kolla

passwords.yml does not have secure defaults

Bug #1559266 reported by Sam Yaple on 2016-03-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	kolla	Fix Released	Critical	Sam Yaple	kolla mitaka-rc2 "mitaka-rc2"

Bug Description

The passwords.yml file for ansible containers insecure passwords in the form of "password" or other similar strings.

Passwords should not be defaulted at all, but required to be populated to resolve this security issue.

OpenStack Infra (hudson-openstack) on 2016-03-20

Changed in kolla:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-03-21: Fix merged to kolla (master)

Reviewed: https://review.openstack.org/293728
Committed: https://git.openstack.org/cgit/openstack/kolla/commit/?id=f03e06e09bc486a1a26d5642cce278d7dbb7bd92
Submitter: Jenkins
Branch: master

commit f03e06e09bc486a1a26d5642cce278d7dbb7bd92
Author: SamYaple <email address hidden>
Date: Wed Mar 16 21:45:25 2016 +0000

Add generate_passwords.py to generate passwords

    As with all tools, this is a first pass at the generation. Perhaps we
    even want to move this into kolla/kolla/cmd and be generated with tox
    itself in the future.

This tool, when run, will only populate empty fields that have no
values meaning that it is safe to run repeatedly on the same file.

    Of note, there is no way to preserve comments in the file after it has
    been processed by the yaml parser in python. Comments and sections
    will remain in the passwords.yml template for additional documentation
    if the user wishes to populate the file themselves.

Use SystemRandom and clean up the docs a bit to not use pronouns.

Co-Authored-By: Steven Dake <email address hidden>

Closes-Bug: #1559266
Change-Id: I2932d592df8871f1b7811059206d0b4d0553a687

Changed in kolla:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-03-21: Fix proposed to kolla (master)

Fix proposed to branch: master
Review: https://review.openstack.org/295522

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-03-21: Fix merged to kolla (master)

Reviewed: https://review.openstack.org/295522
Committed: https://git.openstack.org/cgit/openstack/kolla/commit/?id=1d31b79e23f9d9dc6e1f54193adcb6e62ec51c56
Submitter: Jenkins
Branch: master

commit 1d31b79e23f9d9dc6e1f54193adcb6e62ec51c56
Author: Carlos Cesario <email address hidden>
Date: Mon Mar 21 18:12:32 2016 -0300

Remove static password

Remove static password into file passwords.yml

Change-Id: I68d766b9d9b4a7055629473de9bb9d6ab59d8503
Closes-Bug: #1559266

Revision history for this message

Doug Hellmann (doug-hellmann) wrote on 2016-04-22: Fix included in openstack/kolla 2.0.0

This issue was fixed in the openstack/kolla 2.0.0 release.

Revision history for this message

Doug Hellmann (doug-hellmann) wrote on 2016-05-10: Fix included in openstack/kolla 1.1.0

This issue was fixed in the openstack/kolla 1.1.0 release.

Revision history for this message

Doug Hellmann (doug-hellmann) wrote on 2016-06-06: Fix included in openstack/kolla 3.0.0.0b1

This issue was fixed in the openstack/kolla 3.0.0.0b1 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.