| Summary: | pushing vsphere/rhevm images displays console passwd in plain txt | ||
|---|---|---|---|
| Product: | [Retired] CloudForms Cloud Engine | Reporter: | wes hayutin <whayutin> |
| Component: | imagefactory | Assignee: | Ian McLeod <imcleod> |
| Status: | CLOSED ERRATA | QA Contact: | Martin Kočí <mkoci> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 1.0.0 | CC: | akarol, dajohnso, deltacloud-maint, dgao, mkoci, ssachdev |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-05-15 20:12:40 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
making sure all the bugs are at the right version for future queries Password is printed out for rhevm as well
2011-10-03 09:44:39,125 DEBUG imgfac.qmfagent.ImageFactoryAgent.ImageFactoryAgent pid(3307) Message: Method called: name = push_image
args = {'credentials': '*** REDACTED ***', 'image': '5dc0467c-d40f-428d-b8c8-a87681ae66c7', 'build': '', 'providers': ['rhevm']}
handle = <cqmf2.AgentEvent; proxy of <Swig Object of type 'qmf::AgentEvent *' at 0x2565db0> >
addr = redhat.com:imagefactory:9b0953e6-bca5-4496-9e21-b34112fac23e:image_factory
subtypes = {}
userId = anonymous
2011-10-03 09:44:39,125 DEBUG imgfac.ImageWarehouse.ImageWarehouse pid(3307) Message: Getting metadata (['latest_unpushed']) from http://localhost:9090/images/5dc0467c-d40f-428d-b8c8-a87681ae66c7
2011-10-03 09:44:39,150 DEBUG imgfac.ImageWarehouse.ImageWarehouse pid(3307) Message: Querying (http://localhost:9090/target_images/_query) with expression ($build == "fdbf971b-7ce1-4464-908f-a106ca21715f" && $target == "rhevm")
2011-10-03 09:44:39,221 DEBUG imgfac.ImageWarehouse.ImageWarehouse pid(3307) Message: Getting metadata (['template']) from http://localhost:9090/target_images/fbc49e65-87ef-4ef0-99ba-ba397a7b9840
2011-10-03 09:44:39,222 DEBUG imgfac.ImageWarehouse.ImageWarehouse pid(3307) Message: Created Image Warehouse instance http://localhost:9090 - buckets(target_images, templates, icicles, provider_images)
2011-10-03 09:44:39,243 DEBUG imgfac.ImageWarehouse.ImageWarehouse pid(3307) Message: Created Image Warehouse instance http://localhost:9090 - buckets(target_images, templates, icicles, provider_images)
2011-10-03 09:44:39,243 DEBUG imgfac.BuildJob.BuildAdaptor pid(3307) Message: Raising event with agent handler (<ImageFactoryAgent(Thread-1, initial)>), changed status from NEW to PUSHING
2011-10-03 09:44:39,244 DEBUG imgfac.BuildJob.BuildAdaptor pid(3307) Message: Raising event with agent handler (<ImageFactoryAgent(Thread-1, initial)>), changed percent complete from 0 to 0
2011-10-03 09:44:39,245 DEBUG imgfac.builders.BaseBuilder.RHEL6_rhevm_Builder pid(3307) Message: Image file /var/tmp/rhevm-image-fbc49e65-87ef-4ef0-99ba-ba397a7b9840.dsk already present - skipping warehouse download
2011-10-03 09:44:39,246 DEBUG imgfac.builders.BaseBuilder.RHEL6_rhevm_Builder pid(3307) Message: Produced provider json:
{
"apipass": "redhat",
"apiurl": "https://intel-s3e3432-01.rhts.eng.bos.redhat.com:8443/api",
"apiuser": "admin@internal",
"cluster": "_any_",
"image": "/tmp/e1d2ec50-95d0-4ff7-a2ee-c61fececa9ee",
