StarlingX

Include public certificates in collect tarball to assist with issue investigation

Bug #2029302 reported by Michel Thebeau [WIND] on 2023-08-01

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	Low	Michel Thebeau [WIND]

Bug Description

Brief Description
-----------------
The collect bundle omits certificate information needed for issue resolution

Severity
--------
Provide the severity of the defect.
Minor

Steps to Reproduce
------------------
run 'collect', and examine the result tarball

Expected Behavior
------------------
Certificates relevant for an issue can be found in collect bundle

Actual Behavior
----------------
Some certificates are present in bundle, but others are omitted.

Reproducibility
---------------
100%

System Configuration
--------------------
Any/All

Branch/Pull Time/Commit
-----------------------
master branch

Last Pass
---------
N/A

Timestamp/Logs
--------------
N/A

Test Activity
-------------
Other - defect resolution

Workaround
----------
Direct access to the cluster

See original description

Tags:

Revision history for this message

Michel Thebeau [WIND] (mthebeau) wrote on 2023-08-01:

WIP review:

https://review.opendev.org/c/starlingx/utilities/+/890247

Ghada Khalil (gkhalil) on 2023-08-02

information type:

Private Security → Public Security

Michel Thebeau [WIND] (mthebeau) on 2023-08-03

description:

updated

OpenStack Infra (hudson-openstack) on 2023-08-10

Changed in starlingx:
status:	New → In Progress

Michel Thebeau [WIND] (mthebeau) on 2023-08-10

Changed in starlingx:
assignee:	nobody → Michel Thebeau [WIND] (mthebeau)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-08-14: Fix merged to utilities (master)

Reviewed: https://review.opendev.org/c/starlingx/utilities/+/890247
Committed: https://opendev.org/starlingx/utilities/commit/50c17f8e570d69fe4b770e42d027b5106a3c5d7e
Submitter: "Zuul (22348)"
Branch: master

commit 50c17f8e570d69fe4b770e42d027b5106a3c5d7e
Author: Michel Thebeau <email address hidden>
Date: Thu Jul 27 20:29:29 2023 +0000

collector: add collect of certificates

Add explicit collect of certificates files for the platform.

    Delete all crt, pem and key files in collect before including those
    files explicitly listed in certs.include file. Use openssl command to
    omit all but certificate information from the files.

    Test Plan:
    PASS AIO-SX, AIO-DX+, DC with AIO-SX subcloud
    PASS options --skip-mask, --omit-certs, --subcloud
    PASS bashate
    PASS unit test for collect_certificates
    PASS collect output contains no crt, pem and key files except those
          listed in certs.include
    PASS If a file listed in certs.include does not exist on the filesystem
          then the absence is ignored - it is ok for a specified file not to
          exist.
    PASS file with key omits key - only certs are copied
    PASS manual verify of file paths (including those on DC subcloud)

Closes-Bug: 2029302

Change-Id: I9fafe5fde39a1a7de9a887424f274986b13e053a
Signed-off-by: Michel Thebeau <email address hidden>

Changed in starlingx:
status:	In Progress → Fix Released

Ghada Khalil (gkhalil) on 2023-08-14

Changed in starlingx:
importance:	Undecided → Low
tags:	added: stx.9.0 stx.security stx.tools

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.