From 293f19b2a41386e1eea47a9e6add24b006c69c42 Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Wed, 9 Dec 2015 18:23:08 +0000 Subject: Remove unsafe "unset" defaults All of our sensitive parameters are defaulted to easily predictable values, which is very bad from a security perspective because we don't force clients to make sane choices thus risk deploying with the predictable default values. tripleoclient supports generating random values for all of these, so remove the defaults, for non-tripleoclient usage we can create a developer-only environment with defaults. Related-Bug: #1516027 Change-Id: Ia0cf3b7e2de1aa42cf179cba195fb7770a1fc21c Depends-On: Ifb34b43fdedc55ad220df358c3ccc31e3c2e7c14 --- puppet/swift-storage.yaml | 2 -- 1 file changed, 2 deletions(-) (limited to 'puppet/swift-storage.yaml') diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index a8183f76..49d916a1 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -7,7 +7,6 @@ parameters: constraints: - custom_constraint: nova.flavor HashSuffix: - default: unset description: A random string to be used as a salt when hashing to determine mappings in the ring. hidden: true @@ -40,7 +39,6 @@ parameters: description: The user name for SNMPd with readonly rights running on all Overcloud nodes type: string SnmpdReadonlyUserPassword: - default: unset description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true -- cgit 1.2.3-korg