Bug 958532

Summary: Drop the obfuscation of database password
Product: Red Hat Enterprise Virtualization Manager Reporter: Alon Bar-Lev <alonbl>
Component: ovirt-engineAssignee: Alon Bar-Lev <alonbl>
Status: CLOSED CURRENTRELEASE QA Contact: Jiri Belka <jbelka>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: acathrow, bazulay, emesika, iheim, jkt, lpeer, mgoldboi, oschreib, pstehlik, Rhev-m-bugs, sbonazzo, yeylon, yzaslavs
Target Milestone: ---Keywords: Triaged
Target Release: 3.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: integration
Fixed In Version: is1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-01-21 22:18:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alon Bar-Lev 2013-05-01 18:51:39 UTC 
Discussed at:
http://lists.ovirt.org/pipermail/engine-devel/2013-April/004397.html
http://lists.ovirt.org/pipermail/engine-devel/2013-April/004411.html
http://lists.ovirt.org/pipermail/engine-devel/2013-May/004412.html
http://lists.ovirt.org/pipermail/engine-devel/2013-May/004413.html
http://lists.ovirt.org/pipermail/engine-devel/2013-May/004414.html
http://lists.ovirt.org/pipermail/engine-devel/2013-May/004417.html
http://lists.ovirt.org/pipermail/engine-devel/2013-May/004421.html
http://lists.ovirt.org/pipermail/engine-devel/2013-May/004422.html
http://lists.ovirt.org/pipermail/engine-devel/2013-May/004423.html
http://lists.ovirt.org/pipermail/engine-devel/2013-May/004426.html
http://lists.ovirt.org/pipermail/engine-devel/2013-May/004428.html
http://lists.ovirt.org/pipermail/engine-devel/2013-May/004429.html

Summary:
Currently we store password as clear text and obfuscated.
We should remove the obfuscated password.

Dependency:
Log collector should be adjusted as well.
Comment 1 Alon Bar-Lev 2013-05-09 12:31:44 UTC 
Hi Kiril,

Please complete the log-collector migration.

Algorithm:

1. Read: /etc/ovirt-engine/enigne.conf[.d/*]

If there is DB_PASSWORD then take:

DB_HOST
DB_PORT
DB_USER
DB_PASSWORD
DB_DATABASE
[DB_SECURED]

2. Otherwise continue as usual (process /etc/ovirt-engine/.pgpass)

Thanks!
Comment 2 Alon Bar-Lev 2013-05-09 12:33:01 UTC 
My mistake... prefix ENGINE_ to all the above variable.
Comment 3 Sandro Bonazzola 2013-05-16 06:46:10 UTC 
log-collector migrated.
Comment 4 Alon Bar-Lev 2013-05-16 06:50:27 UTC 
Thanks Sandro!

Modified per future rebase.
Comment 5 Jiri Belka 2013-10-30 13:21:54 UTC 
ok, is20.1.
Comment 6 Itamar Heim 2014-01-21 22:18:08 UTC 
Closing - RHEV 3.3 Released
Comment 7 Itamar Heim 2014-01-21 22:24:33 UTC 
Closing - RHEV 3.3 Released