[Openstack-security] [Bug 1412393] Re: mariadb repo unnecessarily configured in all containers
Kevin Carter
kevin.carter at rackspace.com
Mon Jan 19 19:44:31 UTC 2015
** Changed in: openstack-ansible
Importance: Medium => Low
** Changed in: openstack-ansible
Milestone: None => next
** Changed in: openstack-ansible
Status: New => Triaged
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1412393
Title:
mariadb repo unnecessarily configured in all containers
Status in Ansible playbooks for deploying OpenStack:
Triaged
Bug description:
The mariadb repo is unnecessarily configured on every host and in
every container. The repo should only configured for containers and
hosts that require access to the database.
In order to provide a more secure-by-default installation, the /root/.my.cnf client configuration should only placed where necessary - the utility container is likely to be the only location that requires it as all DB access by services are done through explicit configuration with a restricted DB user.
Another set of containers it should perhaps be placed into would be the galera containers themselves.
To manage notifications about this bug go to:
https://bugs.launchpad.net/openstack-ansible/+bug/1412393/+subscriptions
More information about the Openstack-security
mailing list