Bug 1240667 - openstack_neutron does not obscure passwords, secrets etc.
Summary: openstack_neutron does not obscure passwords, secrets etc.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: sos
Version: 7.0 (Kilo)
Hardware: x86_64
OS: Linux
high
high
Target Milestone: ga
: 7.0 (Kilo)
Assignee: Lee Yarwood
QA Contact: Ofer Blaut
URL:
Whiteboard:
Depends On: 1240666
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-07-07 13:06 UTC by Lee Yarwood
Modified: 2019-08-15 04:50 UTC (History)
14 users (show)

Fixed In Version: sos-3.2-16.el7ost.2
Doc Type: Bug Fix
Doc Text:
Previously, various OpenStack plug-ins for the sosreport utility were incorrectly collecting passwords in plain text. As a consequence, the compressed file created after using sosreport could contain human-readable passwords. This update adds obfuscation of all passwords to sosreport OpenStack plug-ins, and the affected passwords in the sosreport tarball are no longer human-readable.
Clone Of: 1240666
Environment:
Last Closed: 2015-08-05 13:29:00 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2015:1548 0 normal SHIPPED_LIVE Red Hat Enterprise Linux OpenStack Platform Enhancement Advisory 2015-08-05 17:07:06 UTC

Description Lee Yarwood 2015-07-07 13:06:37 UTC 
+++ This bug was initially created as a clone of Bug #1240666 +++

Description of problem:
openstack_neutron does not obscure passwords, secrets etc.

# grep ^rabbit_password etc/neutron/neutron.conf 
rabbit_password = d873fe7e27346b7191887fd890504787b618f227

Version-Release number of selected component (if applicable):
sos-3.2-15.el7_1.1.noarch

How reproducible:
Always

Steps to Reproduce:
1. # sosreport -o openstack_neutron

Actual results:
/etc/neutron config files collected with passwords and secrects still present.

Expected results:
/etc/neutron config files collected with passwords and secrects obscured.

Additional info:
Comment 5 Ofer Blaut 2015-07-19 11:26:31 UTC 
[root@overcloud-controller-2 neutron]# cat neutron.conf | grep pas
# api_paste_config = api-paste.ini
# used unless passed explicitly to subnet create.  If no pool is used, then a
# CIDR must be passed to create a subnet and that subnet will not be allocated
# nova_admin_password =
# qpid_password=
# The RabbitMQ password. (string value)
# rabbit_password=guest
# If passed, use a fake RabbitMQ provider. (boolean value)
# password=
admin_password = *********
# connection = mysql://root:pass.0.1:3306/neutron
# Deprecated group/name - [amqp1]/ssl_key_password
# ssl_key_password =
# Deprecated group/name - [DEFAULT]/qpid_password
# qpid_password =
# The RabbitMQ password. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_password
# rabbit_password = guest
rabbit_password = *********
[root@overcloud-controller-2 neutron]# rpm -qa | grep sos
sos-3.2-16.el7ost.2.noarch
Comment 7 errata-xmlrpc 2015-08-05 13:29:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2015:1548
Note You need to log in before you can comment on or make changes to this bug.