1.2. Security Considerations
Important
LOCKSS 2.0-alpha3 is a technology preview, not yet suitable for production environments.
Although the LOCKSS software itself and especially the LOCKSS peer-to-peer protocol remain as secure as ever, the operating environment for alpha versions of LOCKSS 2.0 is still being hardened. Please read about the security considerations below that are relevant as of LOCKSS 2.0-alpha3.
1.2.1. Networking
LOCKSS 2.0-alpha3 is the first version of the LAAWS (LOCKSS Architected As Web Services) initiative deployed in a Kubernetes environment. The Kubernetes networking model is sophisticated and requires complex interactions with the host operating system’s network and firewall stacks. LOCKSS 2.0-alpha3, for the purposes of demonstrating basic functionality, requires disabling any of the user-friendly wrappers around iptables
, such as firewalld
or ufw
, which can interfere with Kubernetes’ iptables
manipulations. Better integration with these firewall wrappers will arrive in LOCKSS 2.0-alpha4.
1.2.2. System Privileges
Likewise, to demonstrate basic functionality, LOCKSS 2.0-alpha3 runs as a dedicated lockss
system user with sudo
privileges. This requirement will be relaxed in future versions as we integrate better with the underlying operating system.