| Summary: | [RFE] sos obfuscates full database connection url for openstack components | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Vagner Farias <vfarias> |
| Component: | sos | Assignee: | Pavel Moravec <pmoravec> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | BaseOS QE - Apps <qe-baseos-apps> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.3 | CC: | agk, apevec, bmr, gavin, lhh, lyarwood, mhradile, plambri, sbradley, srevivo, vfarias |
| Target Milestone: | rc | Keywords: | FutureFeature, Triaged |
| Target Release: | 7.4 | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-11-06 08:00:16 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | |||
| Bug Blocks: | 1473612 | ||
Lee or Vagner, could you please provide valid examples of the URL with passwords syntax (that is obfuscated now), such that we can come up with better regexp? The following is from OSP 11.
[root@controller ~]# grep '^connection\s*=' /etc/{nova,glance,cinder,neutron}/*.conf
/etc/nova/nova.conf:connection=mysql+pymysql://nova_api:tYscXjtg6FC4u8rDxDPnXAkkp.0.21/nova_api?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo
/etc/nova/nova.conf:connection=mysql+pymysql://nova:tYscXjtg6FC4u8rDxDPnXAkkp.0.21/nova?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo
/etc/nova/nova.conf:connection=mysql+pymysql://nova_placement:tYscXjtg6FC4u8rDxDPnXAkkp.0.21/nova_placement?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo
/etc/glance/glance-api.conf:connection = mysql+pymysql://glance:BpjdGYndqYFEXcAfzaqTFEUC6.0.21/glance?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo
/etc/cinder/cinder.conf:connection = mysql+pymysql://cinder:hMeRV32kUMCuHPQzHEg3dD9Vt.0.21/cinder?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo
/etc/neutron/neutron.conf:connection=mysql+pymysql://neutron:tY9hAuBeEGH7k7A2KkzKWhnhx.0.21/ovs_neutron?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo
I'm sure that earlier versions had a slightly different syntax, as you may see in comment #0 (expected results).
Some differences I can see:
connection=mysql x connection=mysql+pymsql
The end of the line also changed. Now it has a "?" and some additional information.
I'm not a regexp expert, but I think the standard is more or less:
connection=[protocol]://[login_name]:[password]@[hostname_or_IP]/[service_name]
I can't tell if passwords may have ":" or "@" characters.
Thanks. I created PR https://github.com/sosreport/sos/pull/1246 that would be great to test (for potential copy&paste or forgotten-character errors). I may test, at least in OSP 11, when a RPM package is made available. devel_ack+ for 7.6 This should have been fixed in RHEL7.6 due to previous updates done in sos 3.6 we rebased to in 7.6. Hence closing the BZ as fixed in current release: package: sos-3.6-11 7.6.0 errata: https://access.redhat.com/errata/RHEA-2018:3144 7.6.0-day errata: https://access.redhat.com/errata/RHBA-2018:3338 (either one contains the fix) |
Description of problem: sos reports don't include database connection url for openstack components because this information is obfuscated. Probably this was a side effect of obfuscating the password, which is part of the url. $ grep '^connection\s*=' etc/{nova,glance,cinder,neutron}/*.conf etc/nova/nova.conf:connection = ********* etc/glance/glance-api.conf:connection = ********* etc/glance/glance-registry.conf:connection = ********* etc/cinder/cinder.conf:connection = ********* etc/neutron/neutron.conf:connection = ********* Version-Release number of selected component (if applicable): sos-3.2-36.el7ost.2.noarch How reproducible: Always. Steps to Reproduce: 1. Run sosreport on an openstack controller node 2. Open the tarfile and cd into the directory 2. grep '^connection\s*=' etc/{nova,glance,cinder,neutron}/*.conf Actual results: $ grep '^connection\s*=' etc/{nova,glance,cinder,neutron}/*.conf etc/nova/nova.conf:connection = ********* etc/glance/glance-api.conf:connection = ********* etc/glance/glance-registry.conf:connection = ********* etc/cinder/cinder.conf:connection = ********* etc/neutron/neutron.conf:connection = ********* Expected results: Database server login, address and database should be shown, like in the example below. $ grep '^connection\s*=' etc/{nova,glance,cinder,neutron}/*.conf etc/nova/nova.conf:connection = mysql://nova:********@mariadb-server/nova etc/glance/glance-api.conf:connection = mysql://glance:********@mariadb-server/glance etc/glance/glance-registry.conf:connection = mysql://glance:********@mariadb-server/glance etc/cinder/cinder.conf:connection = mysql://cinder:********@mariadb-server/cinder etc/neutron/neutron.conf:connection = mysql://neutron:********@mariadb-server/neutron