[Bug 2085607] Re: [sru] Obfuscation issues in sosreport sos 4.7.2

Arif Ali 2085607 at bugs.launchpad.net
Fri Nov 29 23:13:56 UTC 2024 

sunbeam is only supported on jammy at the moment, so only running the
verification there.

ubuntu at jammy-sunbeam:~$ sudo sos report -o sunbeam,sunbeam_hypervisor --batch --build
<snip>
 Setting up archive ...
 Setting up plugins ...
 Running plugins. Please wait ...

  Starting 1/2   sunbeam         [Running: sunbeam]
  Starting 2/2   sunbeam_hypervisor [Running: sunbeam sunbeam_hypervisor]
  Finishing plugins              [Running: sunbeam]

  Finished running plugins

Your sosreport build tree has been generated in:
	/tmp/sosreport-jammy-sunbeam-2024-11-29-scwnnbk


root at jammy-sunbeam:~# grep "password " /tmp/sosreport-jammy-sunbeam-2024-11-29-scwnnbk/var/snap/openstack-hypervisor/common/etc/ceilometer/ceilometer.conf 
password = Dyvwl2NQfQXQ
password = Dyvwl2NQfQXQ


# Now enable proposed

root at jammy-sunbeam:~# sos report -o sunbeam,sunbeam_hypervisor --batch --build
<snip>
 Setting up archive ...
 Setting up plugins ...
 Running plugins. Please wait ...

  Starting 1/2   sunbeam         [Running: sunbeam]
  Starting 2/2   sunbeam_hypervisor [Running: sunbeam sunbeam_hypervisor]
  Finishing plugins              [Running: sunbeam]

  Finished running plugins

Your sosreport build tree has been generated in:
	/tmp/sosreport-jammy-sunbeam-2024-11-29-fcijfeu

root at jammy-sunbeam:~# grep "password " /tmp/sosreport-jammy-sunbeam-2024-11-29-fcijfeu/var/snap/openstack-hypervisor/common/etc/ceilometer/ceilometer.conf 
password = *********
password = *********

** Tags removed: verification-needed verification-needed-focal verification-needed-jammy verification-needed-noble verification-needed-oracular
** Tags added: verification-done verification-done-focal verification-done-jammy verification-done-noble verification-done-oracular

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2085607

Title:
  [sru] Obfuscation issues in sosreport sos 4.7.2

Status in sosreport source package in Focal:
  Fix Committed
Status in sosreport source package in Jammy:
  Fix Committed
Status in sosreport source package in Noble:
  Fix Committed
Status in sosreport source package in Oracular:
  Fix Committed

Bug description:
  [ Impact ]

  When doing SRU for sos 4.7.2 we encountered obfuscation issues,
  although not a regression at the time, it was still an issue that had
  been present for a while

  So, these passwords would be fully visible to the end support
  personnel and therefore leaked passwords.

  [ Test Plan ]

  1. Deploy a sunbeam simple cloud, and run the sos report, check to see if passwords are obfuscated in configuration file
  2. Deploy heat, and ensure auth_encryption_key is obfuscated in configuration file
  3. Deploy placement, and ensure that both NOVA_API_PASS and PLACEMENT_PASS are obfuscated in configuration file
  4. Deploy mysql and ensure password field is obfuscated in configuration file

  [ Where problems could occur ]

  The corresponding files are not obfuscated, and we need to update the
  patches

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/focal/+source/sosreport/+bug/2085607/+subscriptions

More information about the Ubuntu-sponsors mailing list