Project

General

Profile

Story #2859

Production environment passwords and configuration need to be secured

Added by Chris Jones over 12 years ago. Updated about 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Support Operations
Start date:
2012-06-06
Due date:
% Done:

100%

Story Points:
Sprint:

Description

We currently have a number of services configured to use fairly insecure passwords, and some are checked into SVN for the development environments. These include:

Metacat - admin DN, admin password
OpenLDAP - admin DN and password
Java keystore - passphrase
PostgreSQL - admin user and password
Hazelcast Storage cluster - group name and password
Hazelcast Process cluster - group name and password
Hazelcast Portal cluster - group name and password
likely others ...

We need a secure location for these settings, and values need to be manually overridden in the production environment deployments.


Subtasks

Task #2860: Create a productionPW.txt file in subversionClosedDave Vieglais

Task #2861: Set production passwords in the encrypted password fileClosedRobert Waltz

Task #2862: Change the Metacat postinst script to use a per-env admin DNClosedChris Jones

Task #2863: Change d1_cn_common's DAO layer to use configurable passwordsRejectedSkye Roseboom

History

#1 Updated by Dave Vieglais over 12 years ago

  • Milestone changed from CCI-1.0.0 to CCI-1.0.2
  • Target version changed from Sprint-2012.21-Block.3.3 to Sprint-2012.25-Block.4.1

#2 Updated by Chris Jones over 12 years ago

  • Status changed from New to In Progress
  • Milestone changed from CCI-1.0.2 to CCI-1.0.3

Most components have been changed except for Hazelcast and the node approval tool. Moving this to CCI 1.0.3 for these changes since we have manual workarounds for both of these issues.

#3 Updated by Dave Vieglais about 12 years ago

  • Target version changed from Sprint-2012.25-Block.4.1 to Sprint-2012.29-Block.4.3

#4 Updated by Dave Vieglais about 12 years ago

  • Milestone changed from CCI-1.0.3 to CCI-1.0.4

#5 Updated by Robert Waltz about 12 years ago

  • Target version changed from Sprint-2012.29-Block.4.3 to Sprint-2012.33-Block.5.1
  • Position set to 1

#6 Updated by Dave Vieglais about 12 years ago

  • Position set to 1
  • Position deleted (4)
  • Target version changed from Sprint-2012.33-Block.5.1 to Sprint-2012.35-Block.5.2

#7 Updated by Chris Jones about 12 years ago

  • Status changed from In Progress to Closed

We've secured all communication except for hazelcast, which requires a solid VPN set up. See https://redmine.dataone.org/issues/3110 . I'm closing this task since the VPN task is separate now.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)