OpenStack Compute (nova)

Migration config containing secret should not be created in /tmp

Bug #2018592 reported by Franciszek Przewoźny on 2023-05-05

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Fix Released	Undecided	Franciszek Przewoźny

Bug Description

In nova->placement upgrade procedure document (https://docs.openstack.org/placement/latest/admin/upgrade-to-stein.html) /tmp/migrate-db.rc is an example location for migration config. As this file contains secrets for both nova_api and placement databases, it is insecure to keep in /tmp/ directory (as most of admins will forget to shred and remove it). It should be changed from /tmp/migrate-db.rc to f.e. /root/migrate-db.rc

Tags:

Franciszek Przewoźny (fprzewozn) on 2023-05-05

Changed in placement:
assignee:	nobody → Franciszek Przewoźny (fprzewozn)

OpenStack Infra (hudson-openstack) on 2023-05-05

Changed in placement:
status:	New → In Progress

Revision history for this message

Franciszek Przewoźny (fprzewozn) wrote on 2023-05-05:

https://review.opendev.org/c/openstack/placement/+/882436

Revision history for this message

Franciszek Przewoźny (fprzewozn) wrote on 2023-09-28:

moved to nova

affects:	placement → nova
tags:	added: placement

Franciszek Przewoźny (fprzewozn) on 2023-09-29

Changed in nova:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-03-15: Fix included in openstack/placement 11.0.0.0rc1

This issue was fixed in the openstack/placement 11.0.0.0rc1 release candidate.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.