Bug 1240667 – openstack_neutron does not obscure passwords, secrets etc.

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1240667 - openstack_neutron does not obscure passwords, secrets etc.

Summary:	openstack_neutron does not obscure passwords, secrets etc.

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	sos (Show other bugs)
Sub Component:
Version:	7.0 (Kilo)
Hardware:	x86_64 Linux

Priority	high Severity high
Target Milestone:	ga
Target Release:	7.0 (Kilo)
Assigned To:	Lee Yarwood
QA Contact:	Ofer Blaut
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:	1240666
Blocks:
	Show dependency tree / graph

Reported:	2015-07-07 09:06 EDT by Lee Yarwood
Modified:	2018-02-08 05:44 EST (History)
CC List:	14 users (show)

See Also:
Fixed In Version:	sos-3.2-16.el7ost.2
Doc Type:	Bug Fix
Doc Text:	Previously, various OpenStack plug-ins for the sosreport utility were incorrectly collecting passwords in plain text. As a consequence, the compressed file created after using sosreport could contain human-readable passwords. This update adds obfuscation of all passwords to sosreport OpenStack plug-ins, and the affected passwords in the sosreport tarball are no longer human-readable.
Story Points:	---
Clone Of:	1240666
Environment:
Last Closed:	2015-08-05 09:29:00 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2015:1548	normal	SHIPPED_LIVE	Red Hat Enterprise Linux OpenStack Platform Enhancement Advisory	2015-08-05 13:07:06 EDT

Groups: None (edit)

Description Lee Yarwood 2015-07-07 09:06:37 EDT

+++ This bug was initially created as a clone of Bug #1240666 +++

Description of problem:
openstack_neutron does not obscure passwords, secrets etc.

# grep ^rabbit_password etc/neutron/neutron.conf 
rabbit_password = d873fe7e27346b7191887fd890504787b618f227

Version-Release number of selected component (if applicable):
sos-3.2-15.el7_1.1.noarch

How reproducible:
Always

Steps to Reproduce:
1. # sosreport -o openstack_neutron

Actual results:
/etc/neutron config files collected with passwords and secrects still present.

Expected results:
/etc/neutron config files collected with passwords and secrects obscured.

Additional info:

Comment 5 Ofer Blaut 2015-07-19 07:26:31 EDT

[root@overcloud-controller-2 neutron]# cat neutron.conf | grep pas
# api_paste_config = api-paste.ini
# used unless passed explicitly to subnet create.  If no pool is used, then a
# CIDR must be passed to create a subnet and that subnet will not be allocated
# nova_admin_password =
# qpid_password=
# The RabbitMQ password. (string value)
# rabbit_password=guest
# If passed, use a fake RabbitMQ provider. (boolean value)
# password=
admin_password = *********
# connection = mysql://root:pass@127.0.0.1:3306/neutron
# Deprecated group/name - [amqp1]/ssl_key_password
# ssl_key_password =
# Deprecated group/name - [DEFAULT]/qpid_password
# qpid_password =
# The RabbitMQ password. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_password
# rabbit_password = guest
rabbit_password = *********
[root@overcloud-controller-2 neutron]# rpm -qa | grep sos
sos-3.2-16.el7ost.2.noarch

Comment 7 errata-xmlrpc 2015-08-05 09:29:00 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2015:1548

Note You need to log in before you can comment on or make changes to this bug.