Project

General

Profile

Actions

action #110227

closed

coordination #105624: [saga][epic] Reconsider how openQA handles secrets

Stop showing ipmi passwords in autoinst.txt from a ipmi backend job in O3

Added by Julie_CAO over 2 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Low
Assignee:
-
Category:
Feature requests
Target version:
Start date:
2022-04-24
Due date:
% Done:

100%

Estimated time:

Description

Current situation

In the case of a job failing with ipmi connection, the ipmitool command is outputed in autoinst.txt. It is helpful for debug, but for security reasons in O3, we request to stop disclosing the ipmi password in any log as the logs are open to public.

fg.

[2022-04-24T15:40:32.162147+08:00] [debug] IPMI: Selftest: passed
[2022-04-24T15:40:44.339280+08:00] [debug] IPMI: Chassis Power is on
[2022-04-24T15:40:48.399101+08:00] [debug] IPMI: Chassis Power Control: Down/Off
[2022-04-24T15:41:05.546723+08:00] [info] ::: backend::baseclass::die_handler: Backend process died, backend errors are reported below in the following lines:
  **ipmitool -I lanplus -H 10.67.135.1 -U <user> -P <password_need_to_be_secret_here> chassis power status**: Error: Unable to establish IPMI v2 / RMCP+ session at /usr/lib/os-autoinst/backend/ipmi.pm line 45, <$fh> line 6.
[2022-04-24T15:41:09.604149+08:00] [debug] IPMI: Chassis Power Control: Down/Off

Related issues 1 (0 open1 closed)

Related to openQA Infrastructure (public) - action #105594: Two new machines for OSD and o3, meant for bare-metal virtualization size:MResolvednicksinger2022-06-16

Actions
Actions

Also available in: Atom PDF