tripleo

Disable logins for nova_migration user when it's not required

Bug #1688321 reported by Oliver Walsh
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
High
Oliver Walsh
tripleo pike-2 "pike-2"

Bug Description

https://review.openstack.org/#/c/458077/19/manifests/profile/base/nova.pp@244

We replace the puppet package resource with a dummy so setting the package to absent is a no-op. Could enable/disable logins for the user instead.

Oliver Walsh (owalsh)
Changed in tripleo:
assignee: nobody → Oliver Walsh (owalsh)
importance: Undecided → High
status: New → Triaged
milestone: none → pike-2
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-tripleo (master)

Fix proposed to branch: master
Review: https://review.openstack.org/462720

Changed in tripleo:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-tripleo (master)

Reviewed: https://review.openstack.org/462720
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=fe8edab1f4c761dcd6bad8eb6ccadd62627b077a
Submitter: Jenkins
Branch: master

commit fe8edab1f4c761dcd6bad8eb6ccadd62627b077a
Author: Oliver Walsh <email address hidden>
Date: Thu May 4 20:21:51 2017 +0100

    Disable SSH login for nova_migration user when migration over ssh is disabled.

    If migration over ssh is enabled, and then later disabled, the ssh config
    for the nova_migration user remains intact. This change clobbers the migration
    SSH key to disable login when it is not necessary.

    Change-Id: Icc6d5d4f4671b3525a731d334ca6fa7c5419dac3
    Closes-Bug: #1688321

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-tripleo 7.1.0

This issue was fixed in the openstack/puppet-tripleo 7.1.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-tripleo (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/510793

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-tripleo (stable/newton)

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/510798

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-tripleo (stable/ocata)

Reviewed: https://review.openstack.org/510793
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=3346f7f6e29da051f22e891d426ec1ab7d27cb30
Submitter: Jenkins
Branch: stable/ocata

commit 3346f7f6e29da051f22e891d426ec1ab7d27cb30
Author: Oliver Walsh <email address hidden>
Date: Thu May 4 20:21:51 2017 +0100

    Disable SSH login for nova_migration user when migration over ssh is disabled.

    If migration over ssh is enabled, and then later disabled, the ssh config
    for the nova_migration user remains intact. This change clobbers the migration
    SSH key to disable login when it is not necessary.

    Change-Id: Icc6d5d4f4671b3525a731d334ca6fa7c5419dac3
    Closes-Bug: #1688321
    (cherry picked from commit fe8edab1f4c761dcd6bad8eb6ccadd62627b077a)

tags: added: in-stable-ocata
tags: added: in-stable-newton
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-tripleo (stable/newton)

Reviewed: https://review.openstack.org/510798
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=08cd4bab798479dc94db470e0390ac31352091c1
Submitter: Jenkins
Branch: stable/newton

commit 08cd4bab798479dc94db470e0390ac31352091c1
Author: Oliver Walsh <email address hidden>
Date: Thu May 4 20:21:51 2017 +0100

    Disable SSH login for nova_migration user when migration over ssh is disabled.

    If migration over ssh is enabled, and then later disabled, the ssh config
    for the nova_migration user remains intact. This change clobbers the migration
    SSH key to disable login when it is not necessary.

    Change-Id: Icc6d5d4f4671b3525a731d334ca6fa7c5419dac3
    Closes-Bug: #1688321
    (cherry picked from commit fe8edab1f4c761dcd6bad8eb6ccadd62627b077a)
    (cherry picked from commit 3346f7f6e29da051f22e891d426ec1ab7d27cb30)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-tripleo 5.6.5

This issue was fixed in the openstack/puppet-tripleo 5.6.5 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-tripleo 6.5.4

This issue was fixed in the openstack/puppet-tripleo 6.5.4 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.