Bug 2227141

Summary: RFE: Prevent message content being logged at any level
Product: Red Hat Enterprise Linux 8 Reporter: Rehana <redakkan>
Component: rhcAssignee: CSI Client Tools Bugs <csi-client-tools-bugs>
Status: CLOSED ERRATA QA Contact: CSI Client Tools Bugs <csi-client-tools-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 8.9CC: ahitacat, arpandey, cmarinea, csi-client-tools-bugs, link, qianzhan
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: rhc-0.2.4-1.el8 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: 2227010
: 2227142 (view as bug list) Environment:
Last Closed: 2023-11-14 15:36:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2227010    
Bug Blocks: 2227142    

Comment 2 qianzhan 2023-08-15 08:09:42 UTC 
Pre-verification:

1. Provision RHEL-8.9.0-20230814.47-BaseOS-x86_64 in Beaker.

2. Update rhc version:

# dnf install -y rhc-worker-playbook
# dnf update -y --repoid=copr:copr.devel.redhat.com:ahitacat:rhc
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Copr repo for rhc owned by ahitacat                                                                                                44 kB/s | 2.5 kB     00:00    

Dependencies resolved.

==================================================================================================================================================================

 Package                Architecture              Version                                        Repository                                                  Size

==================================================================================================================================================================

Upgrading:

 rhc                    x86_64                    1:0.2.4-0.3.git.4dc7e38.el8                    copr:copr.devel.redhat.com:ahitacat:rhc                    9.8 M

 

Transaction Summary

==================================================================================================================================================================

Upgrade  1 Package
Total download size: 9.8 M
Downloading Packages:

rhc-0.2.4-0.3.git.4dc7e38.el8.x86_64.rpm                                                                                           59 MB/s | 9.8 MB     00:00    

------------------------------------------------------------------------------------------------------------------------------------------------------------------

Total                                                                                                                              59 MB/s | 9.8 MB     00:00     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                          1/1 
  Running scriptlet: rhc-1:0.2.4-0.3.git.4dc7e38.el8.x86_64                                                                                                   1/1 
  Upgrading        : rhc-1:0.2.4-0.3.git.4dc7e38.el8.x86_64                                                                                                   1/2 
  Cleanup          : rhc-1:0.2.2-1.el8.x86_64                                                                                                                 2/2 
  Running scriptlet: rhc-1:0.2.2-1.el8.x86_64                                                                                                                 2/2 
  Verifying        : rhc-1:0.2.4-0.3.git.4dc7e38.el8.x86_64                                                                                                   1/2 
  Verifying        : rhc-1:0.2.2-1.el8.x86_64                                                                                                                 2/2 
Installed products updated.
Upgraded:

  rhc-1:0.2.4-0.3.git.4dc7e38.el8.x86_64                                                                                                                          

Complete!

 

[root@kvm-01-guest04 ~]# rpm -qa | grep rhc

rhc-worker-playbook-0.1.8-5.el8.x86_64
rhc-0.2.4-0.3.git.4dc7e38.el8.x86_64


3. Configure and test against Stage:
[root@kvm-01-guest04 ~]# subscription-manager config --server.hostname=subscription.rhsm.stage.redhat.com

 

[root@kvm-01-guest04 ~]# cat /etc/insights-client/insights-client.conf | grep base_url

base_url=cert.console.stage.redhat.com

 

[root@kvm-01-guest04 ~]# cat /etc/rhc/config.toml

# yggdrasil global configuration settings

broker = ["wss://connect.cloud.stage.redhat.com:443"]
data-host = "cert.cloud.stage.redhat.com"
cert-file = "/etc/pki/consumer/cert.pem"
key-file = "/etc/pki/consumer/key.pem"
log-level = "trace"


[root@kvm-01-guest04 ~]# systemctl cat rhcd

# /usr/lib/systemd/system/rhcd.service

[Unit]
Description=rhc daemon
Documentation=https://github.com/redhatinsights/yggdrasil
After=network-online.target
Requires=network-online.target

[Service]
Type=simple
ExecStart=/usr/sbin/rhcd

[Install]
WantedBy=multi-user.target

# /etc/systemd/system/rhcd.service.d/override.conf

[Service]
Environment=SYSTEMD_LOG_LEVEL=trace

 
[root@kvm-01-guest04 ~]# rhc connect
Connecting kvm-01-guest04.lab.eng.rdu2.redhat.com to Red Hat.
This might take a few seconds.

Username: insights-qa
Password: 

● Connected to Red Hat Subscription Management
● Connected to Red Hat Insights
● Activated the rhc daemon
● Enabled console.redhat.com services: remote configuration, remediations, insights, compliance

Successfully connected to Red Hat!

