tripleo

plain password logged in rhel-registration actions

Bug #1931132 reported by Alex Schultz
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
In Progress
High
Unassigned

Bug Description

This only affects Queens as we've moved to the ansible role in later releases.

Description of problem:

Plain password from RHSM in the logs during OSP13 deployment with subscription-manager

overcloud_install.log contains

2021-05-17 23:18:58Z [overcloud]: CREATE_FAILED Resource CREATE failed: resources.Compute: Resource CREATE failed: Error: resources[0].resources.NodeExtraConfig.resources.RHELRegistrationDep
loyment: Deployment to server failed: deploy_status_code: Deployment exited with non-zero status code: 1

 Stack overcloud CREATE_FAILED

overcloud.Compute.0.NodeExtraConfig.RHELRegistrationDeployment:
  resource_type: OS::Heat::SoftwareDeployment
  physical_resource_id: 72647a1c-3969-4145-8010-c8c62d50bf55
  status: CREATE_FAILED
  status_reason: |
    Error: resources.RHELRegistrationDeployment: Deployment to server failed: deploy_status_code : Deployment exited with non-zero status code: 1
  deploy_stdout: |
    ...
    WARN: Failed to connect when running 'subscription-manager register --baseurl=https://cdn.redhat.com --force --serverurl=subscription.rhsm.stage.redhat.com --password PASSWORD --username USER', retrying (attempt #7 )...
    INFO: Sleeping 2.0 ...
    INFO: Executing 'subscription-manager register --baseurl=https://cdn.redhat.com --force --serverurl=subscription.rhsm.stage.redhat.com --password PASSWORD --username USER' ... Registering to: subscription.rhsm.stage.redhat.com:443/subscription
    WARN: Failed to connect when running 'subscription-manager register --baseurl=https://cdn.redhat.com --force --serverurl=subscription.rhsm.stage.redhat.com --password PASSWORD --username USER', retrying (attempt #8 )...
    INFO: Sleeping 2.0 ...
    INFO: Executing 'subscription-manager register --baseurl=https://cdn.redhat.com --force --serverurl=subscription.rhsm.stage.redhat.com --password PASSWORD --username USER ...
    Registering to: subscription.rhsm.stage.redhat.com:443/subscription
    WARN: Failed to connect when running 'subscription-manager register --baseurl=https://cdn.redhat.com --force --serverurl=subscription.rhsm.stage.redhat.com --password PASSWORD --username USER', retrying (attempt #9 )...
    ERROR: Failed to connect after 10 attempts when running 'subscription-manager register --baseurl=https://cdn.redhat.com --force --serverurl=subscription.rhsm.stage.redhat.com --password PASSWORD --username USER'
    (truncated, view all with --long)
  deploy_stderr: |
    HTTP error (401 - Unauthorized): Invalid username or password. To create a login, please visit https://www.redhat.com/wapps/ugc/register.html
    HTTP error (401 - Unauthorized): Invalid username or password. To create a login, please visit https://www.redhat.com/wapps/ugc/register.html
    HTTP error (401 - Unauthorized): Invalid username or password. To create a login, please visit https://www.redhat.com/wapps/ugc/register.html

CVE References

Revision history for this message
Summer Long (slong-g) wrote :

This issue has been assigned CVE-2021-3585.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on tripleo-heat-templates (stable/queens)

Change abandoned by "Sergii Golovatiuk <email address hidden>" on branch: stable/queens
Review: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/791988
Reason: Queens in EOL. Moving this patch downstream.

Sergii Golovatiuk (sgolovatiuk)
Changed in tripleo:
milestone: xena-1 → none
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.