Bug 1566803 - [RFE] Encrypt config-download ansible output in the undercloud
Summary: [RFE] Encrypt config-download ansible output in the undercloud
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: James Slagle
QA Contact: Omri Hochman
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-13 02:47 UTC by Ade Lee
Modified: 2022-08-10 16:57 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-07-29 14:14:55 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker OSP-6285 0 None None None 2022-08-10 16:57:31 UTC

Description Ade Lee 2018-04-13 02:47:52 UTC 
Description of problem:

Every overcloud deployment via config-download stores all the ansible roles,playbooks and variables at /var/lib/mistral/*.  This includes passwords for the overcloud deployment.

We need to figure out how to encrypt this data at rest.  Most likely this involves the use of ansible-vault.
Comment 1 Jaromir Coufal 2019-06-14 16:01:41 UTC 
Security driven feature, moving to relevant DFG
Comment 2 Harry Rybacki 2021-07-29 14:14:55 UTC 
This bug has been closed as WONTFIX due to limited activity.  If you believe this has been closed in error, please re-open and provide a comment telling us why this bug is important to you and provide a link to your active support case.  Thank you for your help!
Note You need to log in before you can comment on or make changes to this bug.