TripleO should configure and validate server_certs_key_passphrase to be 32 chars long
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
Undecided
|
Nir Magnezi |
Bug Description
Description of problem:
Initially reported here: https:/
The following patches added support for Octavia configuration option named: server_
tripleo-
tripleo-common https:/
puppet-octavia https:/
with those, TripleO will auto-generate a passphrase to avoid from falling back to a non-secure default passphrase.
The mentioned passphrase is used for Fernet key and should be 32 characters long. see: https:/
We should:
1. Generate passphrase in that length.
2. Validate that operator-provided passphrase obeys the same rule.
Changed in tripleo: | |
assignee: | nobody → Nir Magnezi (nmagnezi) |
description: | updated |
description: | updated |
description: | updated |
Changed in tripleo: | |
status: | New → In Progress |
Related fix proposed to branch: stable/stein /review. opendev. org/669657
Review: https:/