1812322 – root disk passphrase can be deleted post successful clevis-luks-bind

Bug 1812322 - root disk passphrase can be deleted post successful clevis-luks-bind

Summary: root disk passphrase can be deleted post successful clevis-luks-bind

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Gluster Storage
Classification:	Red Hat Storage
Component:	gluster-ansible
Sub Component:
Version:	rhgs-3.5
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	RHGS 3.5.z Batch Update 2
Assignee:	Gobinda Das
QA Contact:	SATHEESARAN
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1812321
TreeView+	depends on / blocked

Reported:	2020-03-11 01:49 UTC by SATHEESARAN
Modified:	2020-06-16 05:57 UTC (History)
CC List:	5 users (show)
Fixed In Version:	gluster-ansible-infra-1.0.4-6.el8rhgs
Doc Type:	No Doc Update
Doc Text:
Clone Of:	1812321
Environment:	rhhiv, rhel8
Last Closed:	2020-06-16 05:57:30 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	gluster gluster-ansible-infra pull 82	None	closed	NBDE and blacklist issue fixes	2020-06-03 05:30:06 UTC
Github	gluster gluster-ansible pull 97	None	closed	Validate if root device is encrypted prior to actual configuration	2020-06-03 05:30:06 UTC
Red Hat Product Errata	RHEA-2020:2575	None	None	None	2020-06-16 05:57:47 UTC

Description SATHEESARAN 2020-03-11 01:49:51 UTC

Description of problem:
------------------------
root passphrase is saved under /etc/. once the clevis-luks-bind is completed successfully with tang server, this passphrase is no longer required and can be cleaned up.

Version-Release number of selected component (if applicable):
-------------------------------------------------------------
gluster-ansible-infra-1.0.4-5.el8rhgs.noarch.rpm 

How reproducible:
-----------------
Always

Steps to Reproduce:
-------------------
1. Run the ansible playbook that completes NBDE

Actual results:
---------------
root filesystem disk's passphrase in a key file is available post successful clevis-luks-bind to tang server

Expected results:
------------------
Post successful clevis-luks-bind to tang server, the root filesytem disk's passphrase key file can be deleted

Comment 2 SATHEESARAN 2020-03-21 10:04:16 UTC

Tested with gluster-ansible-infra-1.0.4-6

After NBDE setup is completed with ansible playbook, the passphrase stored in /etc/sdx_key as well as the root disk key /etc/root_key is removed

Comment 6 errata-xmlrpc 2020-06-16 05:57:30 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:2575

Note You need to log in before you can comment on or make changes to this bug.