[Openstack-security] [Bug 1412393] Re: mariadb repo unnecessarily configured in all containers
Kevin Carter
kevin.carter at rackspace.com
Sun Feb 22 05:22:21 UTC 2015
In master galera_client is now a dependent role within other roles that
need to have it installed. This resolves this issue for master though we
should determine if this functionality is something that we want to
implement in Juno/Icehouse?
** Also affects: openstack-ansible/icehouse
Importance: Undecided
Status: New
** Also affects: openstack-ansible/trunk
Importance: Low
Status: Triaged
** Also affects: openstack-ansible/juno
Importance: Undecided
Status: New
** Changed in: openstack-ansible/trunk
Assignee: (unassigned) => Kevin Carter (kevin-carter)
** Changed in: openstack-ansible/trunk
Status: Triaged => Fix Committed
** Changed in: openstack-ansible/juno
Status: New => Triaged
** Changed in: openstack-ansible/icehouse
Status: New => Triaged
** Changed in: openstack-ansible/juno
Importance: Undecided => Low
** Changed in: openstack-ansible/icehouse
Importance: Undecided => Low
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1412393
Title:
mariadb repo unnecessarily configured in all containers
Status in Ansible playbooks for deploying OpenStack:
Fix Committed
Status in openstack-ansible icehouse series:
Triaged
Status in openstack-ansible juno series:
Triaged
Status in openstack-ansible trunk series:
Fix Committed
Bug description:
The mariadb repo is unnecessarily configured on every host and in
every container. The repo should only configured for containers and
hosts that require access to the database.
In order to provide a more secure-by-default installation, the /root/.my.cnf client configuration should only placed where necessary - the utility container is likely to be the only location that requires it as all DB access by services are done through explicit configuration with a restricted DB user.
Another set of containers it should perhaps be placed into would be the galera containers themselves.
To manage notifications about this bug go to:
https://bugs.launchpad.net/openstack-ansible/+bug/1412393/+subscriptions
More information about the Openstack-security
mailing list