Bug 828498

Summary: [RFE] Remove hard coded postgres password in /usr/share/aeolus-configure/modules/aeolus/manifests/conductor.pp
Product: [Retired] CloudForms Cloud Engine Reporter: Ricky Nelson <rnelson>
Component: aeolus-configureAssignee: John Eckersberg <jeckersb>
Status: CLOSED WONTFIX QA Contact: Rehana <aeolus-qa-list>
Severity: high Docs Contact:
Priority: medium    
Version: 1.0.0CC: dajohnso, jclift, morazi
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-09-19 20:54:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ricky Nelson 2012-06-04 19:47:48 UTC 
The /usr/share/aeolus-configure/modules/aeolus/manifests/conductor.pp file contains the password for the aeolus postgres user.

Perhaps a better method is to regenerate the password on the fly so that it's not always hard-coded.

BZ 805436 seemed related to this, but perhaps this BZ is more specific.
Comment 2 Justin Clift 2012-09-11 19:24:01 UTC 
There are (at least) two appropriate usages here that need to be taken into account:

 a) Secure environment use (ie production environment)

    This will need the password randomized when a server
    is brought up.  Probably suited to aeolus-configure.

    The randomized password also _must not_ be viewable
    in a world readable file.


 b) Fast and easy use (ie personal developers desktop)

    Having to manually look up the newly generated password
    each time aeolus-configure is run, could be a pain
    for developers.

    Having an easy way to get the randomized password
    into .pgpass for developers will probably take care
    of this though.  (once per configure run)