← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 2018592] Re: Migration config containing secret should not be created in /tmp

 

** Changed in: nova
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/2018592

Title:
  Migration config containing secret should not be created in /tmp

Status in OpenStack Compute (nova):
  Fix Released

Bug description:
  In nova->placement upgrade procedure document
  (https://docs.openstack.org/placement/latest/admin/upgrade-to-
  stein.html) /tmp/migrate-db.rc is an example location for migration
  config. As this file contains secrets for both nova_api and placement
  databases, it is insecure to keep in /tmp/ directory (as most of
  admins will forget to shred and remove it). It should be changed from
  /tmp/migrate-db.rc to f.e. /root/migrate-db.rc

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/2018592/+subscriptions