Bug 1566803 - [RFE] Encrypt config-download ansible output in the undercloud
Summary: [RFE] Encrypt config-download ansible output in the undercloud
Keywords:
Status: NEW
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: James Slagle
QA Contact: Omri Hochman
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-13 02:47 UTC by Ade Lee
Modified: 2020-10-08 15:17 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:


Attachments (Terms of Use)

Description Ade Lee 2018-04-13 02:47:52 UTC
Description of problem:

Every overcloud deployment via config-download stores all the ansible roles,playbooks and variables at /var/lib/mistral/*.  This includes passwords for the overcloud deployment.

We need to figure out how to encrypt this data at rest.  Most likely this involves the use of ansible-vault.

Comment 1 Jaromir Coufal 2019-06-14 16:01:41 UTC
Security driven feature, moving to relevant DFG


Note You need to log in before you can comment on or make changes to this bug.