Details
-
Type:
Story
-
Status: Done
-
Resolution: Done
-
Fix Version/s: None
-
Component/s: Qserv
-
Labels:None
-
Story Points:4
-
Epic Link:
-
Sprint:DB_S19_02, DB_S19_03, DB_S19_04, DB_S19_05
-
Team:Data Access and Database
Description
MySQL password in written in multiple file during configuration procedure.
One single file (QSERV_RUN_DIR/tmp/my.cnf) should be used, and removed at the end of configuration procedure. qserv-meta.conf also contains MySQL password and should be also secured (move password to qserv-configure.py cmd line?).
Attachments
Issue Links
Activity
Hi Fritz Mueller, on my side I'm waiting for these review since a few weeks, so I'll merge it by next thursday if review is not done yet.
Still an issue. Work on this was deferred until Kubernetification of Qserv.
All usages of the mysql root password should be updated to be environment variable based, instead of relying on configuration-time template substitutions. In the Kubernetes environment, this environment variable should be injected into the Qserv containers via a Kubernetes Secret.