Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1599194

Summary: Need to change parameter SECRET_KEY from 21 to 64 characters
Product: Red Hat OpenStack Reporter: Eduard Barrera <ebarrera>
Component: openstack-tripleo-heat-templatesAssignee: Emilien Macchi <emacchi>
Status: CLOSED ERRATA QA Contact: Udi Kalifon <ukalifon>
Severity: low Docs Contact:
Priority: high    
Version: 8.0 (Liberty)CC: athomas, emacchi, jrist, mburns, mrunge, rdopiera, srevivo
Target Milestone: betaKeywords: Triaged, ZStream
Target Release: 14.0 (Rocky)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-9.0.1-0.20181013060872.el7ost Doc Type: Enhancement
Doc Text:
Feature: The length of the automatically generated SECRET_KEY has been increased to 64 characters. Reason: Recommendation at https://docs.openstack.org/security-guide/dashboard/secret-key.html Result: Change of SECRET_KEY will invalidate all active user sessions.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-01-11 11:50:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Eduard Barrera 2018-07-09 07:38:17 UTC 
Description of problem:

for audit compliance it is needed to change the SECRET_KEY parameter on /etc/openstack-dashboard/local_settings from 21 to 64 characters.


Version-Release number of selected component (if applicable):
OSP 8

AFAIK secret must be changed /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py

It also required to know the implication and the impact this changes may have on a production system.
Comment 1 Radomir Dopieralski 2018-07-09 08:56:28 UTC 
/etc/openstack-dashboard/local_settings and /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py are the same file (one is a symlink to the other).

Change of SECRET_KEY will invalidate all active user sessions and will require the users to re-login into Horizon.

Is there anything else you need?
Comment 2 Radomir Dopieralski 2018-07-09 14:53:44 UTC 
The SECRET_KEY setting can be overridden in Director as the HorizonSecret parameter.
Comment 7 Udi Kalifon 2018-11-19 08:16:39 UTC 
Verified in: openstack-tripleo-heat-templates-9.0.1-0.20181013060879.el7ost.noarch
Comment 9 errata-xmlrpc 2019-01-11 11:50:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2019:0045