openstack
/
cinder
Code Issues Proposed changes

[stable only] Add warning about rbd_keyring_conf 

This adds a warning message to the driver documentation page to make
sure it is visible that this config option should not be used due to
security concerns. We can't backport the deprecation of the config
option, but we can backport this doc warning to help prevent this option
from being used.

Related-bug: #1849624

Change-Id: Ief2c868d6a9baf6793cd9070a4451835a90752aa
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
This commit is contained in:
Sean McGinnis 2020-05-13 09:27:18 -05:00
parent cc9014ab42
commit 0f7a3ddd3c
No known key found for this signature in database
GPG Key ID: CE7EE4BFAF8D70C8
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
doc/source/configuration/block-storage/drivers/ceph-rbd-volume-driver.rst
View File

@ -87,6 +87,15 @@ Driver options
The following table contains the configuration options supported by the
Ceph RADOS Block Device driver.
.. warning::
Due to security concerns, it is recommended deployers do not use the
``rbd_keyring_conf`` option. This configuration option has been deprecated
and will be removed in the Victoria release.
For more information, see `OSSN-0085 Cinder configuration option can leak
secret key from Ceph backend.
<https://opendev.org/openstack/security-doc/src/branch/master/security-notes/OSSN-0085>`_
.. config-table::
:config-target: Ceph storage