Description of problem: Suggest that the generating he setup answer file by cockpit don't contain HE password. Version-Release number of selected component (if applicable): cockpit-ws-157-1.el7.x86_64 cockpit-dashboard-157-1.el7.x86_64 cockpit-bridge-157-1.el7.x86_64 cockpit-157-1.el7.x86_64 cockpit-storaged-157-1.el7.noarch cockpit-system-157-1.el7.noarch cockpit-ovirt-dashboard-0.11.4-0.1.el7ev.noarch rhvh-4.2.1.1-0.20180115.0+1 ovirt-hosted-engine-setup-2.2.5-1.el7ev.noarch ovirt-hosted-engine-ha-2.2.3-1.el7ev.noarch rhvm-appliance-4.2-20171219.0.el7.noarch How reproducible: 100% Steps to Reproduce: 1. Clean install rhvh-4.2.1.1-0.20180115.0+1 with ks 2. Deploy HE via cockpit 3. Check the he answer file (/tmp/he-setup-answerfile.conf) Actual results: #cat /tmp/he-setup-answerfile.conf [environment:default] """ OVEHOSTED_VM/cloudinitRootPwd=str:redhat """ Expected results: There is no clear text HE password in the he answer file. Additional info:
The answer file should be protected. Simplest is probably creating it using the equivalent of 'mktemp'. Other than that, I do not think it's worth investing in making passwords in it (strongly) encrypted. Note that if we do want that, it will require changes also in hosted-engine-setup, perhaps also in the engine. We have cleartext passwords (and other secrets) elsewhere. Having an option to get rid of all of these was discussed in the past and postponed.
Also, IIRC we noticed that it's not removed in the end. It should be, also on failure.
Tested cockpit-ovirt-0.11.14-0.1 on RHEL7.4. I noticed that change the answer file from prevoius /tmp/he-setup-answerfile.conf to /var/lib/ovirt-hosted-engine-setup/cockpit/heAnswerFile*.conf . Also exist the clear password, so what about your idea here or this is the design. [environment:default] OVEHOSTED_CORE/rollbackProceed=none:None OVEHOSTED_CORE/screenProceed=none:None OVEHOSTED_CORE/deployProceed=bool:true OVEHOSTED_CORE/upgradeProceed=none:None OVEHOSTED_CORE/confirmSettings=bool:true OVEHOSTED_STORAGE/domainType=str:nfs3 OVEHOSTED_STORAGE/imgSizeGB=str:58 OVEHOSTED_STORAGE/storageDomain=str:hosted_storage OVEHOSTED_STORAGE/storageDomainConnection=str:10.66.148.11:/home/yzhao/nfs2 OVEHOSTED_STORAGE/mntOptions=none:None OVEHOSTED_NETWORK/bridgeIf=str:ovirtmgmt OVEHOSTED_NETWORK/bridgeName=str:ovirtmgmt OVEHOSTED_NETWORK/firewallManager=str:iptables OVEHOSTED_NETWORK/gateway=str:10.73.75.254 OVEHOSTED_NETWORK/fqdn=str:rhevh-hostedengine-vm-04.lab.eng.pek2.redhat.com OVEHOSTED_VM/bootDevice=str:disk OVEHOSTED_VM/vmVCpus=str:4 OVEHOSTED_VM/vmMACAddr=str:52:54:00:5e:8e:c7 OVEHOSTED_VM/vmMemSizeMB=int:16384 OVEHOSTED_VM/cloudinitVMStaticCIDR=none:None OVEHOSTED_VM/cloudinitVMDNS=str: OVEHOSTED_VM/cloudinitVMTZ=str:Asia/Shanghai OVEHOSTED_VM/cloudInitISO=str:generate OVEHOSTED_VM/cloudinitInstanceHostName=str:rhevh-hostedengine-vm-04 OVEHOSTED_VM/cloudinitInstanceDomainName=str:lab.eng.pek2.redhat.com OVEHOSTED_VM/cloudinitExecuteEngineSetup=bool:true OVEHOSTED_VM/automateVMShutdown=bool:true OVEHOSTED_VM/cloudinitRootPwd=str:redhat OVEHOSTED_VM/rootSshPubkey=none:None OVEHOSTED_VM/rootSshAccess=str:yes OVEHOSTED_VM/cloudinitVMETCHOSTS=bool:true OVEHOSTED_ENGINE/hostIdentifier=str:hosted_engine_1 OVEHOSTED_ENGINE/adminUsername=str:admin@internal OVEHOSTED_ENGINE/adminPassword=str:redhat OVEHOSTED_VDSM/consoleType=str:vnc OVEHOSTED_VDSM/cpu=str:model_Opteron_G5 OVEHOSTED_NOTIF/smtpServer=str:localhost OVEHOSTED_NOTIF/smtpPort=str:25 OVEHOSTED_NOTIF/sourceEmail=str:root@localhost OVEHOSTED_NOTIF/destEmail=str:root@localhost
This appears to be the design, as per comment#1
According to the Comment 3 and Comment 4, change this bug's status to verified.
This bugzilla is included in oVirt 4.2.2 release, published on March 28th 2018. Since the problem described in this bug report should be resolved in oVirt 4.2.2 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report.