Bug 1872322
Summary: | Ironic conductor log displays BMC credentials in plain text | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | rlopez |
Component: | Bare Metal Hardware Provisioning | Assignee: | Dmitry Tantsur <dtantsur> |
Bare Metal Hardware Provisioning sub component: | ironic | QA Contact: | Polina Rabinovich <prabinov> |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | high | ||
Priority: | high | CC: | beth.white, bfournie, pablo.iranzo, prabinov, rpittau |
Version: | 4.6 | Keywords: | Triaged |
Target Milestone: | --- | ||
Target Release: | 4.6.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ironic-container-v4.6.0-202008290042 | Doc Type: | Bug Fix |
Doc Text: |
The ironic-conductor container logs no longer contain BMC passwords when using Redfish with session authentication.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-10-27 16:32:45 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
rlopez
2020-08-25 13:52:59 UTC
See update on tagged package in https://bugzilla.redhat.com/show_bug.cgi?id=1872341. Fix has been merged and pkg has been tagged and is available in ironic-container-v4.6.0-202008290042.p0 (https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=1300877). Version - 4.6.0-0.nightly-2020-09-10-054902 From bootstrap: 2020-09-10 10:47:12.664 1 DEBUG sushy.connector [req-d7384c3a-5e60-49a2-9f0f-06f654ab48e6 - - - - -] HTTP request: POST https://10.46.2.222/redfish/v1/SessionService/Sessions/; headers: {'X-Auth-Token': '***', 'OData-Version': '4.0'}; body: {'UserName': 'admin', 'Password': '***'}; blocking: False; timeout: 60; session arguments: {}; _op /usr/lib/python3.6/site-packages/sushy/connector.py:102 2020-09-10 10:47:12.776 1 DEBUG sushy.connector [req-9380b505-49cb-4d11-ba1b-afa5ce46da64 - - - - -] HTTP request: POST https://10.46.2.221/redfish/v1/SessionService/Sessions/; headers: {'X-Auth-Token': '***', 'OData-Version': '4.0'}; body: {'UserName': 'admin', 'Password': '***'}; blocking: False; timeout: 60; session arguments: {}; _op /usr/lib/python3.6/site-packages/sushy/connector.py:102 2020-09-10 10:47:12.780 1 DEBUG sushy.connector [req-9e418acc-0470-4062-b66d-c33d37302966 - - - - -] HTTP request: POST https://10.46.2.220/redfish/v1/SessionService/Sessions/; headers: {'X-Auth-Token': '***', 'OData-Version': '4.0'}; body: {'UserName': 'admin', 'Password': '***'}; blocking: False; timeout: 60; session arguments: {}; _op /usr/lib/python3.6/site-packages/sushy/connector.py:102 From master ironic: 2020-09-10 11:41:38.350 1 DEBUG sushy.connector [req-551557e5-fe4e-4677-9670-925effa48857 ironic-user - - - -] HTTP request: POST https://10.46.2.224/redfish/v1/SessionService/Sessions/; headers: {'X-Auth-Token': '***', 'OData-Version': '4.0'}; body: {'UserName': 'admin', 'Password': '***'}; blocking: False; timeout: 60; session arguments: {}; _op /usr/lib/python3.6/site-packages/sushy/connector.py:102 2020-09-10 11:41:38.445 1 DEBUG sushy.connector [req-ef4e24ef-fe36-43f9-ab50-0fdaa4cb6f36 ironic-user - - - -] HTTP request: POST https://10.46.2.229/redfish/v1/SessionService/Sessions/; headers: {'X-Auth-Token': '***', 'OData-Version': '4.0'}; body: {'UserName': 'admin', 'Password': '***'}; blocking: False; timeout: 60; session arguments: {}; _op /usr/lib/python3.6/site-packages/sushy/connector.py:102 2020-09-10 11:41:38.689 1 DEBUG sushy.connector [req-6a225e42-7574-4278-b655-59fdaba29a3d ironic-user - - - -] HTTP request: POST https://10.46.2.223/redfish/v1/SessionService/Sessions/; headers: {'X-Auth-Token': '***', 'OData-Version': '4.0'}; body: {'UserName': 'admin', 'Password': '***'}; blocking: False; timeout: 60; session arguments: {}; _op /usr/lib/python3.6/site-packages/sushy/connector.py:102 2020-09-10 11:41:39.057 1 DEBUG sushy.connector [req-dce70684-32a9-42f7-a5ee-66238bf0f54f ironic-user - - - -] HTTP request: POST https://10.46.2.222/redfish/v1/SessionService/Sessions/; headers: {'X-Auth-Token': '***', 'OData-Version': '4.0'}; body: {'UserName': 'admin', 'Password': '***'}; blocking: False; timeout: 60; session arguments: {}; _op /usr/lib/python3.6/site-packages/sushy/connector.py:102 2020-09-10 11:41:39.351 1 DEBUG sushy.connector [req-3b5cf3a9-5b92-4038-9522-585ffc502b19 ironic-user - - - -] HTTP request: POST https://10.46.2.230/redfish/v1/SessionService/Sessions/; headers: {'X-Auth-Token': '***', 'OData-Version': '4.0'}; body: {'UserName': 'admin', 'Password': '***'}; blocking: False; timeout: 60; session arguments: {}; _op /usr/lib/python3.6/site-packages/sushy/connector.py:102 2020-09-10 11:41:39.405 1 DEBUG sushy.connector [req-70d88aca-da02-48b6-acb7-426ac0c1c494 ironic-user - - - -] HTTP request: POST https://10.46.2.221/redfish/v1/SessionService/Sessions/; headers: {'X-Auth-Token': '***', 'OData-Version': '4.0'}; body: {'UserName': 'admin', 'Password': '***'}; blocking: False; timeout: 60; session arguments: {}; _op /usr/lib/python3.6/site-packages/sushy/connector.py:102 2020-09-10 11:41:40.128 1 DEBUG sushy.connector [req-b148ccfa-f129-47d3-a759-f09006341166 ironic-user - - - -] HTTP request: POST https://10.46.2.220/redfish/v1/SessionService/Sessions/; headers: {'X-Auth-Token': '***', 'OData-Version': '4.0'}; body: {'UserName': 'admin', 'Password': '***'}; blocking: False; timeout: 60; session arguments: {}; _op /usr/lib/python3.6/site-packages/sushy/connector.py: Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196 |