Bug 828498 - [RFE] Remove hard coded postgres password in /usr/share/aeolus-configure/modules/aeolus/manifests/conductor.pp
Summary: [RFE] Remove hard coded postgres password in /usr/share/aeolus-configure/modu...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: CloudForms Cloud Engine
Classification: Retired
Component: aeolus-configure
Version: 1.0.0
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: rc
Assignee: John Eckersberg
QA Contact: Rehana
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-06-04 19:47 UTC by Ricky Nelson
Modified: 2018-12-02 19:08 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-09-19 20:54:06 UTC
Embargoed:

Attachments (Terms of Use)

Description Ricky Nelson 2012-06-04 19:47:48 UTC 
The /usr/share/aeolus-configure/modules/aeolus/manifests/conductor.pp file contains the password for the aeolus postgres user.

Perhaps a better method is to regenerate the password on the fly so that it's not always hard-coded.

BZ 805436 seemed related to this, but perhaps this BZ is more specific.
Comment 2 Justin Clift 2012-09-11 19:24:01 UTC 
There are (at least) two appropriate usages here that need to be taken into account:

 a) Secure environment use (ie production environment)

    This will need the password randomized when a server
    is brought up.  Probably suited to aeolus-configure.

    The randomized password also _must not_ be viewable
    in a world readable file.


 b) Fast and easy use (ie personal developers desktop)

    Having to manually look up the newly generated password
    each time aeolus-configure is run, could be a pain
    for developers.

    Having an easy way to get the randomized password
    into .pgpass for developers will probably take care
    of this though.  (once per configure run)
Note You need to log in before you can comment on or make changes to this bug.