Bug 828498 - [RFE] Remove hard coded postgres password in /usr/share/aeolus-configure/modules/aeolus/manifests/conductor.pp
[RFE] Remove hard coded postgres password in /usr/share/aeolus-configure/modu...
Status: CLOSED WONTFIX
Product: CloudForms Cloud Engine
Classification: Red Hat
Component: aeolus-configure (Show other bugs)
1.0.0
Unspecified Unspecified
medium Severity high
: rc
: ---
Assigned To: John Eckersberg
Rehana
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-04 15:47 EDT by Ricky Nelson
Modified: 2013-09-19 16:54 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-09-19 16:54:06 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ricky Nelson 2012-06-04 15:47:48 EDT
The /usr/share/aeolus-configure/modules/aeolus/manifests/conductor.pp file contains the password for the aeolus postgres user.

Perhaps a better method is to regenerate the password on the fly so that it's not always hard-coded.

BZ 805436 seemed related to this, but perhaps this BZ is more specific.
Comment 2 Justin Clift 2012-09-11 15:24:01 EDT
There are (at least) two appropriate usages here that need to be taken into account:

 a) Secure environment use (ie production environment)

    This will need the password randomized when a server
    is brought up.  Probably suited to aeolus-configure.

    The randomized password also _must not_ be viewable
    in a world readable file.


 b) Fast and easy use (ie personal developers desktop)

    Having to manually look up the newly generated password
    each time aeolus-configure is run, could be a pain
    for developers.

    Having an easy way to get the randomized password
    into .pgpass for developers will probably take care
    of this though.  (once per configure run)

Note You need to log in before you can comment on or make changes to this bug.