Bug #23968
closeddashboard module listens on all interfaces by default when enabled
0%
Description
I found myself unpleasantly surprised when I found that the ceph Dashboard is open to the Internet by default.
As per the documentation on http://docs.ceph.com/docs/master/mgr/dashboard/#configuration:
By default, the ceph-mgr daemon hosting the dashboard (i.e., the currently active manager) will bind to port 7000 and any available IPv4 or IPv6 address on the host.
Is this a good idea?
Wouldn't it be better to bind the Dashboard to localhost by default?
I'm not super enthusiastic about having a CherryPy app targeted at ceph admins running on the open Internet immediately after a ceph setup for security and DoS-ability reasons.
Updated by Volker Theile almost 6 years ago
Hello Niklas,
please fill out as much information as possible next time to help us to identify which version is affected by your report.
Thx
Updated by Volker Theile almost 6 years ago
@Niklas Are you refering to Luminous or Mimic?
Updated by Niklas Hambuechen almost 6 years ago
# ceph --version ceph version 12.2.4 (52085d5249a80c5f5121a76d6288429f35e4e77b) luminous (stable)
Updated by Volker Theile almost 6 years ago
- Affected Versions v12.2.4 added
- Affected Versions deleted (
v13.0.0)
Updated by Volker Theile almost 6 years ago
Is this a good idea?
Counterquestion, is it a good idea to run a Ceph cluster with at least >= 3 systems directly in the internet and not behind a firewall?
Updated by Niklas Hambuechen almost 6 years ago
Volker Theile wrote:
Counterquestion, is it a good idea to run a Ceph cluster with at least >= 3 systems directly in the internet and not behind a firewall?
Likely not (and my non-throwaway clusters run behind one), but my understanding was that all other operations are cephx-authenticated (or are there some that aren't), while the dashboard isn't.
Updated by John Spray almost 6 years ago
The ceph cluster's dashboard is not open by default -- it is turned off by default. It is up to whoever is switching it on to decide how to secure it.
At the point you enable the dashboard, you're starting the server, and it's reasonable to expect users to understand that starting the server is going to start serving requests.
Updated by John Spray almost 6 years ago
- Subject changed from ceph Dashboard is open to the Internet by default to dashboard module listens on all interfaces by default when enabled
Updated by Lenz Grimmer over 5 years ago
- Status changed from New to Won't Fix
Based on John's last comment, I'll go ahead and close this as "Won't Fix". The Ceph Manager Dashboard in Mimic and beyond is using SSL and has a login page to prevent unauthorized access.
Updated by Ernesto Puerta about 3 years ago
- Project changed from mgr to Dashboard
- Category changed from 132 to General