Description of problem: In Foreman 1.8/nightlies, since [1], the compute resource password encryption key isn't being used and so CR passwords are stored and loaded only in plain text. The key is stored in an initialiser (config/initializers/encryption_key.rb, locally generated during package installation) which should be loaded before the Encryptable concern is loaded. The Encryptable concern is a no-op if the key isn't initialised already. [1] added config/initializers/apipie.rb which is calling ComputeResource.providers, leading to earlier loading of Encryptable (used in ComputeResource), before the encryption key initialiser is reached (as 'apipie' < 'encryption_key'). This should be cherry-picked to compose. [1] http://projects.theforeman.org/issues/4478 Version-Release number of selected component (if applicable): Satellite-6.1.0-RHEL-7-20150320.1 How reproducible: Aways Steps to Reproduce: 1. Create a Compute Resource 2. Watch the production.log Actual results: The following message is being printed on the production.log: [I] String does not start with the prefix 'encrypted-', so ForemanDocker::Docker ComputeResourceName was not decrypted Expected results: That message is not shown. Additional info:
Connecting redmine issue http://projects.theforeman.org/issues/9775 from this bug
Moving to POST since upstream bug http://projects.theforeman.org/issues/9775 has been closed ------------- Dominic Cleal Applied in changeset commit:1fcea0e919384f9f0f384d450ecac571d5953c82.
VERIFIED : # rpm -qa | grep foreman foreman-gce-1.7.2.17-1.el7sat.noarch foreman-debug-1.7.2.17-1.el7sat.noarch foreman-discovery-image-2.1.0-20.el7sat.noarch foreman-compute-1.7.2.17-1.el7sat.noarch foreman-ovirt-1.7.2.17-1.el7sat.noarch rubygem-hammer_cli_foreman_tasks-0.0.3.3-1.el7sat.noarch ruby193-rubygem-foreman_docker-1.2.0.9-1.el7sat.noarch ruby193-rubygem-foreman-redhat_access-0.1.0-1.el7sat.noarch ruby193-rubygem-foreman-tasks-0.6.12.3-1.el7sat.noarch rubygem-hammer_cli_foreman_discovery-0.0.1.7-1.el7sat.noarch ruby193-rubygem-foreman_gutterball-0.0.1.9-1.el7sat.noarch ruby193-rubygem-foreman_bootdisk-4.0.2.10-1.el7sat.noarch foreman-proxy-1.7.2.4-1.el7sat.noarch cloud-qe-9.idmqe.lab.eng.bos.redhat.com-foreman-client-1.0-1.noarch cloud-qe-9.idmqe.lab.eng.bos.redhat.com-foreman-proxy-1.0-2.noarch foreman-vmware-1.7.2.17-1.el7sat.noarch ruby193-rubygem-foreman_hooks-0.3.7-2.el7sat.noarch rubygem-hammer_cli_foreman-0.1.4.9-1.el7sat.noarch foreman-libvirt-1.7.2.17-1.el7sat.noarch foreman-selinux-1.7.2.13-1.el7sat.noarch foreman-postgresql-1.7.2.17-1.el7sat.noarch cloud-qe-9.idmqe.lab.eng.bos.redhat.com-foreman-proxy-client-1.0-1.noarch foreman-1.7.2.17-1.el7sat.noarch ruby193-rubygem-foreman_discovery-2.0.0.9-1.el7sat.noarch rubygem-hammer_cli_foreman_bootdisk-0.1.2.5-1.el7sat.noarch steps: 1. Create a Compute Resource 2. Watch the production.log # tail -f production.log 2015-04-29 03:44:19 [I] Processing by ComputeResourcesVmsController#index as HTML 2015-04-29 03:44:19 [I] Parameters: {"compute_resource_id"=>"3-test"} 2015-04-29 03:44:19 [I] Rendered compute_resources_vms/index/_libvirt.html.erb (1.1ms) 2015-04-29 03:44:19 [I] Rendered compute_resources_vms/index.html.erb within layouts/application (2.3ms) 2015-04-29 03:44:19 [I] Rendered home/_submenu.html.erb (2.0ms) 2015-04-29 03:44:19 [I] Rendered home/_user_dropdown.html.erb (1.1ms) 2015-04-29 03:44:19 [I] Read fragment views/tabs_and_title_records-3 (0.1ms) 2015-04-29 03:44:19 [I] Rendered home/_topbar.html.erb (4.4ms) 2015-04-29 03:44:19 [I] Rendered layouts/base.html.erb (5.5ms) 2015-04-29 03:44:19 [I] Completed 200 OK in 26ms (Views: 11.0ms | ActiveRecord: 2.4ms)
This bug is slated to be released with Satellite 6.1.
This bug was fixed in version 6.1.1 of Satellite which was released on 12 August, 2015.