Networking ML2 Generic Switch

NGS logs switch SSH credentials

Bug #1683839 reported by Mark Goddard
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Networking ML2 Generic Switch
Fix Released
High
Mark Goddard

Bug Description

Following a switch configuration failure, the NGS driver writes switch SSH credentials to the log, for example:

2017-04-18 14:33:14.370 22 ERROR neutron.plugins.ml2.managers [req-2b1657ed-539f-4b1e-9a3a-ec7308abb8a6 c0a07663cbdc4691b681ea85507a8b15 19392184f0f14148babdcf0f9f52b54a5 - - -] Mechanism driver 'genericswitch' failed in delete_port_postcommit
2017-04-18 14:33:14.370 22 ERROR neutron.plugins.ml2.managers Traceback (most recent call last):
2017-04-18 14:33:14.370 22 ERROR neutron.plugins.ml2.managers File "/usr/lib/python2.7/site-packages/neutron/plugins/ml2/managers.py", line 408, in _call_on_drivers
2017-04-18 14:33:14.370 22 ERROR neutron.plugins.ml2.managers getattr(driver.obj, method_name)(context)
2017-04-18 14:33:14.370 22 ERROR neutron.plugins.ml2.managers File "/usr/lib/python2.7/site-packages/networking_generic_switch/generic_switch_mech.py", line 375, in delete_port_postcommit
2017-04-18 14:33:14.370 22 ERROR neutron.plugins.ml2.managers self._unplug_port_from_network(port, context.network.current)
2017-04-18 14:33:14.370 22 ERROR neutron.plugins.ml2.managers File "/usr/lib/python2.7/site-packages/networking_generic_switch/generic_switch_mech.py", line 517, in _unplug_port_from_network
2017-04-18 14:33:14.370 22 ERROR neutron.plugins.ml2.managers raise e
2017-04-18 14:33:14.370 22 ERROR neutron.plugins.ml2.managers GenericSwitchNetmikoConnectError: Netmiko connection error: {'username': 'myusername', 'ip': '10.0.0.1', 'password': 'mypassword', 'device_type': 'dell_force10'}, error: Unable to find prompt:

At the very least, the password should be censored.

Mark Goddard (mgoddard)
Changed in networking-generic-switch:
assignee: nobody → Mark Goddard (mgoddard)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to networking-generic-switch (master)

Fix proposed to branch: master
Review: https://review.openstack.org/513401

Vasyl Saienko (vsaienko)
Changed in networking-generic-switch:
status: In Progress → Confirmed
importance: Undecided → High
OpenStack Infra (hudson-openstack)
Changed in networking-generic-switch:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to networking-generic-switch (master)

Reviewed: https://review.openstack.org/513401
Committed: https://git.openstack.org/cgit/openstack/networking-generic-switch/commit/?id=86cdb743f716b5a0539f71b4791f041ecdaf48f2
Submitter: Zuul
Branch: master

commit 86cdb743f716b5a0539f71b4791f041ecdaf48f2
Author: Mark Goddard <email address hidden>
Date: Wed Oct 18 15:14:37 2017 +0100

    Sanitise switch configuration in exceptions

    The switch configuration may contain a password field, which we should
    not be including in an exception message. This change adds a function
    for sanitising switch configuration, and uses it when raising exceptions
    with switch device configuration.

    Change-Id: Ic5d6de7b8f44f23afabbc468945c6f69d5b829d7
    Closes-Bug: #1683839

Changed in networking-generic-switch:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/networking-generic-switch 0.5.0

This issue was fixed in the openstack/networking-generic-switch 0.5.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.