Uploaded image for project: 'Data Management'
  1. Data Management
  2. DM-1476

Secure MySQL root password

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Done
    • Resolution: Done
    • Fix Version/s: None
    • Component/s: Qserv
    • Labels:
      None
    • Story Points:
      4
    • Epic Link:
    • Sprint:
      DB_S19_02, DB_S19_03, DB_S19_04, DB_S19_05
    • Team:
      Data Access and Database

      Description

      MySQL password in written in multiple file during configuration procedure.
      One single file (QSERV_RUN_DIR/tmp/my.cnf) should be used, and removed at the end of configuration procedure. qserv-meta.conf also contains MySQL password and should be also secured (move password to qserv-configure.py cmd line?).

        Attachments

          Issue Links

          is blocked by

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. DM-17835 Improve qserv_deploy configuration

          • Done
          mentioned in

          Page Loading...

            Activity

            Ascending order - Click to sort in descending order
            No builds found.
            jammes Fabrice Jammes created issue -
            jammes Fabrice Jammes made changes -
            Field Original Value New Value
            Epic Link DM-1047 [ 13839 ]
            jbecla Jacek Becla made changes -
            Rank Ranked higher
            jbecla Jacek Becla made changes -
            Rank Ranked higher
            jbecla Jacek Becla made changes -
            Rank Ranked higher
            jbecla Jacek Becla made changes -
            Rank Ranked higher
            gcomoretto Gabriele Comoretto [X] (Inactive) made changes -
            Remote Link This issue links to "Page (Confluence)" [ 19771 ]
            fritzm Fritz Mueller made changes -
            Epic Link DM-1047 [ 13839 ] DM-16791 [ 236149 ]
            Hide
            Permalink
            fritzm Fritz Mueller added a comment -

            Still an issue. Work on this was deferred until Kubernetification of Qserv.

            All usages of the mysql root password should be updated to be environment variable based, instead of relying on configuration-time template substitutions. In the Kubernetes environment, this environment variable should be injected into the Qserv containers via a Kubernetes Secret.

            Show
            fritzm Fritz Mueller added a comment - Still an issue. Work on this was deferred until Kubernetification of Qserv. All usages of the mysql root password should be updated to be environment variable based, instead of relying on configuration-time template substitutions. In the Kubernetes environment, this environment variable should be injected into the Qserv containers via a Kubernetes Secret.
            fritzm Fritz Mueller made changes -
            Sprint DB_S19_02 [ 856 ]
            Summary Secure MySQL root password in configuration templates Secure MySQL root password
            jammes Fabrice Jammes made changes -
            Status To Do [ 10001 ] In Progress [ 3 ]
            jammes Fabrice Jammes made changes -
            Link This issue is blocked by DM-17835 [ DM-17835 ]
            jammes Fabrice Jammes made changes -
            Watchers Andy Salnikov, Fabrice Jammes, Fritz Mueller, Jacek Becla [ Andy Salnikov, Fabrice Jammes, Fritz Mueller, Jacek Becla ] Andy Salnikov, Fabrice Jammes, Fritz Mueller [ Andy Salnikov, Fabrice Jammes, Fritz Mueller ]
            fritzm Fritz Mueller made changes -
            Sprint DB_S19_02 [ 856 ] DB_S19_02, DB_S19_03 [ 856, 893 ]
            jammes Fabrice Jammes made changes -
            Story Points 4 3
            jammes Fabrice Jammes made changes -
            Story Points 3 4
            fritzm Fritz Mueller made changes -
            Sprint DB_S19_02, DB_S19_03 [ 856, 893 ] DB_S19_02, DB_S19_03, DB_S19_04 [ 856, 893, 902 ]
            jammes Fabrice Jammes made changes -
            Reviewers Christine Banek [ cbanek ]
            Status In Progress [ 3 ] In Review [ 10004 ]
            fritzm Fritz Mueller made changes -
            Sprint DB_S19_02, DB_S19_03, DB_S19_04 [ 856, 893, 902 ] DB_S19_02, DB_S19_03, DB_S19_04, DB_S19_03 [ 856, 893, 902, 914 ]
            Hide
            Permalink
            jammes Fabrice Jammes added a comment -

            Hi Fritz Mueller, on my side I'm waiting for these review since a few weeks, so I'll merge it by next thursday if review is not done yet.

            Show
            jammes Fabrice Jammes added a comment - Hi Fritz Mueller , on my side I'm waiting for these review since a few weeks, so I'll merge it by next thursday if review is not done yet.
            fritzm Fritz Mueller made changes -
            Status In Review [ 10004 ] Reviewed [ 10101 ]
            jammes Fabrice Jammes made changes -
            Resolution Done [ 10000 ]
            Status Reviewed [ 10101 ] Done [ 10002 ]

              People

              Assignee:
              jammes Fabrice Jammes
              Reporter:
              jammes Fabrice Jammes
              Reviewers:
              Christine Banek
              Watchers:
              Andy Salnikov, Christine Banek, Fabrice Jammes, Fritz Mueller
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Jenkins

                  No builds found.