[Openstack-security] [Bug 1412393] Re: mariadb repo unnecessarily configured in all containers
Kevin Carter
kevin.carter at rackspace.com
Fri May 8 21:05:17 UTC 2015
** Changed in: openstack-ansible/trunk
Status: Fix Committed => Invalid
** Changed in: openstack-ansible/juno
Status: Triaged => Confirmed
** Changed in: openstack-ansible/icehouse
Status: Triaged => Confirmed
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1412393
Title:
mariadb repo unnecessarily configured in all containers
Status in Ansible playbooks for deploying OpenStack:
Invalid
Status in openstack-ansible icehouse series:
Confirmed
Status in openstack-ansible juno series:
Confirmed
Status in openstack-ansible trunk series:
Invalid
Bug description:
The mariadb repo is unnecessarily configured on every host and in
every container. The repo should only configured for containers and
hosts that require access to the database.
In order to provide a more secure-by-default installation, the /root/.my.cnf client configuration should only placed where necessary - the utility container is likely to be the only location that requires it as all DB access by services are done through explicit configuration with a restricted DB user.
Another set of containers it should perhaps be placed into would be the galera containers themselves.
To manage notifications about this bug go to:
https://bugs.launchpad.net/openstack-ansible/+bug/1412393/+subscriptions
More information about the Openstack-security
mailing list