Bug 1676473

Summary: [ACTIVE-STANDBY]- openstack-octavia: Private keys written to world-readable log files
Product: Red Hat OpenStack Reporter: Alexander Stafeyev <astafeye>
Component: openstack-octaviaAssignee: Nir Magnezi <nmagnezi>
Status: CLOSED ERRATA QA Contact: Alexander Stafeyev <astafeye>
Severity: medium Docs Contact:
Priority: low    
Version: 14.0 (Rocky)CC: astafeye, cgoncalves, ihrachys, lpeer, majopela, rheslop
Target Milestone: z3Keywords: Triaged, ZStream
Target Release: 14.0 (Rocky)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-octavia-3.0.2-0.20181219195056.ec4c88e.el7ost Doc Type: Bug Fix
Doc Text:
Octavia will now encrypt certificates and keys used for secure communication with amphorae in its internal workflows. Additionally, a new option, `server_certs_key_passphrase` is available under the certificates section with a default value, `insecure-key-do-not-use-this-key`.
 Story Points: ---
Clone Of:
: 1686517 (view as bug list) Environment:
Last Closed: 2019-07-02 19:47:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1686517, 1698576    

Description Alexander Stafeyev 2019-02-12 12:03:07 UTC 
Description of problem:
In a default Director installation with Octavia: 
* On the controller, Octavia logs are world readable, where /var/log/containers/octavia and /var/log/containers/httpd/octavia-api are both 755 and the logs themselves are 644.

* The /var/log/containers/octavia/worker.log has private key data (see attachment). 

Version-Release number of selected component (if applicable):

How reproducible:
The octavia.yaml file was not modified in the deployment:
openstack overcloud deploy --templates -e /home/stack/templates/node-info.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/services-docker/octavia.yaml -e /home/stack/templates/overcloud_images.yaml --libvirt-type qemu --ntp-server clock.redhat.com

Actual results:
Log files containing sensitive data are world readable.

Expected results:
Log files must not be world readable if sensitive data is included. Ideally, make all log files non-world-readable.

Additional info:
The default debug level was not changed, and was set to: debug=False




Additional info:

https://bugzilla.redhat.com/show_bug.cgi?id=1633019

sos report
http://rhos-release.virt.bos.redhat.com/log/bz1676467
Comment 1 Alexander Stafeyev 2019-02-12 12:03:41 UTC 
Work well on SINGLE octavia topology
Comment 2 Carlos Goncalves 2019-02-13 15:03:45 UTC 
Active-standby is community supported only. Could you please file a story upstream?
Comment 3 Alexander Stafeyev 2019-03-04 10:28:05 UTC 
https://storyboard.openstack.org/#!/story/2005128
Comment 17 errata-xmlrpc 2019-07-02 19:47:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:1680