Container Infrastructure Management Service for OpenStack

Go to file

Johannes Grassler 0c7625ff4b Fix CVE-2016-7404 This commit addresses multiple potential vulnerabilities in Magnum. It makes the following changes: * Permissions for /etc/sysconfig/heat-params inside Magnum created instances are tightened to 0600 (used to be 0755). * Certificate retrieval is modified to work without the need for a Keystone trust. * The cluster's Keystone trust id is only passed into instances for clusters where that is actually needed. This prevents the trustee user from consuming the trust in cases where it is not needed. * The configuration setting trust/cluster_user_trust (False by default) is introduced. It needs to be explicitely enabled by the cloud operator to allow clusters that need the trust_id to be passed into instances to work. Without this setting, attempts to create such clusters will fail. Please note, that none of these changes apply to existing clusters. They will have to be deleted and rebuilt to benefit from these changes. (cherry picked from commit `e93d82e8b3`) Change-Id: I643d408cde0d6e30812cf6429fb7118184793400		2017-02-22 19:22:10 +01:00
api-ref/source	Add keypair to api-ref cluster create	2017-02-14 15:37:44 -07:00
contrib	Merge "[suse] Update security group for kube_masters"	2017-02-07 23:49:52 +00:00
devstack	Fix CVE-2016-7404	2017-02-22 19:22:10 +01:00
doc	[doc] install 'curl' as a prerequisite	2017-02-14 11:24:32 +05:30
etc/magnum	Fix CVE-2016-7404	2017-02-22 19:22:10 +01:00
install-guide/source	Use https instead of http for git.openstack.org	2017-02-07 11:11:22 +08:00
magnum	Fix CVE-2016-7404	2017-02-22 19:22:10 +01:00
releasenotes	Add reno: bp secure-etcd-cluster-coe	2017-02-13 11:08:43 +05:30
specs	Merge "Specification for Magnum stats API"	2016-12-20 16:25:10 +00:00
tools	Improve tox.ini to easy developer's life	2015-11-03 17:44:38 +08:00
.coveragerc	Cleanup coverage configuration	2016-08-28 21:11:07 +01:00
.gitignore	Compare test coverage with the master branch	2016-08-29 14:28:59 +02:00
.gitreview	Update .gitreview for stable/ocata	2017-02-17 20:32:51 +00:00
.mailmap	Initial commit from github (squashed)	2014-11-18 09:23:37 -05:00
.testr.conf	Remove minion dependency on master	2016-03-04 07:41:12 -05:00
CONTRIBUTING.rst	Workflow documentation is now in infra-manual	2014-12-05 03:30:45 +00:00
HACKING.rst	Add hacking rule for explicit import of _ function	2016-07-29 23:17:06 +05:30
LICENSE	Initial commit from github (squashed)	2014-11-18 09:23:37 -05:00
README.rst	Show team and repo badges on README	2016-11-25 12:41:41 +01:00
babel.cfg	Initial commit from github (squashed)	2014-11-18 09:23:37 -05:00
cover.sh	Add bashate checks to pep8 step	2016-12-07 15:25:41 +01:00
functional_creds.conf.sample	Use keystone v3 for functional tests	2016-12-05 15:21:09 +01:00
requirements.txt	Switch to kubernetes upstream python client	2017-02-13 14:48:08 -05:00
setup.cfg	Remove support for py34	2017-02-08 10:03:14 +07:00
setup.py	Updated from global requirements	2015-09-17 12:12:49 +00:00
test-requirements.txt	Updated from global requirements	2017-02-11 00:16:34 +00:00
tox.ini	Update UPPER_CONSTRAINTS_FILE for stable/ocata	2017-02-17 20:32:52 +00:00

README.rst

Team and repository tags

Magnum

Magnum is an OpenStack project which offers container orchestration engines for deploying and managing containers as first class resources in OpenStack.

For more information, please refer to the following resources:

Free software: under the Apache license
Documentation: http://docs.openstack.org/developer/magnum
Source: http://git.openstack.org/cgit/openstack/magnum
Blueprints: https://blueprints.launchpad.net/magnum
Bugs: http://bugs.launchpad.net/magnum
REST Client: http://git.openstack.org/cgit/openstack/python-magnumclient