Bug 1566809

Summary: [RFE] encrypt hieradata in the undercloud
Product: Red Hat OpenStack Reporter: Ade Lee <alee>
Component: openstack-tripleoAssignee: James Slagle <jslagle>
Status: CLOSED WONTFIX QA Contact: Arik Chernetsky <achernet>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 15.0 (Stein)CC: emacchi, mburns, rhel-osp-director-maint
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-23 15:06:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ade Lee 2018-04-13 02:58:35 UTC 
Description of problem:

On the undercloud, /etc/puppet/hieradata/puppet-stack-config.yaml
is used by puppet to populate all the configuration from the overcloud.

While the file and directory are accessible by root only, this data should be encrypted so as not to be in clear text.

Valid approaches could be:
   * Use hiera-yaml or hiera-vault perhaps?
Comment 1 Emilien Macchi 2018-04-23 15:06:58 UTC 
With the containerized undercloud, /etc/puppet/ won't be used anymore and these files won't exist in that directory, so I'm closing it as it doesn't fit with our plans.