

@openshift-ci openshift-ci bot reopened this Dec 14, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Dec 14, 2022

@JohnStrunk: Reopened this issue.

In response to this:

/reopen
Still needs #516

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JohnStrunk JohnStrunk

Labels
enhancement New feature or request
Projects
VolSync project tracking
Archived in project
VolSync work items
Assigned issues
Milestone
Version 0.7
2 participants
@JohnStrunk @pranavgaikwad