© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
9199653
demo site
(Get the code!)
Sorry guys. been meaning to fix this. I brought this up in the HA documents. There are two ways to fix this.
1. Setup HAproxy as source balanced for Horizon and nova-consoleauth
2. Setup Horizon and nova-consoleauth to use memcached
I do not like memcached due to its nature. It has no security and with a single oneliner you can rip all of the valid tokens out of a memcached server. Since most environments are not configured correctly from a network security point of view what ends up happening is that from an unprivileged guest in a VM I can get undetected admin access to the entire OpenStack environment.
As such, I am strongly against making anything memcache the default option, but I am ok with making it configurable. I will work up the source patch today and we can discuss it on Wednesday.