etcd: secure EtcdInitialClusterToken parameter

author Emilien Macchi <emilien@redhat.com>

Wed, 15 Mar 2017 21:56:30 +0000 (17:56 -0400)

committer Emilien Macchi <emilien@redhat.com>

Wed, 15 Mar 2017 21:58:27 +0000 (17:58 -0400)
author Emilien Macchi <emilien@redhat.com>
Wed, 15 Mar 2017 21:56:30 +0000 (17:56 -0400)
committer Emilien Macchi <emilien@redhat.com>
Wed, 15 Mar 2017 21:58:27 +0000 (17:58 -0400)
diff --git a/puppet/services/etcd.yaml b/puppet/services/etcd.yaml

index 7cdd845..5db8bec 100644 (file)
--- a/puppet/services/etcd.yaml
+++ b/puppet/services/etcd.yaml
@@ -19,9 +19,9 @@ parameters:
                   via parameter_defaults in the resource registry.
      type: json
    EtcdInitialClusterToken:
-    default: 'etcd-tripleo'
      description: Initial cluster token for the etcd cluster during bootstrap.
      type: string
+    hidden: true
    MonitoringSubscriptionEtcd:
      default: 'overcloud-etcd'
      type: string
diff --git a/releasenotes/notes/etcdtoken-4c46bdfac940acda.yaml b/releasenotes/notes/etcdtoken-4c46bdfac940acda.yaml

new file mode 100644 (file)

index 0000000..da99594
--- /dev/null
+++ b/releasenotes/notes/etcdtoken-4c46bdfac940acda.yaml
@@ -0,0 +1,6 @@
+---
+security:
+  - |
+    Secure EtcdInitialClusterToken by removing the default value
+    and make the parameter hidden.
+    Fixes `bug 1673266 <https://bugs.launchpad.net/tripleo/+bug/1673266>`__.
author	Emilien Macchi <emilien@redhat.com>
	Wed, 15 Mar 2017 21:56:30 +0000 (17:56 -0400)
committer	Emilien Macchi <emilien@redhat.com>
	Wed, 15 Mar 2017 21:58:27 +0000 (17:58 -0400)
puppet/services/etcd.yaml		patch \| blob \| history
releasenotes/notes/etcdtoken-4c46bdfac940acda.yaml	[new file with mode: 0644]	patch \| blob