ansible-st2 icon indicating copy to clipboard operation
ansible-st2 copied to clipboard

Published 20 hours ago verified publisher icon StackStorm

Improve Security practices

Open arm4b opened this issue 8 years ago • 2 comments

From the:

  • https://github.com/StackStorm/st2-packages/pull/405
  • https://github.com/StackStorm/st2docs/pull/363

At the moment we don't even configure any username/passwords for external services like Mongo, RabbitMQ with st2 Ansible installation. Additionally, we're not sure whether those services are listening on 127.0.0.1 or are open to public net.

All of that needs better control and improvement.

  • [ ] Ensure we can configure host for dependent services
  • [ ] Services should run on 127.0.0.1 (PostgreSQL, Mongo, RabbitMQ) by default
  • [ ] Configure/Set username/password for PostgreSQL, Mongo, RabbitMQ
  • [ ] If not explicitly set, passwords for PostgreSQL, Mongo, RabbitMQ should be generated randomly and placed in st2.conf

arm4b avatar Jan 09 '17 13:01 arm4b

Here's a gist of some tasks that will idempotently (or at least I think they're idempotent):

  • Turn on authorization in mongo, add admin user, and add st2 user
  • Add rabbitmq management plugin, remove guest user and add a rabbitmq user for stackstorm

There's also a set of group_vars for my stackstorm group in my inventory.

https://gist.github.com/cognifloyd/c03cafc62f26a3ea0cfe1a5ed5c4238d

cognifloyd avatar Aug 05 '17 23:08 cognifloyd

#162 for mongo and #164 for rabbitmq

cognifloyd avatar Sep 06 '17 03:09 cognifloyd