Expose and secure Vertica Management Console
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack DBaaS (Trove) |
In Progress
|
High
|
Craig Vyvial | ||
Bug Description
The Management console have a dbadmin user and a builtin password, which is baked into the vertica image. On the instance boot, the prepare function should start the vconsole process and change the vconsole dbadmin user password to the auto generated dbadmin password. This is done to secure the vconsole, so that no one can use the password, that is baked in the image, to login to the vconsole. The first time when the db is created, the MC dbadmin user's password should get changed to the dbadmin password and the db is imported. Also if somehow the dbadmin password fails to change, the vconsole process is stopped, to ensure no one can log in with the baked-in password. After the successful completion of the dbadmin password change process, the auto start feature should be enabled, so that the vconsole process starts automatically on instance reboot.
The first time root is enabled on an instance, a root user should be created in the Management Console with the user supplied password or an auto-generate password. From the next time, whenever the root password is changed, the root user password for the MC should also get changed.
| Changed in trove: | |
| assignee: | nobody → Mayuri Ganguly (mayuri-ganguly) |
| Changed in trove: | |
| status: | New → In Progress |
| Changed in trove: | |
| assignee: | Mayuri Ganguly (mayuri-ganguly) → Saurabh Surana (saurabh-surana) |
| Changed in trove: | |
| assignee: | Saurabh Surana (saurabh-surana) → Mayuri Ganguly (mayuri-ganguly) |
| OpenStack Infra (hudson-openstack) wrote Fix proposed to trove (master) | #1 |
| OpenStack Infra (hudson-openstack) wrote Change abandoned on trove (master) | #2 |
| Changed in trove: | |
| importance: | Undecided → High |
| milestone: | none → liberty-rc1 |
| Changed in trove: | |
| assignee: | Mayuri Ganguly (mayuri-ganguly) → Sharika (sharika-pongubala) |
| Changed in trove: | |
| assignee: | Sharika (sharika-pongubala) → Mayuri Ganguly (mayuri-ganguly) |
| Changed in trove: | |
| assignee: | Mayuri Ganguly (mayuri-ganguly) → Saurabh Surana (saurabh-surana) |
| Changed in trove: | |
| assignee: | Saurabh Surana (saurabh-surana) → Mayuri Ganguly (mayuri-ganguly) |
| Changed in trove: | |
| assignee: | Mayuri Ganguly (mayuri-ganguly) → Sharika (sharika-pongubala) |
| Nikhil Manchanda (slicknik) wrote | #3 |
| Changed in trove: | |
| milestone: | liberty-rc1 → next |
| Changed in trove: | |
| assignee: | Sharika (sharika-pongubala) → Mayuri Ganguly (mayuri-ganguly) |
| Changed in trove: | |
| assignee: | Mayuri Ganguly (mayuri-ganguly) → Sharika (sharika-pongubala) |
| Changed in trove: | |
| assignee: | Sharika (sharika-pongubala) → Mayuri Ganguly (mayuri-ganguly) |
| Changed in trove: | |
| assignee: | Mayuri Ganguly (mayuri-ganguly) → Craig Vyvial (cp16net) |
| Changed in trove: | |
| assignee: | Craig Vyvial (cp16net) → Mayuri Ganguly (mayuri-ganguly) |
| Amrith Kumar (amrith) wrote | #4 |
| Changed in trove: | |
| assignee: | Mayuri Ganguly (mayuri-ganguly) → Craig Vyvial (cp16net) |
| milestone: | next → newton-1 |
| OpenStack Infra (hudson-openstack) wrote | #5 |
| Changed in trove: | |
| milestone: | newton-1 → ongoing |
Fix proposed to branch: master
Review: https:/