Bug 1105507
| Summary: | **FILTERED** in hosted-engine-setup.log | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [oVirt] otopi | Reporter: | Artyom <alukiano> | ||||
| Component: | Plugins.core | Assignee: | Sandro Bonazzola <sbonazzo> | ||||
| Status: | CLOSED WONTFIX | QA Contact: | yeylon <yeylon> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 1.2.0 | CC: | acathrow, alonbl, bazulay, didi, dougsland, iheim, lsvaty, lveyde, mavital, pstehlik, Rhev-m-bugs, sbonazzo, srevivo, stirabos, yeylon | ||||
| Target Milestone: | --- | Keywords: | Reopened, Triaged | ||||
| Target Release: | --- | Flags: | alukiano:
devel_ack?
|
||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | integration | ||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2018-04-23 10:01:46 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | Integration | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
I think this is an otopi limitation, we just add the password to CoreEnv.LOG_FILTER_KEYS env. If you use a password like '1' it will be replaced everywhere in the logs where 1 should be printed. Maybe something like filtering by env key may be better than filtering by value. Alon, what do you think? the password can be manifested in many places, such as commands and outputs. to be safer we mask all strings that matches password. password should be random/unique enough to not match any string. in any other case you see lots of filtered., this can filter names necessary in logs such as names of db tables, therefore make reproduction steps much more obfuscated. If you believe password should be random/unique please do not enable user option to set it non-random. Can you please reconsider the WONTFIX flag, as this is making QA process harder with obfuscated logs. (In reply to Lukas Svaty from comment #3) > this can filter names necessary in logs such as names of db tables, > therefore make reproduction steps much more obfuscated. > > If you believe password should be random/unique please do not enable user > option to set it non-random. > > Can you please reconsider the WONTFIX flag, as this is making QA process > harder with obfuscated logs. Please open a RFE on engine-setup for enforcing a random password. At OTOPI level we can only filter everything matching the password. same for hosted engine setup |
Created attachment 902833 [details] hosted-engine-setup.log Description of problem: In time of hosted-engine --deploy process, on stage after that user enter engine password, **FLTERED** stamp appear in hosted-engine-setup log more often that it need, for example: 20**FILTERED**4-06-06 **FILTERED**4:28:**FILTERED**9 DEBUG otopi.context context.dumpEnvironment:468 ENVIRONMENT DUMP - BEGIN 20**FILTERED**4-06-06 **FILTERED**4:28:**FILTERED**9 DEBUG otopi.context context.dumpEnvironment:478 ENV OVEHOSTED_ENGINE/adminPassword=str:'**FILTERED**' 20**FILTERED**4-06-06 **FILTERED**4:28:**FILTERED**9 DEBUG otopi.context context.dumpEnvironment:478 ENV OVEHOSTED_ENGINE/appHostName=str:'hosted_engine_**FILTERED**' 20**FILTERED**4-06-06 **FILTERED**4:28:**FILTERED**9 DEBUG otopi.context context.dumpEnvironment:482 ENVIRONMENT DUMP - END 20**FILTERED**4-06-06 **FILTERED**4:28:**FILTERED**9 DEBUG otopi.context context._executeMethod:**FILTERED**38 Stage customization METHOD otopi.plugins.ovirt_hosted_engine_setup.engine.fqdn.Plugin._customization Version-Release number of selected component (if applicable): ovirt-hosted-engine-setup-1.1.2-5.el6ev.noarch How reproducible: Always Steps to Reproduce: 1. run hosted-engine --deploy and continue process until vm created 2. look at log, from stage where user must enter engine password 3. Actual results: **FILTERED** stamp appear on places where it must not Expected results: **FILTERED** stamp appear only on engine password Additional info: