We need a secure Redis install for use as queue and result store for Celery (via collective.celery), which will be used by collective.documentviewer (document extraction, viewing), wildcard.media (video), and our own form/reporting tasks that should be moved to asynchronous model as soon as possible.
Requirements
Redis must be accessible over IPv4 by qits2, but ONLY if protected by TLS transport (requires a tunnel).
Redis must be accessible locally over
Connections to Redis must be limited (iptables) to qits1 (localhost or domain-socket) and by qits2.
We should use authentication.
Secure install
Assumptions:
Redis will run on qits1, as memory overhead should be minimal for our purposes in running a task queue, and performance of queuing ought to be better doing this.
Celery worker (instance) will run on qits2, much like current plone.app.async worker does, with access to ZODB over TLS/TCP for PostgreSQL/RelStorage, and over sshfs+fuse for blobstorage. In order to access the message queue on qits1, some form of secure and encrypted access must be created across the machines.
To secure redis, we should:
Use AUTH, using site.cfg for stored cleartext URIs.
BIND to localhost (IPv4), only.
We bind to only localhost if we use stunnel, spiped, or ssh to provide access from qits2.
We likely default to trying SSH tunnel first, as we are already doing this for sshfs from qits2.
iptables will by default block incoming TCP to non-local interfaces on port 6379, so we need to take no action. We will not permit any connections from qits1 if an existing tunnel technology requires no special port (an argument in favor of using SSH over a TLS tunnel).
If we are particularly paranoid, we might consider constraining binding to only UNIX domain sockets, with no TCP; however, doing this would require use of socat as an additional tunnel wrapping use of SSH tunnel.
We should obfuscate CONFIG over TCP or by any client via rename-command CONFIG SOME_RANDOM_STRING_LIKE_UUID_ETC_HERE
We need a secure Redis install for use as queue and result store for Celery (via collective.celery), which will be used by collective.documentviewer (document extraction, viewing), wildcard.media (video), and our own form/reporting tasks that should be moved to asynchronous model as soon as possible.
Requirements
Secure install
Assumptions:
To secure redis, we should:
rename-command CONFIG SOME_RANDOM_STRING_LIKE_UUID_ETC_HEREReferences
Sean