Skip to end of metadata
Go to start of metadata

Roles and Responsibilities

Operations will be responsible for keeping the following role up to date.

Base.yml

TFA (RSA)

SSHD/SSHD_ADMIN
SUDO

ACCOUNTS

FIREWALL (machine)

FIREWALL (AWS)
FAIL2BAN
RSYSLOG
PAM
POSTFIX

Other roles will be a collaborative effort between multiple WBSs. For instance, the 'git' role was added to aid in the XRAS production instance; however, it was written to be generic enough to be reused by other groups.

GIT

XSEDE's AWS ansible git repository is located at xansible.nics.utk.edu:/XSEDE/XSEDE_AWS.git

To get access to this repository, you must first have an account on XANSIBLE and have a TFA device. This will get you read-only access to the repository.

git clone ssh://<USERNAME>@xansible.nics.utk.edu:/XSEDE/XSEDE_AWS.git

If you would like to contribute to the repository, please send an RT request, including your XSEDE username, to be added to the appropriate group. 

Firewall Exceptions

1) Submit an RT ticket to request firewall exception. Ticket to be assigned to operations.

2) List the following items

  • source ip(s) - try to be as restrictive as possible
  • destination ip(s) 
  • port(s)
  • protocol(s)
  • machine(s) on which to apply the rules

3) Operations will update the AWS firewall rules and the FIREWALLD service and update the git repository with this information.

4) Operations will reply to ticket and will wait for confirmation that firewall rules are working. Operations to resolve ticket

  • No labels