The user and password are exposed in the RSyslog Elasticsearch Output Module, and documented as uid, and pwd here: https://www.rsyslog.com/doc/v8-stable/configuration/modules/omelasticsearch.html#server and the user can set built-in user password, as documented here (step 2-6-4): https://www.elastic.co/blog/configuring-ssl-tls-and-https-to-secure-elasticsearch-kibana-beats-and-logstash We want to expose the uid and pwd parameters in our role, to allow basic auth on the elasticsearch server. The metrics side is documented in this bug. The rhel-system-roles will be documented in a separate bug: https://bugzilla.redhat.com/show_bug.cgi?id=1990490 *need to make sure we never log the password anywhere. *remove unnecessary variables from the secure_vars.yaml.example
Verified on ovirt-engine-4.5.0.1-601.f26e9ea8cac5.3.el8ev.noarch Sanity passed with username and password specified in metrics config file
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:4711