Project

General

Profile

Feature #8534

Improve security

Added by Lukas Zapletal over 5 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Low
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

Although provision network must be a safe environment, we should improve security for discovery. For this reason, I am putting this as a low prio ticket, just for the record we would like to extend the API with things like BIOS/firmware upgrades (which are more dangerous).

A) Communication Image->Foreman can be set to HTTPS (foreman.url=https://FQDN) so this is covered. We would like to make this the default option in the Discovery README (currently we state http only).

B) Communication Foreman->Image is currently http only, we can generate self-signed cert each start and perhaps generate a string token and send it to Foreman along with facts. This token could be used to do the Facts Refresh and Reboot remote commands to tighten the security a bit.

History

#1 Updated by Lukas Zapletal over 4 years ago

  • Tracker changed from Bug to Feature
  • Status changed from New to Closed
  • Assignee set to Lukas Zapletal

Both directions are https with Discovery 4.0+. It currently does not use client certificates tho.

Also available in: Atom PDF