Public iSCSI targets on MAAS region controller
Blake Rouse
blake.rouse at canonical.com
Tue Nov 29 14:52:31 UTC 2016
Mark is correct. I responded to your question on askubuntu as well.
https://askubuntu.com/a/854984/295102
On Tue, Nov 29, 2016 at 9:46 AM, Mark Shuttleworth <mark at ubuntu.com> wrote:
> On 29/11/16 04:37, Jonas Wagner wrote:
> > I'd like to ask a question about how MAAS uses iSCSI. Apparently, the
> > MAAS region controller exposes iSCSI targets for supported Ubuntu
> > images. These are flagged as vulnerable by the Nessus scanner running
> > at our university.
> >
> > I've described this in more detail here:
> > https://askubuntu.com/questions/847854/maas-disable-iscsi-or-require-
> authentication
> >
> > I would be curious as to how MAAS uses these iSCSI targets. Is it
> > possible to make them available to the internal network only (where
> > the MAAS-managed cluster is) rather than the region controller's
> > external interface? Would MAAS break if we close the corresponding
> > ports in our firewall?
>
> I believe these are currently read-only boot volumes for ephemeral (i.e.
> ramdisk) Ubuntu used for enlistment and commissioning, as well as the OS
> installer during deployment. They should only need to be accessed by
> machine being enlisted, commissioned and deployed, so yes, it should be
> fine (and sensible) to screen them off.
>
> Mark
>
>
> --
> Maas-devel mailing list
> Maas-devel at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/maas-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/maas-devel/attachments/20161129/1bf5a166/attachment.html>
More information about the Maas-devel
mailing list