2227141 – RFE: Prevent message content being logged at any level

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2227141 - RFE: Prevent message content being logged at any level

Summary: RFE: Prevent message content being logged at any level

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	rhc
Sub Component:
Version:	8.9
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	CSI Client Tools Bugs
QA Contact:	CSI Client Tools Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:	2227010
Blocks:	2227142
TreeView+	depends on / blocked

Reported:	2023-07-28 07:26 UTC by Rehana
Modified:	2023-11-14 17:09 UTC (History)
CC List:	6 users (show)
Fixed In Version:	rhc-0.2.4-1.el8
Doc Type:	Enhancement
Doc Text:
Clone Of:	2227010
Clones:	2227142 (view as bug list)
Environment:
Last Closed:	2023-11-14 15:36:50 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-163732	0	None	None	None	2023-07-28 07:27:50 UTC
Red Hat Product Errata	RHSA-2023:7058	0	None	None	None	2023-11-14 15:37:21 UTC

Comment 2 qianzhan 2023-08-15 08:09:42 UTC

Pre-verification:

1. Provision RHEL-8.9.0-20230814.47-BaseOS-x86_64 in Beaker.

2. Update rhc version:

# dnf install -y rhc-worker-playbook
# dnf update -y --repoid=copr:copr.devel.redhat.com:ahitacat:rhc
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Copr repo for rhc owned by ahitacat                                                                                                44 kB/s | 2.5 kB     00:00    

Dependencies resolved.

==================================================================================================================================================================

 Package                Architecture              Version                                        Repository                                                  Size

==================================================================================================================================================================

Upgrading:

 rhc                    x86_64                    1:0.2.4-0.3.git.4dc7e38.el8                    copr:copr.devel.redhat.com:ahitacat:rhc                    9.8 M

 

Transaction Summary

==================================================================================================================================================================

Upgrade  1 Package
Total download size: 9.8 M
Downloading Packages:

rhc-0.2.4-0.3.git.4dc7e38.el8.x86_64.rpm                                                                                           59 MB/s | 9.8 MB     00:00    

------------------------------------------------------------------------------------------------------------------------------------------------------------------

Total                                                                                                                              59 MB/s | 9.8 MB     00:00     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                          1/1 
  Running scriptlet: rhc-1:0.2.4-0.3.git.4dc7e38.el8.x86_64                                                                                                   1/1 
  Upgrading        : rhc-1:0.2.4-0.3.git.4dc7e38.el8.x86_64                                                                                                   1/2 
  Cleanup          : rhc-1:0.2.2-1.el8.x86_64                                                                                                                 2/2 
  Running scriptlet: rhc-1:0.2.2-1.el8.x86_64                                                                                                                 2/2 
  Verifying        : rhc-1:0.2.4-0.3.git.4dc7e38.el8.x86_64                                                                                                   1/2 
  Verifying        : rhc-1:0.2.2-1.el8.x86_64                                                                                                                 2/2 
Installed products updated.
Upgraded:

  rhc-1:0.2.4-0.3.git.4dc7e38.el8.x86_64                                                                                                                          

Complete!

 

[root@kvm-01-guest04 ~]# rpm -qa | grep rhc

rhc-worker-playbook-0.1.8-5.el8.x86_64
rhc-0.2.4-0.3.git.4dc7e38.el8.x86_64


3. Configure and test against Stage:
[root@kvm-01-guest04 ~]# subscription-manager config --server.hostname=subscription.rhsm.stage.redhat.com

 

[root@kvm-01-guest04 ~]# cat /etc/insights-client/insights-client.conf | grep base_url

base_url=cert.console.stage.redhat.com

 

[root@kvm-01-guest04 ~]# cat /etc/rhc/config.toml

# yggdrasil global configuration settings

broker = ["wss://connect.cloud.stage.redhat.com:443"]
data-host = "cert.cloud.stage.redhat.com"
cert-file = "/etc/pki/consumer/cert.pem"
key-file = "/etc/pki/consumer/key.pem"
log-level = "trace"


[root@kvm-01-guest04 ~]# systemctl cat rhcd

# /usr/lib/systemd/system/rhcd.service

[Unit]
Description=rhc daemon
Documentation=https://github.com/redhatinsights/yggdrasil
After=network-online.target
Requires=network-online.target

[Service]
Type=simple
ExecStart=/usr/sbin/rhcd

[Install]
WantedBy=multi-user.target

# /etc/systemd/system/rhcd.service.d/override.conf

[Service]
Environment=SYSTEMD_LOG_LEVEL=trace

 
[root@kvm-01-guest04 ~]# rhc connect
Connecting kvm-01-guest04.lab.eng.rdu2.redhat.com to Red Hat.
This might take a few seconds.

