Re: container restart on logout


Daniel Jones
 

Plus one!

An implementation whereby the recycling behaviour can be feature-flagged by
space or globally would be nice, so you could turn it off whilst debugging
in a space, and then re-enable it when you've finished debugging via a
series of short-lived SSH sessions.

Regards,
Daniel Jones - CTO
+44 (0)79 8000 9153
@DanielJonesEB <https://twitter.com/DanielJonesEB>
*EngineerBetter* Ltd <http://www.engineerbetter.com> - UK Cloud Foundry
Specialists

On Tue, Dec 20, 2016 at 8:06 AM, DHR <lists(a)dhrapson.com> wrote:

Thanks Jon. The financial services clients I have worked with would also
like the ability to turn on ‘cf ssh’ support in production, safe in the
knowledge that app teams won’t abuse it by creating app snowflakes.

I see that the audit trail mentioned in the thread you posted have been
implemented in ‘cf events’. Like this:

time event actor
description
2016-12-19T16:20:36.00+0000 audit.app.ssh-authorized user index: 0
2016-12-19T15:30:33.00+0000 audit.app.ssh-authorized user index: 0
2016-12-19T12:00:53.00+0000 audit.app.ssh-authorized user index: 0


That said: I still think the container recycle functionality, available as
say a feature flag, would be really appreciated by the large enterprise
community.

On 19 Dec 2016, at 18:25, Jon Price <jon.price(a)intel.com> wrote:

This is something that has been on our wishlist as well but I haven't
seen any discussion about it in quite some time. Here is one of the
original discussions about it: https://lists.cloudfoundry.
org/archives/list/cf-dev(a)lists.cloudfoundry.org/thread/
GCFOOYRUT5ARBMUHDGINID46KFNORNYM/

It would go a long way with our security team if we could have some sort
of recycling policy for containers in some of our more secure environments.

Jon Price
Intel Corporation

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.