© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
When getting node details, in most drivers the password/keys are masked to prevent them being displayed to the console and appearing in logs
When using the ssh power driver this isn't the case, on a development environment where virtual nodes are being used, the ssh private keys are logged in various places at various debug levels and when running "ironic node-show <uuid>" e.g.
$ ironic --debug node-show baremetal-0 2> /tmp/t
+------
| Property | Value |
+------
| chassis_uuid | |
| clean_step | {} |
| console_enabled | False |
| created_at | 2016-11-
| driver | pxe_ssh |
| driver_info | {u'ssh_username': u'root', u'deploy_kernel': |
| | u'b6e8a5e6-
| | u'2b280e67-
| | BEGIN RSA PRIVATE KEY----- |
| | .......
| | .......
| | .......
| | ..........Removed for bug report............. |
| | .......
| | .......
| | .......
| | -----END RSA PRIVATE KEY-----', u'ssh_virt_type': |
| | u'virsh', u'ssh_address': u'192.168.XX.XX'} |
| driver_
| extra | {} |
| inspection_
| inspection_
| instance_info | {} |
| instance_uuid | None |
| last_error | None |
| maintenance | False |
| maintenance_reason | None |
| name | baremetal-0 |
| network_interface | |
| power_state | power off |
| properties | {u'memory_mb': u'6144', u'cpu_arch': u'x86_64', u'local_gb': u'41', |
| | u'cpus': u'1', u'capabilities': u'boot_
| provision_state | available |
| provision_
| raid_config | |
| reservation | None |
| resource_class | |
| target_power_state | None |
| target_
| target_raid_config | |
| updated_at | 2016-11-
| uuid | 9a7b89d5-
+------
Flagging this as a security vulnerability as a precaution, but I'd imagine it doesn't need to be kept private as it would only effect development environments and its already reported publicly here
https:/