Bug 1566803 - [RFE] Encrypt config-download ansible output in the undercloud
Summary: [RFE] Encrypt config-download ansible output in the undercloud
Status: NEW
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo
Version: unspecified
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: ---
Assignee: James Slagle
QA Contact: Omri Hochman
Depends On:
TreeView+ depends on / blocked
Reported: 2018-04-13 02:47 UTC by Ade Lee
Modified: 2020-10-08 15:17 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:
Target Upstream Version:

Attachments (Terms of Use)

Description Ade Lee 2018-04-13 02:47:52 UTC
Description of problem:

Every overcloud deployment via config-download stores all the ansible roles,playbooks and variables at /var/lib/mistral/*.  This includes passwords for the overcloud deployment.

We need to figure out how to encrypt this data at rest.  Most likely this involves the use of ansible-vault.

Comment 1 Jaromir Coufal 2019-06-14 16:01:41 UTC
Security driven feature, moving to relevant DFG

Note You need to log in before you can comment on or make changes to this bug.