Bug 1566809 - [RFE] encrypt hieradata in the undercloud
Summary: [RFE] encrypt hieradata in the undercloud
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo
Version: 15.0 (Stein)
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: ---
Assignee: James Slagle
QA Contact: Arik Chernetsky
Depends On:
TreeView+ depends on / blocked
Reported: 2018-04-13 02:58 UTC by Ade Lee
Modified: 2018-04-23 15:06 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-04-23 15:06:58 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Ade Lee 2018-04-13 02:58:35 UTC
Description of problem:

On the undercloud, /etc/puppet/hieradata/puppet-stack-config.yaml
is used by puppet to populate all the configuration from the overcloud.

While the file and directory are accessible by root only, this data should be encrypted so as not to be in clear text.

Valid approaches could be:
   * Use hiera-yaml or hiera-vault perhaps?

Comment 1 Emilien Macchi 2018-04-23 15:06:58 UTC
With the containerized undercloud, /etc/puppet/ won't be used anymore and these files won't exist in that directory, so I'm closing it as it doesn't fit with our plans.

Note You need to log in before you can comment on or make changes to this bug.