"name": "rhevm",
"nfsdir": "/mnt/rhevm-nfs",
"nfshost": "10.16.120.18",
"nfspath": "/home/dajo/rhevh-export",
"password": "redhat",
"target": "rhevm",
"username": "admin@internal"
}
I have a patch to fix the display of RHEV-M credentials However, I cannot for the life of me see how we could be producing the XML in the log shown in comment #1 above. I also notice that the log message in question actually contains Richard's initials/nick within it. This suggests to me that this message may be the result of a personal debug statement put in during testing, not something that is in our released code. Here are the first two line: 2011-09-27 15:41:55,877 DEBUG imgfac.builders.BaseBuilder.RHEL6_vsphere_Builder pid(17956) Message: RWSU credentials: <?xml version="1.0"?> Is this possible? need to retest w/ both vsphere and rhevm.. RHEV-M change commit is here: https://github.com/aeolusproject/imagefactory/commit/8717ce91ac34d26f7bf2ad26b31b193b8937becb RHEVM fails qe
/rhevm-image-01209eb3-793f-4345-9e7a-b270760e6f20.dsk already present - skipping warehouse download
2011-10-27 14:11:39,664 DEBUG imgfac.builders.BaseBuilder.RHEL6_rhevm_Builder pid(10502) Message: Produced provider json:
{
"apipass": "REDACTED",
"apiurl": "https://qeblasdf.rhq.asdf.eng.bos.redhat.com:8443/api",
"apiuser": "admin@internal",
"cluster": "_any_",
"image": "/tmp/049c5e16-b010-4be9-9ebe-8b329ce6f51b",
"name": "rhevm",
"nfsdir": "/mnt/rhevm-nfs",
"nfshost": "10.4.3.18",
"nfspath": "/home/dajo/rhevh-asdf",
"password": "dog8YOMMA",
"target": "rhevm",
"timeout": 1800,
"username": "admin@internal"
}
2011-10-27 14:11:39,664 DEBUG imgfac.builders.BaseBuilder.RHEL6_rhevm_Builder pid(10502) Message: Executing external RHEV-M push command
(['/usr/bin/dc-rhev-image', '/tmp/tmpgRX0LN'])
2011-10-27 14:11:39,707 DEBUG paste.httpserver.ThreadPool pid(10502) Message: Added task (0 tasks queued)
2011-10-27 14:11:40,514 DEBUG paste.httpserver.ThreadPool pid(10502) Message: Added task (0 tasks queued)
[root@unused nodes]# less /var/log/imagefactory.log
[root@unused nodes]# rpm -qa | grep imagefactory
imagefactory-jeosconf-ec2-rhel-0.8.0-1.el6.noarch
imagefactory-jeosconf-ec2-fedora-0.8.0-1.el6.noarch
imagefactory-0.8.0-1.el6.noarch
rubygem-imagefactory-console-0.5.0-4.20110824113238gitd9debef.el6.noarch
Wes, I believe that the "password" field above is a result of having a password field in /etc/imagefactory/rhevm.json. This is not necessary, is ignored and in is deprecated in favour of providing the password as part of the credentials in the API call (which conductor is doing). Our quasi-official documentation discusses this in the RHEV-M section: https://www.aeolusproject.org/redmine/projects/image-factory/wiki/Documentation Can you test again with a rhevm.json file that does not contain the password and confirm that it does not show up in the log? test passed after I have deleted
"password": "password",
from the /etc/imagefactory/rhevm.json file.
I have tested it if there is password information even during the build process
=> test passed too.
