swift-storage should only allow connections from swift-proxy
Bug #1727463 reported by
David Ames
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Swift Storage Charm |
Fix Released
|
High
|
David Ames |
Bug Description
Implement ACLs to limit connectivity to swift-storage from the swift-proxy only.
The charm-helper modules ufw as seen in the memcached charm is the right solution.
Changed in charm-swift-storage: | |
status: | New → Triaged |
importance: | Undecided → High |
assignee: | nobody → David Ames (thedac) |
milestone: | none → 17.11 |
Changed in charm-swift-storage: | |
status: | Triaged → In Progress |
Changed in charm-swift-storage: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/517115 /git.openstack. org/cgit/ openstack/ charm-swift- storage/ commit/ ?id=5368af63029 4f796acbc776448 dad68f3e16edff
Committed: https:/
Submitter: Zuul
Branch: master
commit 5368af630294f79 6acbc776448dad6 8f3e16edff
Author: David Ames <email address hidden>
Date: Wed Nov 1 14:58:57 2017 -0700
Swift storage ACLs
Ensure that only the swift-proxy units and swift-storage peers have
access to direct communication with swift storage daemons.
Charm-helpers sync to include ufw module and the ingress_address and units_for_ relation_ name functions.
iter_
Please review and merge first: /github. com/juju/ charm-helpers/ pull/35
https:/
Closes-Bug: #1727463
Change-Id: Id5677edbc40b0b 891cbe66867d39d 076a94c5436