Creation of Security Guidelines Documentation

https://blueprints.launchpad.net/sahara/+spec/security-guidelines-doc

As Sahara increases in functionality and complexity, the need for clear, concise documentation grows. This is especially true for security related topics as they are currently under-represented. This specification proposes the creation of a document that will provide a source for security related topics, guides, and instructions as they pertain to Sahara.

Problem description

There is currently a distinct lack of centralized, security related, documentation for Sahara. Several features have been implemented to address security shortfalls and they could use broadened discussions of their application and proper usage. Additionally there is no current documentation which discusses the specific procedures for securing the individual plugin technologies at use within Sahara.

Proposed change

This specification proposes the creation of Sahara specific documentation addressing the security concerns of users and operators. This documentation will cover current features, best practices, and guidelines for installing and operating Sahara.

The documentation generated by this effort will be included in the OpenStack Security Guide[1]. Bug patches will be generated against the current OpenStack manuals, and the OpenStack Security Group will be engaged with respect to finalizing and including the documentation.

The process will be broken down into sub-chapter sections that will make up a Sahara chapter for the OpenStack Security Guide. Initially these sub-chapters will include; Sahara controller installs, current feature discussions, and plugin specific topics.

The information provided is intended to be updated as new methodologies, plugins, and features are implemented. It will also be open to patching through the standard OpenStack workflows by the community at large.

Alternatives

Creation of a separate document managed by the Sahara team outside the purview of the OpenStack manuals, and distributed through the Sahara documentation. This solution would be non-ideal as it creates an alternate path for OpenStack manuals that is outside the expected locations for end users.

Creation of a separate document as above with the exception that it will be maintained with the other OpenStack manuals. This option might be more plausible than the previous, but it still suffers from the problem of creating an alternate location for security related guidelines that is separate from the official manual. It also bears the burden of creating a new project within the manuals infrastructure.

Data model impact

None

REST API impact

None

Other end user impact

None

Deployer impact

None

Developer impact

None

Sahara-image-elements impact

None

Sahara-dashboard / Horizon impact

None

Implementation

Assignee(s)

Primary assignee:

mimccune (Michael McCune)

Other contributors:

None

Work Items

  • Create a bug against the OpenStack manuals for Sahara chapter inclusion

  • Create the documentation and change requests for the following sub-chapters:

    • Sahara controller install guides, with security related focus

    • Feature discussions and examples

    • plugin specific topics

      • Hadoop

      • Spark

      • Storm

Dependencies

None

Testing

Format testing as provided by the security guide project.

Documentation Impact

This specification proposes the creation of hypertext and PDF documentation.

References

[1]: http://docs.openstack.org/security-guide/content/ch_preface.html