# rpm -qa|grep 'aeolus\|imagefactory-\|oz-\|iwhd'
iwhd-1.1-2.el6.x86_64
oz-0.9.0-0.20120127190146git043d582.el6.noarch
aeolus-conductor-doc-0.9.0-0.20120118181603git71cd8bc.el6.noarch
aeolus-all-0.9.0-0.20120118181603git71cd8bc.el6.noarch
rubygem-imagefactory-console-0.5.0-4.20110824113238gitd9debef.el6.noarch
aeolus-conductor-daemons-0.9.0-0.20120118181603git71cd8bc.el6.noarch
imagefactory-jeosconf-ec2-fedora-1.0.0rc3_5_g1041f75-1.el6.noarch
rubygem-arel-2.0.10-0.aeolus.el6.noarch
rubygem-rack-mount-0.7.1-3.aeolus.el6.noarch
rubygem-ZenTest-4.3.3-2.aeolus.el6.noarch
rubygem-aeolus-image-0.4.0-0.20120118121635git0d31a37.el6.noarch
rubygem-aeolus-cli-0.4.0-0.20120118121626git6fddd65.el6.noarch
aeolus-configure-2.6.0-0.20120118121620gita996371.el6.noarch
imagefactory-jeosconf-ec2-rhel-1.0.0rc3_5_g1041f75-1.el6.noarch
aeolus-conductor-0.9.0-0.20120118181603git71cd8bc.el6.noarch
imagefactory-1.0.0rc3_5_g1041f75-1.el6.noarch
Based on this test and comment 8 I'm moving bug to VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2012-0588.html |
Description of problem: 2011-09-27 15:41:55,809 DEBUG imgfac.qmfagent.ImageFactoryAgent.ImageFactoryAgent pid(17956) Message: Method called: name = push_image args = {'credentials': '*** REDACTED ***', 'image': '06985b46-14ae-4e88-a4a6-e2b18aa77bbc', 'build': '', 'providers': ['vsphere']} handle = <cqmf2.AgentEvent; proxy of <Swig Object of type 'qmf::AgentEvent *' at 0x1144bd0> > addr = redhat.com:imagefactory:8fd52c39-9be3-452a-ae7e-5a352882d018:image_factory subtypes = {} userId = anonymous 2011-09-27 15:41:55,810 DEBUG imgfac.ImageWarehouse.ImageWarehouse pid(17956) Message: Getting metadata (['latest_unpushed']) from http://localhost:9090/images/06985b46-14ae-4e88-a4a6-e2b18aa77bbc 2011-09-27 15:41:55,866 DEBUG imgfac.ImageWarehouse.ImageWarehouse pid(17956) Message: Querying (http://localhost:9090/target_images/_query) with expression ($build == "0f38e2b1-75ba-4e7f-9115-a645bf7ddfdb" && $target == "vsphere") 2011-09-27 15:41:55,870 DEBUG imgfac.ImageWarehouse.ImageWarehouse pid(17956) Message: Getting metadata (['template']) from http://localhost:9090/target_images/5896a621-c99f-4efc-a59e-6894f4b21ddc 2011-09-27 15:41:55,871 DEBUG imgfac.ImageWarehouse.ImageWarehouse pid(17956) Message: Created Image Warehouse instance http://localhost:9090 - buckets(target_images, templates, icicles, provider_images) 2011-09-27 15:41:55,873 DEBUG imgfac.ImageWarehouse.ImageWarehouse pid(17956) Message: Created Image Warehouse instance http://localhost:9090 - buckets(target_images, templates, icicles, provider_images) 2011-09-27 15:41:55,875 DEBUG imgfac.BuildJob.BuildAdaptor pid(17956) Message: Raising event with agent handler (<ImageFactoryAgent(Thread-1, initial)>), changed status from NEW to PUSHING 2011-09-27 15:41:55,876 DEBUG imgfac.BuildJob.BuildAdaptor pid(17956) Message: Raising event with agent handler (<ImageFactoryAgent(Thread-1, initial)>), changed percent complete from 0 to 0 2011-09-27 15:41:55,877 DEBUG imgfac.builders.BaseBuilder.RHEL6_vsphere_Builder pid(17956) Message: RWSU credentials: <?xml version="1.0"?> <provider_accounts> <provider_account> <name>vsphereAccount</name> <provider>vsphere</provider> <provider_type>vsphere</provider_type> <provider_credentials> <vsphere_credentials> <password>mypasswdThatIsNotRealScriptKiddies</password> <username>Administrator</username> </vsphere_credentials> </provider_credentials> </provider_account> </provider_accounts> 2011-09-27 15:41:55,897 DEBUG imgfac.builders.BaseBuilder.RHEL6_vsphere_Builder pid(17956) Message: Image file /var/tmp/vmware-image-5896a621-c99f-4efc-a59e-6894f4b21ddc.vmdk already present - skipping warehouse download