Merge "Deprecate rbd_keyring_conf option"
This commit is contained in:
commit
f5b188a70f
@ -69,6 +69,10 @@ RBD_OPTS = [
|
|||||||
default='', # default determined by librados
|
default='', # default determined by librados
|
||||||
help='Path to the ceph configuration file'),
|
help='Path to the ceph configuration file'),
|
||||||
cfg.StrOpt('rbd_keyring_conf',
|
cfg.StrOpt('rbd_keyring_conf',
|
||||||
|
deprecated_for_removal=True,
|
||||||
|
deprecated_reason='Use of this option exposes a security '
|
||||||
|
'vulnerability. See OSSN-0085 for details.',
|
||||||
|
deprecated_since='Ussuri',
|
||||||
default='',
|
default='',
|
||||||
help='Path to the ceph keyring file'),
|
help='Path to the ceph keyring file'),
|
||||||
cfg.BoolOpt('rbd_flatten_volume_from_snapshot',
|
cfg.BoolOpt('rbd_flatten_volume_from_snapshot',
|
||||||
|
@ -0,0 +1,18 @@
|
|||||||
|
---
|
||||||
|
security:
|
||||||
|
- |
|
||||||
|
Due to `OSSN-0085
|
||||||
|
<https://wiki.openstack.org/wiki/OSSN/OSSN-0085>`_:
|
||||||
|
Cinder configuration option can leak secret key from Ceph backend,
|
||||||
|
deployers using the ``rbd_keyring_conf`` option are advised to stop
|
||||||
|
using it immediately. The option has been deprecated for removal
|
||||||
|
early in the 'V' development cycle.
|
||||||
|
deprecations:
|
||||||
|
- |
|
||||||
|
The configuration option ``rbd_keyring_conf`` for the Ceph cinder
|
||||||
|
driver presents a security risk and the option is hereby deprecated
|
||||||
|
and scheduled to be removed early in the 'V' development cycle,
|
||||||
|
following the standard OpenStack deprecation policy. For more
|
||||||
|
information, see `OSSN-0085
|
||||||
|
<https://wiki.openstack.org/wiki/OSSN/OSSN-0085>`_:
|
||||||
|
Cinder configuration option can leak secret key from Ceph backend.
|
Loading…
Reference in New Issue
Block a user