Bug 1035826

Summary: Do not collect .pgpass files from RHEV-M.
Product: Red Hat Enterprise Virtualization Manager Reporter: Lee Yarwood <lyarwood>
Component: ovirt-engine-log-collectorAssignee: Sandro Bonazzola <sbonazzo>
Status: CLOSED ERRATA QA Contact: Petr Beňas <pbenas>
Severity: high Docs Contact:
Priority: high    
Version: 3.2.0CC: acathrow, adahms, alonbl, didi, emesika, iheim, lyarwood, pstehlik, Rhev-m-bugs, scohen, yeylon
Target Milestone: ---Keywords: ZStream
Target Release: 3.4.0   
Hardware: x86_64   
OS: Linux   
Whiteboard: integration
Fixed In Version: ovirt-3.4.0-beta2 Doc Type: Bug Fix
Doc Text:
Previously, sensitive values in configuration files would be collected in reports collected by the engine-log-collector utility. Now, sensitive values are filtered out of such reports.
 Story Points: ---
Clone Of:
: 1060670 (view as bug list) Environment:
Last Closed: 2014-06-09 14:06:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1052854    
Bug Blocks: 1060670, 1078909, 1142926    

Description Lee Yarwood 2013-11-28 15:09:54 UTC 
Description of problem:
Do not collect .pgpass files from engine.

Version-Release number of selected component (if applicable):
rhevm-log-collector-3.2.2-4.el6ev.noarch

How reproducible:
Always.

Steps to Reproduce:
1. Collect a full RHEV-M log collector.
2. /etc/ovirt-engine/.pgpass file collected with plain text passwords for postgresql users still inside.
3.

Actual results:
/etc/ovirt-engine/.pgpass collected.

Expected results:
/etc/ovirt-engine/.pgpass not collected or passwords removed.

Additional info:
Comment 2 Sandro Bonazzola 2013-12-11 20:18:38 UTC 
While upgrading from 3.2.z to 3.3.z the legacy .pgpass file is emptied.
It's content is now stored in other files.
So for 3.3.z we can just not archive that file and filter password for the new configuration files.

Lee do we need this back ported also to 3.2.z?
Comment 8 Lee Yarwood 2013-12-16 20:33:39 UTC 
(In reply to Sandro Bonazzola from comment #2)
> Lee do we need this back ported also to 3.2.z?

No, 3.3 only is fine.
Comment 9 Sandro Bonazzola 2014-01-30 15:44:54 UTC 
Merged on upstream master, pushed to 3.4 branch.
Comment 10 Sandro Bonazzola 2014-02-03 10:01:32 UTC 
merged on upstream 3.4 branch.
Comment 12 Petr Beňas 2014-02-25 10:13:30 UTC 
Verified in ovirt-log-collector-3.4.0-0.5.beta3.el6.noarch.

[root@pb-rh34 pb-rh34-2014022414261393248410]# grep PASS etc/ovirt-engine/engine.conf.d/10-setup-database.conf
ENGINE_DB_PASSWORD=********
Comment 14 errata-xmlrpc 2014-06-09 14:06:12 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-0668.html