Bug 979085
Summary: | openstack-nova: please review support data collection | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Bryn M. Reeves <bmr> | ||||
Component: | openstack-nova | Assignee: | Nikola Dipanov <ndipanov> | ||||
Status: | CLOSED NOTABUG | QA Contact: | Ami Jeain <ajeain> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | urgent | ||||||
Version: | unspecified | CC: | apevec, bmr, eglynn, jkt, ndipanov, yeylon | ||||
Target Milestone: | Upstream M3 | ||||||
Target Release: | 4.0 | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2013-11-20 23:30:50 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 840057 | ||||||
Attachments: |
|
Description
Bryn M. Reeves
2013-06-27 14:55:30 UTC
The following secrets are included: options in /etc/nova/nova.conf - [general] - ldap_dns_password - neutron_admin_password - rabbit_password - qpid_password - powervm_mgr_passwd - xenapi_connection_password - virtual_power_host_pass - [matchmaker_redis] - password - [vmware] - host_password - vnc_password - [database] - connection - [baremetal] - sql_connection options in /etc/nova/api-paste.ini (probably not actually here, but just in case) - [filter:authtoken] - admin_password Also, I wouldn't include /var/lib/nova. It's all data that I don't think is appropriate to collect. I'd like another nova person to look at this to make sure I didn't miss anything, though. > options in /etc/nova/api-paste.ini (probably not actually here, but just in
> case)
> - [filter:authtoken]
> - admin_password
That's still an option i.e. user could put authtoken configuration into paste.ini but default location in our RPMs is nova.conf [keystone_authtoken] section and sosreport plugin should mask both,
/etc/nova/api-paste.ini [filter:authtoken] admin_password
and
/etc/nova/nova.conf [keystone_authtoken] admin_password
We might want to consider two more things (however unlikely): * /etc/sysconfig/openstack-nova-novncproxy.sysconfig as it might have been used to override novncproxy options. * /var/security/limits.d/91-nova.conf (due to #917534) The review looks pretty complete to me now. Thanks Alan and Nikola! Bryn, is there any additional information we can provide that would be helpful? Examples of the configuration files so that we can come up with regexes to remove these items would be helpful, particularly considering the short time left to the deadline. Alternately if anyone has a test system where I can look at all this stuff live that would be a help. Created attachment 786324 [details]
Sample etc directory for an allinone RHOS install (Grizzly)
Bryn, see attachment from Comment #9 It looks like this is complete. Please let us know if you need more information. Thanks! |