Bug 979085
| Summary: | openstack-nova: please review support data collection | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Bryn M. Reeves <bmr> | ||||
| Component: | openstack-nova | Assignee: | Nikola Dipanov <ndipanov> | ||||
| Status: | CLOSED NOTABUG | QA Contact: | Ami Jeain <ajeain> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | urgent | ||||||
| Version: | unspecified | CC: | apevec, bmr, eglynn, jkt, ndipanov, yeylon | ||||
| Target Milestone: | Upstream M3 | ||||||
| Target Release: | 4.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2013-11-20 23:30:50 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 840057 | ||||||
| Attachments: |
|
||||||
The following secrets are included:
options in /etc/nova/nova.conf
- [general]
- ldap_dns_password
- neutron_admin_password
- rabbit_password
- qpid_password
- powervm_mgr_passwd
- xenapi_connection_password
- virtual_power_host_pass
- [matchmaker_redis]
- password
- [vmware]
- host_password
- vnc_password
- [database]
- connection
- [baremetal]
- sql_connection
options in /etc/nova/api-paste.ini (probably not actually here, but just in case)
- [filter:authtoken]
- admin_password
Also, I wouldn't include /var/lib/nova. It's all data that I don't think is appropriate to collect.
I'd like another nova person to look at this to make sure I didn't miss anything, though.
> options in /etc/nova/api-paste.ini (probably not actually here, but just in
> case)
> - [filter:authtoken]
> - admin_password
That's still an option i.e. user could put authtoken configuration into paste.ini but default location in our RPMs is nova.conf [keystone_authtoken] section and sosreport plugin should mask both,
/etc/nova/api-paste.ini [filter:authtoken] admin_password
and
/etc/nova/nova.conf [keystone_authtoken] admin_password
We might want to consider two more things (however unlikely): * /etc/sysconfig/openstack-nova-novncproxy.sysconfig as it might have been used to override novncproxy options. * /var/security/limits.d/91-nova.conf (due to #917534) The review looks pretty complete to me now. Thanks Alan and Nikola! Bryn, is there any additional information we can provide that would be helpful? Examples of the configuration files so that we can come up with regexes to remove these items would be helpful, particularly considering the short time left to the deadline. Alternately if anyone has a test system where I can look at all this stuff live that would be a help. Created attachment 786324 [details]
Sample etc directory for an allinone RHOS install (Grizzly)
Bryn, see attachment from Comment #9 It looks like this is complete. Please let us know if you need more information. Thanks! |
As part of support readiness preparations for OpenStack please review the data proposed to be collected for support purposes by the sos tool: "/etc/nova/" "/var/log/nova/" "/var/lib/nova/" "/etc/polkit-1/localauthority/50-local.d/50-nova.pkla" "/etc/sudoers.d/nova" "/etc/logrotate.d/openstack-nova" Please verify that this set of information is complete and sufficient for support of this component and confirm either that no secrets (passwords, private keys, etc.) are collected or list any secrets that may be included. This information is needed to create path exclusion and search/replace rules to remove this data from generated reports. Please provide feedback on these items via this bug - once the review has taken place the bug may be closed.