kolla

keystone_bootstrap.sh when ran outputs passwords

Bug #1775468 reported by Joshua Harlow on 2018-06-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	kolla	Fix Released	Undecided	Unassigned

Bug Description

The script has at the top of it:

set -x

This is bad, because this script has variables with passwords and echoing the password is bad.

Also the script calls other shell commands, also with passwords, so showing those is bad. mmk

Tags:

Revision history for this message

Joshua Harlow (harlowja) wrote on 2018-06-06:

Tweaked in https://review.openstack.org/#/c/571039

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-06-07: Fix proposed to kolla (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/573120

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-06-07: Fix proposed to kolla (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/573121

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-06-07: Fix merged to kolla (stable/pike)

Reviewed: https://review.openstack.org/573120
Committed: https://git.openstack.org/cgit/openstack/kolla/commit/?id=71864aaf19e3c0efa747b8372cd97dd3930f83e0
Submitter: Zuul
Branch: stable/pike

commit 71864aaf19e3c0efa747b8372cd97dd3930f83e0
Author: Joshua Harlow <email address hidden>
Date: Tue May 29 15:56:38 2018 -0700

Stop showing passwords when bootstrap script is ran

    Currently this causes bash to echo all lines parsed
    and executed; which makes it not so nicely output the
    bootstrapping password.

This is not something we should encourage and have show
up in peoples logs or other so stop doing that.

    Change-Id: Iac963a5df393d0359b4c8f93b8756ca168f6f193
    Closes-Bug: #1775468
    (cherry picked from commit 3241012158b12ae578473ee6aa6c414d7443374c)

tags:

added: in-stable-pike

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-06-07: Fix merged to kolla (stable/queens)

Reviewed: https://review.openstack.org/573119
Committed: https://git.openstack.org/cgit/openstack/kolla/commit/?id=be58f4adc3bb6e97d28f18f3b0520fa7196606ab
Submitter: Zuul
Branch: stable/queens

commit be58f4adc3bb6e97d28f18f3b0520fa7196606ab
Author: Joshua Harlow <email address hidden>
Date: Tue May 29 15:56:38 2018 -0700

Stop showing passwords when bootstrap script is ran

    Currently this causes bash to echo all lines parsed
    and executed; which makes it not so nicely output the
    bootstrapping password.

This is not something we should encourage and have show
up in peoples logs or other so stop doing that.

    Change-Id: Iac963a5df393d0359b4c8f93b8756ca168f6f193
    Closes-Bug: #1775468
    (cherry picked from commit 3241012158b12ae578473ee6aa6c414d7443374c)

tags:

added: in-stable-queens

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-06-07: Fix merged to kolla (stable/ocata)

Reviewed: https://review.openstack.org/573121
Committed: https://git.openstack.org/cgit/openstack/kolla/commit/?id=244e71a59aec283869882137b4f3696f055d1af0
Submitter: Zuul
Branch: stable/ocata

commit 244e71a59aec283869882137b4f3696f055d1af0
Author: Joshua Harlow <email address hidden>
Date: Tue May 29 15:56:38 2018 -0700

Stop showing passwords when bootstrap script is ran

    Currently this causes bash to echo all lines parsed
    and executed; which makes it not so nicely output the
    bootstrapping password.

This is not something we should encourage and have show
up in peoples logs or other so stop doing that.

    Change-Id: Iac963a5df393d0359b4c8f93b8756ca168f6f193
    Closes-Bug: #1775468
    (cherry picked from commit 3241012158b12ae578473ee6aa6c414d7443374c)