swift-storage should only allow connections from swift-proxy
Bug #1727463 reported by
David Ames
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Swift Storage Charm |
Fix Released
|
High
|
David Ames | ||
Bug Description
Implement ACLs to limit connectivity to swift-storage from the swift-proxy only.
The charm-helper modules ufw as seen in the memcached charm is the right solution.
| Changed in charm-swift-storage: | |
| status: | New → Triaged |
| importance: | Undecided → High |
| assignee: | nobody → David Ames (thedac) |
| milestone: | none → 17.11 |
| Changed in charm-swift-storage: | |
| status: | Triaged → In Progress |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to charm-swift-storage (master) | #1 |
| Changed in charm-swift-storage: | |
| status: | In Progress → Fix Committed |
| Changed in charm-swift-storage: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Reviewed: https:/
Committed: https:/
Submitter: Zuul
Branch: master
commit 5368af630294f79
Author: David Ames <email address hidden>
Date: Wed Nov 1 14:58:57 2017 -0700
Swift storage ACLs
Ensure that only the swift-proxy units and swift-storage peers have
access to direct communication with swift storage daemons.
Charm-helpers sync to include ufw module and the ingress_address and
iter_
Please review and merge first:
https:/
Closes-Bug: #1727463
Change-Id: Id5677edbc40b0b