Description of problem: ------------------------ root passphrase is saved under /etc/. once the clevis-luks-bind is completed successfully with tang server, this passphrase is no longer required and can be cleaned up. Version-Release number of selected component (if applicable): ------------------------------------------------------------- gluster-ansible-infra-1.0.4-5.el8rhgs.noarch.rpm How reproducible: ----------------- Always Steps to Reproduce: ------------------- 1. Run the ansible playbook that completes NBDE Actual results: --------------- root filesystem disk's passphrase in a key file is available post successful clevis-luks-bind to tang server Expected results: ------------------ Post successful clevis-luks-bind to tang server, the root filesytem disk's passphrase key file can be deleted
Tested with gluster-ansible-infra-1.0.4-6 After NBDE setup is completed with ansible playbook, the passphrase stored in /etc/sdx_key as well as the root disk key /etc/root_key is removed
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2020:2575