Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Periodic restart of SolrCloud pods #3087

Closed
1 task done
mogul opened this issue Apr 8, 2021 · 2 comments
Closed
1 task done

Periodic restart of SolrCloud pods #3087

mogul opened this issue Apr 8, 2021 · 2 comments
Assignees
@nickumia-reisys
Labels
compliance Relating to security compliance or documentation component/solr-service Related to Solr-as-a-Service, a brokered Solr offering component/ssb
Milestone
Sprint 20220317

Comments

@mogul
Copy link
Contributor

mogul commented Apr 8, 2021
edited
Loading

User Story

In order to implement an alternative to NIST control SI-3, the SSB should do rolling restarts of SolrCloud pods every 15 minutes.

Acceptance Criteria

[ACs should be clearly demoable/verifiable whenever possible. Try specifying them using BDD.]

  • GIVEN I have administrative access to a provisioned EKS instance
    WHEN I check the ages of all the running SolrCloud pods
    THEN I see that no pod is older than 15 minutes
    AND I can see that the deployment had rolling restarts about 15 minutes apart.

Background

[Any helpful contextual notes or links to artifacts/evidence, if needed]
See control SI-3 in our SSP.

Security Considerations (required)

This is an alternative to NIST control SI-3. By restarting pods periodically we're ensuring that any compromised pod is only useful for the attacker for a short window of time. An attacker would also have to generate more log traffic to keep compromising pods when they get restarted.

Sketch

[Notes or a checklist reflecting our understanding of the selected approach]

Solr-operator specific solution

More general solution for any EKS workload
@jbrown-xentity jbrown-xentity added the compliance Relating to security compliance or documentation label Sep 23, 2021
@mogul mogul moved this to Icebox in data.gov team board Dec 3, 2021
@mogul mogul changed the title Periodic restart of pods Periodic restart of SolrCloud pods Jan 27, 2022
@nickumia-reisys nickumia-reisys removed their assignment Feb 18, 2022
@mogul
Copy link
Contributor Author

mogul commented Feb 24, 2022

Nick had turned this on using the solr-operator's native support, but we turned it off while we were figuring out the persistent volume issues. It needs to be turned back on.

@mogul
Copy link
Contributor Author

mogul commented Mar 16, 2022

@nickumia-reisys this is back on, right? If so can we mark this done?

@nickumia-reisys nickumia-reisys self-assigned this Mar 17, 2022
@mogul mogul closed this as completed Mar 17, 2022
Repository owner moved this from Icebox to Product Backlog in data.gov team board Mar 17, 2022
@hkdctol hkdctol removed the status in data.gov team board Aug 2, 2022
@nickumia-reisys nickumia-reisys added the component/solr-service Related to Solr-as-a-Service, a brokered Solr offering label Oct 7, 2023
@nickumia-reisys nickumia-reisys moved this to 🗄 Closed in data.gov team board Oct 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nickumia-reisys nickumia-reisys

Labels
compliance Relating to security compliance or documentation component/solr-service Related to Solr-as-a-Service, a brokered Solr offering component/ssb
Projects
data.gov team board
Archived in project
Milestone
Sprint 20220317
Development

No branches or pull requests
3 participants
@mogul @jbrown-xentity @nickumia-reisys