keystone, swift-proxy, cinder glance charms use haproxy with a predictable stats username and password
Bug #1459420 reported by
David Ames
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Charm Helpers |
Fix Released
|
High
|
James Page | ||
cinder (Juju Charms Collection) |
Fix Released
|
High
|
Unassigned | ||
glance (Juju Charms Collection) |
Fix Released
|
High
|
Unassigned | ||
keystone (Juju Charms Collection) |
Fix Released
|
High
|
Unassigned | ||
swift-proxy (Juju Charms Collection) |
Fix Released
|
High
|
Unassigned |
Bug Description
The charms setup haproxy with a stats monitor on port 8888
The username and password are predictable
At the very least the password should be randomized or configurable
Related branches
lp:~james-page/charm-helpers/haproxy-stats-1.6
- Liam Young (community): Approve
-
Diff: 158 lines (+46/-9)3 files modifiedcharmhelpers/contrib/openstack/context.py (+12/-2)
charmhelpers/contrib/openstack/templates/haproxy.cfg (+3/-2)
tests/contrib/openstack/test_os_contexts.py (+31/-5)
Changed in swift-proxy (Juju Charms Collection): | |
status: | New → Triaged |
Changed in keystone (Juju Charms Collection): | |
status: | New → Triaged |
Changed in glance (Juju Charms Collection): | |
status: | New → Triaged |
Changed in cinder (Juju Charms Collection): | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in glance (Juju Charms Collection): | |
importance: | Undecided → High |
Changed in keystone (Juju Charms Collection): | |
importance: | Undecided → High |
Changed in swift-proxy (Juju Charms Collection): | |
importance: | Undecided → High |
Changed in cinder (Juju Charms Collection): | |
milestone: | none → 15.10 |
Changed in glance (Juju Charms Collection): | |
milestone: | none → 15.10 |
Changed in keystone (Juju Charms Collection): | |
milestone: | none → 15.10 |
Changed in swift-proxy (Juju Charms Collection): | |
milestone: | none → 15.10 |
Changed in cinder (Juju Charms Collection): | |
milestone: | 15.10 → 16.01 |
Changed in glance (Juju Charms Collection): | |
milestone: | 15.10 → 16.01 |
Changed in keystone (Juju Charms Collection): | |
milestone: | 15.10 → 16.01 |
Changed in swift-proxy (Juju Charms Collection): | |
milestone: | 15.10 → 16.01 |
tags: | added: openstack |
Changed in charm-helpers: | |
status: | In Progress → Fix Released |
Changed in swift-proxy (Juju Charms Collection): | |
milestone: | 16.01 → 16.04 |
Changed in keystone (Juju Charms Collection): | |
milestone: | 16.01 → 16.04 |
Changed in cinder (Juju Charms Collection): | |
milestone: | 16.01 → 16.04 |
Changed in glance (Juju Charms Collection): | |
milestone: | 16.01 → 16.04 |
Changed in cinder (Juju Charms Collection): | |
status: | Triaged → Fix Released |
Changed in glance (Juju Charms Collection): | |
status: | Triaged → Fix Released |
Changed in keystone (Juju Charms Collection): | |
status: | Triaged → Fix Released |
Changed in swift-proxy (Juju Charms Collection): | |
status: | Triaged → Fix Released |
Changed in cinder (Juju Charms Collection): | |
milestone: | 16.04 → 16.01 |
Changed in glance (Juju Charms Collection): | |
milestone: | 16.04 → 16.01 |
Changed in keystone (Juju Charms Collection): | |
milestone: | 16.04 → 16.01 |
Changed in swift-proxy (Juju Charms Collection): | |
milestone: | 16.04 → 16.01 |
To post a comment you must log in.
Some other things:
/etc/haproxy/ haproxy. cfg (which contains the password) is world readable
It's listening on port 8888 on all interfaces (as opposed to e.g. just localhost)