Bug 1252087
Summary: | Secure memcached installation for overcloud | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Giulio Fidente <gfidente> |
Component: | rhosp-director | Assignee: | Yanis Guenane <yguenane> |
Status: | CLOSED CANTFIX | QA Contact: | Alexander Chuzhoy <sasha> |
Severity: | unspecified | Docs Contact: | |
Priority: | urgent | ||
Version: | 8.0 (Liberty) | CC: | emacchi, hbrock, mburns, rhel-osp-director-maint, security-response-team, yeylon, yprokule |
Target Milestone: | ga | Keywords: | Security, ZStream |
Target Release: | 8.0 (Liberty) | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | 1252083 | Environment: | |
Last Closed: | 2016-02-03 22:44:28 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1263696, 1304473, 1304493 | ||
Bug Blocks: |
Description
Giulio Fidente
2015-08-10 16:48:19 UTC
Based on the project documentation SASL is the mechanism to use to secure the memcached instances. The memcached package provided in base isn't compiled with SASL support, hence blocking this ticket. BZ posted https://bugzilla.redhat.com/show_bug.cgi?id=1263696 This can't be fixed without significant work upstream in OpenStack. The following components in OpenStack use memcached: keystone heat nova designate zaqar None of these currently have support for using a SASL configured memcached. memcached explicitly disables non-SASL connections when it's running with SASL. Also, SASL support would require a new python library which we currently don't ship (python-binary-memcached) because the current python-memcached doesn't support binary mode. Basically, to do this, we need to fix *each* of the above components to be able to use SASL auth with memcached (probably upstream). |