Ask Your Question
0

DoD Storage

asked 2017-01-18 10:05:58 -0500

md_network_engineer gravatar image

I'm building an Openstack cloud as a proof of concept and something we may move to in the future. I work in a DoD environment which requires additional securing of systems. The host OS I have choose is RHEL 7.

I am currently in the process of installing RHEL 7 and following the STIG guidelines. How should I allocate the storage for each partition? Will RHEL 7 be needed on every server I include in the stack? (From what I've read, yes) I have 8 HP DL60 Gen 8 Servers with 2 72GB Hard drives, 16 300GB Hard drives, and 18 250GB SSD. What is the best way to spread out that storage across the stack?

The STIG guide says I need to have separate partitions for these sections: /swap /boot / /home /opt /var/log /var/log/audit/ /var /tmp

Thanks in advance for your time!

edit retag flag offensive close merge delete

Comments

You don't need homogenous operating systems, although it probably simplifies things a lot. The partitions you mention are for the operating system setup on the servers and have nothing to do with cloud storage. How you spread storage over the cloud depends on factors that you haven't provided.

Bernd Bausch gravatar imageBernd Bausch ( 2017-01-18 18:09:56 -0500 )edit

Check the architecture guide for options and decision making help. Thoughts: Do you want object storage? Use Swift or Ceph. Block volume storage? You can set up storage nodes using the LVM/iSCSI driver, or again Ceph. LVM nodes can also be used as Compute nodes, Ceph nodes should probably not.

Bernd Bausch gravatar imageBernd Bausch ( 2017-01-18 18:11:57 -0500 )edit

1 answer

Sort by ยป oldest newest most voted
0

answered 2017-02-28 12:46:21 -0500

I would recommend you read the OpenStack security guide storage checklist(https://docs.openstack.org/security-guide/block-storage/checklist.html).

If you are into automation, I thoroughly recommend that you checkout, OpenStack Ansible security (https://github.com/openstack/openstack-ansible-security (https://github.com/openstack/openstac...)), which follows the STIG guidelines and automates security needs for your deployment.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

Stats

Asked: 2017-01-18 10:05:58 -0500

Seen: 84 times

Last updated: Feb 28 '17