tripleo

Implement auth on mongodb

Bug #1665308 reported by Luke Hinds on 2017-02-16

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Expired	Undecided	Unassigned	tripleo stein-2

Bug Description

Mongodb currently runs with noauth on the undercloud / controller roles.

The current arch is not exposing a security risk as on the undercloud the bind_ip is 127.0.0.1 (for zaqar DB) and on the controller listening is restricted to the internal API network "InternalApiNetCidr" (for ceilometers DB).

It is still however a prudent effort to further 'shore up' extras layers of defence by implementing auth.

Tags:

Luke Hinds (lhinds) on 2017-02-16

Changed in tripleo:
importance:	Undecided → Medium

Emilien Macchi (emilienm) on 2017-02-17

Changed in tripleo:
importance:	Medium → High

Emilien Macchi (emilienm) on 2017-07-30

Changed in tripleo:
milestone:	pike-3 → pike-rc1

Revision history for this message

Ben Nemec (bnemec) wrote on 2017-08-09:

Given that this is a security layering bug (so not an immediate vulnerability) and adding auth to a service which previously didn't have it is likely to be a somewhat invasive change, I'm going to move it out to Queens. I'd prefer to do something like this early in the cycle so we have time to tease out issues, especially with composable services that may not be well-tested in ci.

Changed in tripleo:
milestone:	pike-rc1 → queens-1

Emilien Macchi (emilienm) on 2017-10-23

Changed in tripleo:
milestone:	queens-1 → queens-2

Alex Schultz (alex-schultz) on 2017-12-05

Changed in tripleo:
milestone:	queens-2 → queens-3

Emilien Macchi (emilienm) on 2018-01-26

Changed in tripleo:
milestone:	queens-3 → queens-rc1

Alex Schultz (alex-schultz) on 2018-03-02

Changed in tripleo:
milestone:	queens-rc1 → rocky-1

Alex Schultz (alex-schultz) on 2018-04-20

Changed in tripleo:
milestone:	rocky-1 → rocky-2

Emilien Macchi (emilienm) on 2018-06-05

Changed in tripleo:
milestone:	rocky-2 → rocky-3

Emilien Macchi (emilienm) on 2018-07-26

Changed in tripleo:
milestone:	rocky-3 → rocky-rc1

Alex Schultz (alex-schultz) on 2018-08-14

Changed in tripleo:
milestone:	rocky-rc1 → stein-1

Juan Antonio Osorio Robles (juan-osorio-robles) on 2018-10-30

Changed in tripleo:
milestone:	stein-1 → stein-2

Revision history for this message

Emilien Macchi (emilienm) wrote on 2018-12-29: Cleanup EOL bug report

This is an automated cleanup. This bug report has been closed because it
is older than 18 months and there is no open code change to fix this.
After this time it is unlikely that the circumstances which lead to
the observed issue can be reproduced.

If you can reproduce the bug, please:
* reopen the bug report (set to status "New")
* AND add the detailed steps to reproduce the issue (if applicable)
* AND leave a comment "CONFIRMED FOR: <RELEASE_NAME>"
Only still supported release names are valid (FUTURE, PIKE, QUEENS, ROCKY, STEIN).
Valid example: CONFIRMED FOR: FUTURE

Changed in tripleo:
importance:	High → Undecided
status:	Triaged → Expired

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.