Bug 1571117
Summary: | HE-VM appliance and admin password saved in the setup log file as clear text executing from cockpit | ||||||
---|---|---|---|---|---|---|---|
Product: | [oVirt] cockpit-ovirt | Reporter: | Yihui Zhao <yzhao> | ||||
Component: | Hosted Engine | Assignee: | Phillip Bailey <phbailey> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Yihui Zhao <yzhao> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | urgent | ||||||
Version: | 0.11.20 | CC: | bugs, cshao, dmoppert, huzhao, jiaczhan, phbailey, qiyuan, sbonazzo, stirabos, weiwang, yaniwang, ycui, yturgema, yzhao | ||||
Target Milestone: | ovirt-4.2.3 | Keywords: | Security | ||||
Target Release: | --- | Flags: | rule-engine:
ovirt-4.2+
rule-engine: blocker+ cshao: testing_ack+ |
||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | cockpit-ovirt-0.11.24-1 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2018-05-10 06:29:25 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | Integration | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Yihui Zhao
2018-04-24 06:56:02 UTC
please attach the full log Created attachment 1425866 [details]
bootstrap_local_vm_log
(In reply to Ido Rosenzwig from comment #1) > please attach the full log https://bugzilla.redhat.com/attachment.cgi?id=1425866 How is this not a blocker? (In reply to Yaniv Kaul from comment #4) > How is this not a blocker? I think it don't affect the use. It's cockpit wizard specific now, we have to do something like this: https://github.com/oVirt/ovirt-hosted-engine-setup/blob/master/src/ovirt_hosted_engine_setup/ansible_utils.py#L42 also on cockpit side. Currently we cannot do much better just on playbook side as for https://bugzilla.redhat.com/show_bug.cgi?id=1540225 Tested with cockpit-ovirt-0.11.24-1 on RHEL-7.5-20180322, It works as expected. From the log: """ 2018-05-04 11:51:35,234+0800 DEBUG var changed: host "localhost" var "hostvars" type "<class 'ansible.vars.hostvars.HostVars'>" value: "{u'localhost': {u'VM_IP_PREFIX': None, u'BRIDGE': u'ovirtmgmt', 'ansible_playbook_python': '/usr/bin/python2', u'NIC_UUID': None, u'BRIDGE_IF': u'eno1', u'HOST_IP': u'10.73.73.19', u'TIME_ZONE': u'Asia/Shanghai', u'VCPUS': 4, u'CLOUD_INIT_DOMAIN_NAME': u'lab.eng.pek2.**FILTERED**.com', u'he_filtered_tokens_re': [u'BEGIN PRIVATE KEY**FILTERED**END PRIVATE KEY'], u'LOCAL_VM_DIR_PATH': u'/var/tmp', 'ansible_forks': 5, 'ansible_facts': {}, u'CPU_SOCKETS': 1, u'LOCAL_VM_DIR_PREFIX': u'localvm', 'inventory_hostname': u'localhost', 'ansible_skip_tags': [], u'EMULATED_MACHINE': None, 'playbook_dir': u'/usr/share/ovirt-hosted-engine-setup/ansible', u'FQDN': u'rhevh-hostedengine-vm-04.lab.eng.pek2.**FILTERED**.com', u'VM_IP_ADDR': None, u'HOST_NAME': u'dell-per515-02.lab.eng.pek2.**FILTERED**.com', 'group_names': ['ungrouped'], u'CDROM': None, u'ROOT_SSH_ACCESS': u'yes', u'CONSOLE_TYPE': u'vnc', 'ansible_version': {'major': 2, 'full': '2.5.2', 'string': '2.5.2', 'minor': 5, 'revision': 2}, u'VM_MAC_ADDR': u'52:54:00:5e:8e:c7', 'inventory_file': u'localhost,', u'MEM_SIZE': 16348, u'GRAPHICS_DEVICE': u'vnc', u'he_filtered_tokens_vars': [u'ADMIN_PASSWORD', u'APPLIANCE_PASSWORD', u'ISCSI_PASSWORD', u'ISCSI_DISCOVER_PASSWORD', u'ROOTPWD'], u'APPLIANCE_OVA': None, u'APPLIANCE_PASSWORD': u'**FILTERED**', u'CONSOLE_UUID': None, u'VM_UUID': u'62b13066-0b11-422f-aba2-dfb5b87108b4', u'CPU_TYPE': u'model_Opteron_G5', 'groups': {'ungrouped': [u'localhost'], 'all': [u'localhost']}, u'ROOT_SSH_PUBKEY': None, u'VM_ETC_HOSTS': True, u'CLOUD_INIT_HOST_NAME': u'rhevh-hostedengine-vm-04', 'ansible_inventory_sources': [u'localhost,'], u'ENABLE_HC_GLUSTER_SERVICE': False, u'VIDEO_DEVICE': u'vga', 'inventory_hostname_short': u'localhost', 'inventory_dir': u'None', 'omit': '__omit_place_holder__95fcc81a0c914dd9d69b4d1b6fc3d7ff2f7983ca', 'ansible_diff_mode': False, u'CDROM_UUID': None, u'ENABLE_LIBGFAPI': None, 'ansible_check_mode': False, u'MAXVCPUS': 16, 'ansible_run_tags': [u'all'], u'HOST_ADDRESS': u'dell-per515-02.lab.eng.pek2.**FILTERED**.com', u'VM_NAME': u'HostedEngine', u'ADMIN_PASSWORD': u'**FILTERED**'}}" """ The appliance and admin password is set as "**FILTERED**". So, moving to verified. This bugzilla is included in oVirt 4.2.3 release, published on May 4th 2018. Since the problem described in this bug report should be resolved in oVirt 4.2.3 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report. |