Bug 1683287

Summary: Update role to support ansible vault for sensitive variable names
Product: [oVirt] ovirt-engine-metrics Reporter: Jan Zmeskal <jzmeskal>
Component: GenericAssignee: Shirly Radco <sradco>
Status: CLOSED CURRENTRELEASE QA Contact: Ivana Saranova <isaranov>
Severity: high Docs Contact:
Priority: high    
Version: 1.2.0.2CC: bugs, dfediuck, lleistne
Target Milestone: ovirt-4.3.3Flags: sradco: ovirt-4.3?
lleistne: testing_ack+
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-04-16 13:58:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Metrics RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1677996    
Bug Blocks: 1631193, 1683353    

Description Jan Zmeskal 2019-02-26 14:19:40 UTC 
Description of problem:
According to the latest version of README (patchset 56: https://gerrit.ovirt.org/#/c/97643/56) for oVirt.metrics-store-installation role, some sensitive variables should be stored in ansible-vault encrypted file secure_vars.yml. Specifically they are these:
engine_password, rhsub_pass, oreg_auth_password, root_password and ovirt_metrics_admin_password.
However, they are still present in /etc/ovirt-engine-metrics/config.yml.example along with other vars whose values should be provided by the user. If we want the user to store them in encrypted file (which is probably very good idea), we shouldn't put them into example config.

Version-Release number of selected component (if applicable):
ovirt-engine-metrics-1.2.1-0.0.master.20190225200554.el7.noarch (patchset 56)

How reproducible:
100 %

Steps to Reproduce:
1. cat /etc/ovirt-engine-metrics/config.yml.example
Comment 1 Shirly Radco 2019-03-13 21:21:44 UTC 
*** Bug 1683306 has been marked as a duplicate of this bug. ***
Comment 2 Ivana Saranova 2019-04-04 09:34:10 UTC 
Steps:
1) Check that /etc/ovirt-engine-metrics/config.yml.example doesn't contain password variables from secure_vars.yml

Results:
No password variables from secure_vars.yaml are present in config.yml.example.

Verified in: 
ovirt-engine-4.2.8.5-0.1.el7ev.noarch
ovirt-engine-metrics-1.2.1.3-1.el7ev.noarch

Verified tested in:
ovirt-engine-4.3.3.1-0.1.el7.noarch
ovirt-engine-metrics-1.2.1.3-1.el7ev.noarch
Comment 3 Sandro Bonazzola 2019-04-16 13:58:23 UTC 
This bugzilla is included in oVirt 4.3.3 release, published on April 16th 2019.

Since the problem described in this bug report should be
resolved in oVirt 4.3.3 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.