Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 2137679

Summary: Virtual BMC lose VNC password after updating virtual domain boot sequence
Product: Red Hat OpenStack Reporter: David Hill <dhill>
Component: python-virtualbmcAssignee: OSP Team <rhos-maint>
Status: CLOSED DUPLICATE QA Contact: mlammon
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 13.0 (Queens)CC: amctagga, bfournie, dtantsur, jkreger, ssigwald, ybuenos
Target Milestone: ---Flags: amctagga: needinfo+
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-11-18 20:53:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Hill 2022-10-25 20:16:07 UTC 
What problem/issue/behavior are you having trouble with?  What do you expect to see?
Virtual BMC is used to manage power and boot sequence of libvirt virtual domains by using IPMI commands.
Here is RH article on how to use VBMC for this purpose: https://access.redhat.com/solutions/4315581

When libvirt virtual domains are defined from XML with VNC password provided, the password is set properly in <graphics> block. But after OpenStack overcloud introspection is run, Ironic uses IPMI commands to switch virtual domains to boot from PXE and powers them on.

When you power on, off or check power status of virtual domains VirtualBMC translates it into libvirt commands to respectively power on/off or check power. But, when Ironic i.e. sets boot mode by running ipmitool with command "chassis bootdev pxe", VirtualBMC dumps XML domain definition, makes changes to block responsible for boot order ( <os> ) and applies changed XML to running domain. This is the moment VNC password disappears.

There is a line of code in vbmc.py that dumps XML domain definition in "set_boot_device" class method:
                tree = ET.fromstring(domain.XMLDesc())

I believe domain.XMLDesc() lacks flag to dump XML with sensitive data, in this case VNC password.

What is the business impact? Please also provide timeframe information.
Client declares security issue in its production environment because of passwordless VNC connection possible.

Where are you experiencing the behavior? What environment?
On all lab and prodauction environments.

When does the behavior occur? Frequency? Repeatedly? At certain times?
This behaviour occurs always.

Changing from:
tree = ET.fromstring(domain.XMLDesc())
to:
tree = ET.fromstring(domain.XMLDesc(VIR_DOMAIN_XML_SECURE))
solves the issue.
Comment 3 Sage McTaggart 2022-11-11 16:02:20 UTC 
*** Bug 2138198 has been marked as a duplicate of this bug. ***
Comment 5 Lon Hohberger 2022-11-18 20:53:41 UTC 

*** This bug has been marked as a duplicate of bug 2142982 ***