Manage your connected systems: https://red.ht/connector
STEP      DURATION  
rhc       161ms     
rhsm      11.13s    
insights  34.123s   

4. Check the rhcd log:
[root@kvm-01-guest04 ~]# journalctl -u rhcd | grep 'received message'

Aug 15 03:59:20 kvm-01-guest04.lab.eng.rdu2.redhat.com rhcd[21729]: [rhcd] 2023/08/15 03:59:20 /builddir/build/BUILD/rhc/yggdrasil-0.2.2/cmd/yggd/grpc.go:107: received message 5c7caf9a-5509-4c3c-a219-8c848e41d06a



As per step 4, rhcd received message with message ID, and message content is not shown. Set this bug verified:tested.
Comment 5 qianzhan 2023-08-22 02:49:52 UTC 
Verification:

1. Provision RHEL-8.9.0-20230821.d.56 in Beaker:

[root@ibm-x3650m4-01-vm-11 ~]# rpm -qa | grep rhc
rhc-0.2.4-1.el8.x86_64

[root@ibm-x3650m4-01-vm-11 ~]# dnf install -y rhc-worker-playbook

 
2. Configure for stage connection:

[root@ibm-x3650m4-01-vm-11 ~]# subscription-manager config --server.hostname=subscription.rhsm.stage.redhat.com

[root@ibm-x3650m4-01-vm-11 ~]# cat /etc/insights-client/insights-client.conf | grep base_url
base_url=cert.console.stage.redhat.com

 
[root@ibm-x3650m4-01-vm-11 ~]# cat /etc/rhc/config.toml
# rhc global configuration settings

broker = ["wss://connect.cloud.stage.redhat.com:443"]
data-host = "cert.cloud.stage.redhat.com"
cert-file = "/etc/pki/consumer/cert.pem"
key-file = "/etc/pki/consumer/key.pem"
log-level = "trace"

 

[root@ibm-x3650m4-01-vm-11 ~]# systemctl cat rhcd

# /usr/lib/systemd/system/rhcd.service

[Unit]
Description=Remote Host Configuration daemon
Documentation=https://github.com/redhatinsights/yggdrasil
After=network-online.target
Requires=network-online.target

[Service]
Type=simple
ExecStart=/usr/sbin/rhcd

[Install]
WantedBy=multi-user.target

# /etc/systemd/system/rhcd.service.d/override.conf

[Service]
Environment=SYSTEMD_LOG_LEVEL=trace

3. Connect by rhc:

[root@ibm-x3650m4-01-vm-11 ~]# rhc connect
Connecting ibm-x3650m4-01-vm-11.ibm2.lab.eng.bos.redhat.com to Red Hat.
This might take a few seconds.

Username: insights-qa
Password: 
● Connected to Red Hat Subscription Management
● Connected to Red Hat Insights
● Activated the Remote Host Configuration daemon
● Enabled console.redhat.com services: compliance, remote configuration, insights, remediations

Successfully connected to Red Hat!

Manage your connected systems: https://red.ht/connector

STEP                       DURATION  
Remote Host Configuration  20ms      
rhsm                       13.81s    
insights                   44.529s   

 
4. Check the rhcd log:

[root@ibm-x3650m4-01-vm-11 ~]# journalctl -u rhcd | grep 'received message'

Aug 21 22:37:18 ibm-x3650m4-01-vm-11.ibm2.lab.eng.bos.redhat.com rhcd[21049]: [rhcd] 2023/08/21 22:37:18 /builddir/build/BUILD/rhc/yggdrasil-0.2.2/cmd/yggd/grpc.go:107: received message 439c3b7a-5177-451f-88e9-631497b481f3

Aug 21 22:37:58 ibm-x3650m4-01-vm-11.ibm2.lab.eng.bos.redhat.com rhcd[21049]: [rhcd] 2023/08/21 22:37:58 /builddir/build/BUILD/rhc/yggdrasil-0.2.2/cmd/yggd/grpc.go:107: received message b1ee3ac1-85ce-4488-84ab-fa1df0965190

Aug 21 22:38:06 ibm-x3650m4-01-vm-11.ibm2.lab.eng.bos.redhat.com rhcd[21049]: [rhcd] 2023/08/21 22:38:06 /builddir/build/BUILD/rhc/yggdrasil-0.2.2/cmd/yggd/grpc.go:107: received message 95e14cdf-4666-40d1-b55d-a514f2866476


As per step 4, rhcd received message with message ID, and message content is not shown. Move this bug from ON_QA to VERIFIED.
Comment 7 errata-xmlrpc 2023-11-14 15:36:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: rhc security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:7058