Project

General

Profile

action #110227

coordination #105624: [saga][epic] Reconsider how openQA handles secrets

Stop showing ipmi passwords in autoinst.txt from a ipmi backend job in O3

Added by Julie_CAO 2 months ago. Updated 2 months ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
Feature requests
Target version:
Start date:
2022-04-24
Due date:
% Done:

0%

Estimated time:
Difficulty:

Description

Current situation

In the case of a job failing with ipmi connection, the ipmitool command is outputed in autoinst.txt. It is helpful for debug, but for security reasons in O3, we request to stop disclosing the ipmi password in any log as the logs are open to public.

fg.

[2022-04-24T15:40:32.162147+08:00] [debug] IPMI: Selftest: passed
[2022-04-24T15:40:44.339280+08:00] [debug] IPMI: Chassis Power is on
[2022-04-24T15:40:48.399101+08:00] [debug] IPMI: Chassis Power Control: Down/Off
[2022-04-24T15:41:05.546723+08:00] [info] ::: backend::baseclass::die_handler: Backend process died, backend errors are reported below in the following lines:
  **ipmitool -I lanplus -H 10.67.135.1 -U <user> -P <password_need_to_be_secret_here> chassis power status**: Error: Unable to establish IPMI v2 / RMCP+ session at /usr/lib/os-autoinst/backend/ipmi.pm line 45, <$fh> line 6.
[2022-04-24T15:41:09.604149+08:00] [debug] IPMI: Chassis Power Control: Down/Off

Related issues

Related to openQA Infrastructure - action #105594: Two new machines for OSD and o3, meant for bare-metal virtualization size:MWorkable2022-06-16

History

#1 Updated by Julie_CAO 2 months ago

  • Related to action #105594: Two new machines for OSD and o3, meant for bare-metal virtualization size:M added

#2 Updated by okurz 2 months ago

  • Tags set to reactive work
  • Priority changed from Normal to Low
  • Target version set to Ready

#3 Updated by okurz 2 months ago

  • Tags deleted (reactive work)
  • Target version changed from Ready to future
  • Parent task set to #105405

Also available in: Atom PDF