Username: insights-qa
Password: 

● Connected to Red Hat Subscription Management
● Connected to Red Hat Insights
● Activated the rhc daemon
● Enabled console.redhat.com services: remote configuration, remediations, insights, compliance

Successfully connected to Red Hat!

Manage your connected systems: https://red.ht/connector
STEP      DURATION  
rhc       161ms     
rhsm      11.13s    
insights  34.123s   

4. Check the rhcd log:
[root@kvm-01-guest04 ~]# journalctl -u rhcd | grep 'received message'

Aug 15 03:59:20 kvm-01-guest04.lab.eng.rdu2.redhat.com rhcd[21729]: [rhcd] 2023/08/15 03:59:20 /builddir/build/BUILD/rhc/yggdrasil-0.2.2/cmd/yggd/grpc.go:107: received message 5c7caf9a-5509-4c3c-a219-8c848e41d06a



As per step 4, rhcd received message with message ID, and message content is not shown. Set this bug verified:tested.

Comment 5 qianzhan 2023-08-22 02:49:52 UTC

Verification:

1. Provision RHEL-8.9.0-20230821.d.56 in Beaker:

[root@ibm-x3650m4-01-vm-11 ~]# rpm -qa | grep rhc
rhc-0.2.4-1.el8.x86_64

[root@ibm-x3650m4-01-vm-11 ~]# dnf install -y rhc-worker-playbook

 
2. Configure for stage connection:

[root@ibm-x3650m4-01-vm-11 ~]# subscription-manager config --server.hostname=subscription.rhsm.stage.redhat.com

[root@ibm-x3650m4-01-vm-11 ~]# cat /etc/insights-client/insights-client.conf | grep base_url
base_url=cert.console.stage.redhat.com

 
[root@ibm-x3650m4-01-vm-11 ~]# cat /etc/rhc/config.toml
# rhc global configuration settings

broker = ["wss://connect.cloud.stage.redhat.com:443"]
data-host = "cert.cloud.stage.redhat.com"
cert-file = "/etc/pki/consumer/cert.pem"
key-file = "/etc/pki/consumer/key.pem"
log-level = "trace"

 

[root@ibm-x3650m4-01-vm-11 ~]# systemctl cat rhcd

# /usr/lib/systemd/system/rhcd.service

[Unit]
Description=Remote Host Configuration daemon
Documentation=https://github.com/redhatinsights/yggdrasil
After=network-online.target
Requires=network-online.target

[Service]
Type=simple
ExecStart=/usr/sbin/rhcd

[Install]
WantedBy=multi-user.target

# /etc/systemd/system/rhcd.service.d/override.conf

[Service]
Environment=SYSTEMD_LOG_LEVEL=trace

3. Connect by rhc:

[root@ibm-x3650m4-01-vm-11 ~]# rhc connect
Connecting ibm-x3650m4-01-vm-11.ibm2.lab.eng.bos.redhat.com to Red Hat.
This might take a few seconds.

Username: insights-qa
Password: 
● Connected to Red Hat Subscription Management
● Connected to Red Hat Insights
● Activated the Remote Host Configuration daemon
● Enabled console.redhat.com services: compliance, remote configuration, insights, remediations

Successfully connected to Red Hat!

Manage your connected systems: https://red.ht/connector

STEP                       DURATION  
Remote Host Configuration  20ms      
rhsm                       13.81s    
insights                   44.529s   

 
4. Check the rhcd log:

[root@ibm-x3650m4-01-vm-11 ~]# journalctl -u rhcd | grep 'received message'

Aug 21 22:37:18 ibm-x3650m4-01-vm-11.ibm2.lab.eng.bos.redhat.com rhcd[21049]: [rhcd] 2023/08/21 22:37:18 /builddir/build/BUILD/rhc/yggdrasil-0.2.2/cmd/yggd/grpc.go:107: received message 439c3b7a-5177-451f-88e9-631497b481f3

Aug 21 22:37:58 ibm-x3650m4-01-vm-11.ibm2.lab.eng.bos.redhat.com rhcd[21049]: [rhcd] 2023/08/21 22:37:58 /builddir/build/BUILD/rhc/yggdrasil-0.2.2/cmd/yggd/grpc.go:107: received message b1ee3ac1-85ce-4488-84ab-fa1df0965190

Aug 21 22:38:06 ibm-x3650m4-01-vm-11.ibm2.lab.eng.bos.redhat.com rhcd[21049]: [rhcd] 2023/08/21 22:38:06 /builddir/build/BUILD/rhc/yggdrasil-0.2.2/cmd/yggd/grpc.go:107: received message 95e14cdf-4666-40d1-b55d-a514f2866476


As per step 4, rhcd received message with message ID, and message content is not shown. Move this bug from ON_QA to VERIFIED.

Comment 7 errata-xmlrpc 2023-11-14 15:36:50 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: rhc security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:7058

Note You need to log in before you can comment on or make changes to this bug.