[Openstack-security] [Bug 1737207] Fix included in openstack/nova 16.1.1
OpenStack Infra
1737207 at bugs.launchpad.net
Mon Apr 2 13:18:47 UTC 2018
This issue was fixed in the openstack/nova 16.1.1 release.
--
You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1737207
Title:
Guest admin password and network information is logged at debug if
libvirt.inject_partition != -2
Status in OpenStack Compute (nova):
Fix Released
Status in OpenStack Compute (nova) ocata series:
In Progress
Status in OpenStack Compute (nova) pike series:
Fix Committed
Status in OpenStack Compute (nova) queens series:
Fix Committed
Bug description:
When using the libvirt driver and the inject_partition config option
is != -2 (disabled), the driver will log the network information and
admin password about the guest during disk injection:
http://logs.openstack.org/50/524750/1/check/legacy-tempest-dsvm-
neutron-full-
centos-7/a7f051e/logs/screen-n-cpu.txt.gz#_Dec_04_13_42_41_311316
Dec 04 13:42:41.311316 centos-7-rax-dfw-0001196569 nova-compute[7962]: DEBUG nova.virt.libvirt.driver [None req-80dab566-372b-43d7-88f9-d807cc9cb673 service nova] [instance: 941f8290-5e14-4b53-85c9-c5045de9a067] Checking root disk injection InjectionInfo(network_info=[{"profile": {}, "ovs_interfaceid": "56e5a50e-d30e-4814-aee3-fcc9525d12ca", "preserve_on_delete": false, "network": {"bridge": "br-int", "subnets": [{"ips": [{"meta": {}, "version": 4, "type": "fixed", "floating_ips": [], "address": "10.1.0.6"}], "version": 4, "meta": {"dhcp_server": "10.1.0.2"}, "dns": [], "routes": [], "cidr": "10.1.0.0/28", "gateway": {"meta": {}, "version": 4, "type": "gateway", "address": "10.1.0.1"}}], "meta": {"injected": false, "tenant_id": "77504d716f9d4f38a021cbfa4f0e28ee", "mtu": 1450}, "id": "766bb2bf-e1c0-43b8-8800-5737351e9a03", "label": "tempest-ServersTestJSON-518988576-network"}, "devname": "tap56e5a50e-d3", "vnic_type": "normal", "qbh_params": null, "meta": {}, "details": {"port_filter": true, "datapath_type": "system", "ovs_hybrid_plug": true}, "address": "fa:16:3e:d3:8e:f8", "active": false, "type": "ovs", "id": "56e5a50e-d30e-4814-aee3-fcc9525d12ca", "qbg_params": null}], files=[], admin_pass=u'V2^cP#tYp*=UD&7') {{(pid=7962) _inject_data /opt/stack/new/nova/nova/virt/libvirt/driver.py:3115}}
Dec 04 13:42:41.314687 centos-7-rax-dfw-0001196569 nova-compute[7962]: DEBUG nova.virt.libvirt.driver [None req-80dab566-372b-43d7-88f9-d807cc9cb673 service nova] [instance: 941f8290-5e14-4b53-85c9-c5045de9a067] Injecting InjectionInfo(network_info=[{"profile": {}, "ovs_interfaceid": "56e5a50e-d30e-4814-aee3-fcc9525d12ca", "preserve_on_delete": false, "network": {"bridge": "br-int", "subnets": [{"ips": [{"meta": {}, "version": 4, "type": "fixed", "floating_ips": [], "address": "10.1.0.6"}], "version": 4, "meta": {"dhcp_server": "10.1.0.2"}, "dns": [], "routes": [], "cidr": "10.1.0.0/28", "gateway": {"meta": {}, "version": 4, "type": "gateway", "address": "10.1.0.1"}}], "meta": {"injected": false, "tenant_id": "77504d716f9d4f38a021cbfa4f0e28ee", "mtu": 1450}, "id": "766bb2bf-e1c0-43b8-8800-5737351e9a03", "label": "tempest-ServersTestJSON-518988576-network"}, "devname": "tap56e5a50e-d3", "vnic_type": "normal", "qbh_params": null, "meta": {}, "details": {"port_filter": true, "datapath_type": "system", "ovs_hybrid_plug": true}, "address": "fa:16:3e:d3:8e:f8", "active": false, "type": "ovs", "id": "56e5a50e-d30e-4814-aee3-fcc9525d12ca", "qbg_params": null}], files=[], admin_pass=u'V2^cP#tYp*=UD&7') {{(pid=7962) _inject_data /opt/stack/new/nova/nova/virt/libvirt/driver.py:3146}}
This was introduced in Ocata (15.0.0):
https://review.openstack.org/#/c/337790/
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1737207/+subscriptions
More information about the Openstack-security
mailing list