Noble verification ================== I've verified this by deploying OpenStack Epoxy on Noble via juju and running sos report on the various machines
## Check ceph obfuscation ubuntu@stg-reproducer-bryanfraschetti-project-bastion:~$ juju ssh ceph- rgw/0 # Before enabling proposed ubuntu@juju-7b2ab9-verif-testing-4:~$ sudo sos report ubuntu@juju-7b2ab9-verif-testing-4:~$ tar -xf /tmp/sosreport-juju-7b2ab9-verif-testing-4-2025-06-06-umexjpp.tar.xz ubuntu@juju-7b2ab9-verif-testing-4:~$ cat sosreport-juju-7b2ab9-verif-testing-4-2025-06-06-umexjpp/etc/ceph/ceph.conf Observed that password (rgw keystone admin password) is present in plaintext # After enabling proposed # modified /etc/apt/sources.list.d/ubuntu.sources to contain: Types: deb URIs: http://availability-zone-1.clouds.archive.ubuntu.com/ubuntu/ Suites: noble-proposed Components: main universe restricted multiverse Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg ubuntu@juju-7b2ab9-verif-testing-4:~$ sudo apt update && sudo apt upgrade -y ubuntu@juju-7b2ab9-verif-testing-4:~$ sudo sos report ubuntu@juju-7b2ab9-verif-testing-4:~$ tar -xf /tmp/sosreport-juju-7b2ab9-verif-testing-4-2025-06-06-kqzaxuc.tar.xz ubuntu@juju-7b2ab9-verif-testing-4:~$ cat sosreport-juju-7b2ab9-verif-testing-4-2025-06-06-kqzaxuc/etc/ceph/ceph.conf [global] ... File contents ... rgw keystone admin user = s3_swift rgw keystone admin password = ********* rgw keystone api version = 3 rgw keystone admin domain = service_domain ... Continued file contents Note that rgw keystone admin password is successfully obfuscated # Check for existence of auth.log, syslog, kern.log, and ubuntu- advantage.log ubuntu@juju-7b2ab9-verif-testing-4:~$ ls -alh sosreport-juju-7b2ab9-verif-testing-4-2025-06-06-kqzaxuc/var/log/ # Note that I truncated the listing to just those of concern for brevity total 756K -rw-r----- 1 syslog adm 24K Jun 6 21:23 auth.log -rw-r----- 1 root adm 46K Jun 6 20:41 dmesg -rw-r----- 1 syslog adm 73K Jun 6 21:22 kern.log -rw-r----- 1 syslog adm 310K Jun 6 21:24 syslog -rw-r----- 1 root root 4.8K Jun 6 21:24 ubuntu-advantage.log ## Check Horizon obfuscation ubuntu@stg-reproducer-bryanfraschetti-project-bastion:~$ juju ssh openstack-dashboard/0 # Before enabling proposed ubuntu@juju-7b2ab9-verif-testing-14:~$ sudo sos report ubuntu@juju-7b2ab9-verif-testing-14:~$ tar -xf /tmp/sosreport-juju-7b2ab9-verif-testing-14-2025-06-06-gzpkbsm.tar.xz ubuntu@juju-7b2ab9-verif-testing-14:~$ egrep "PASSWORD|SECRET_KEY" sosreport-juju-7b2ab9-verif-testing-14-2025-06-06-gzpkbsm/etc/openstack-dashboard/local_settings.py Observed that SECRET_KEY, PASSWORD, and EMAIL_HOST_PASSWORD are not obfuscated # After enabling proposed # modified /etc/apt/sources.list.d/ubuntu.sources to contain: Types: deb URIs: http://availability-zone-1.clouds.archive.ubuntu.com/ubuntu/ Suites: noble-proposed Components: main universe restricted multiverse Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg ubuntu@juju-7b2ab9-verif-testing-14:~$ sudo apt update && sudo apt upgrade -y ubuntu@juju-7b2ab9-verif-testing-14:~$ sudo sos report ubuntu@juju-7b2ab9-verif-testing-14:~$ tar -xf /tmp/sosreport-juju-7b2ab9-verif-testing-14-2025-06-06-yoliman.tar.xz ubuntu@juju-7b2ab9-verif-testing-14:~$ egrep "PASSWORD|SECRET_KEY" sosreport-juju-7b2ab9-verif-testing-14-2025-06-06-yoliman/etc/openstack-dashboard/local_settings.py SECRET_KEY = ********* 'PASSWORD': ********* EMAIL_HOST_PASSWORD = ********* Note that all are now successfully obfuscated # Check for auth.log, syslog, kern.log, and ubuntu-advantage.log ubuntu@juju-7b2ab9-verif-testing-14:~$ ls -alh sosreport-juju-7b2ab9-verif-testing-14-2025-06-06-yoliman/var/log/ # Note that I truncated the listing to just those of concern for brevity total 844K -rw-r----- 1 syslog adm 24K Jun 6 21:35 auth.log -rw-r----- 1 root adm 46K Jun 6 20:42 dmesg -rw-r----- 1 syslog adm 73K Jun 6 21:34 kern.log -rw-r----- 1 syslog adm 316K Jun 6 21:35 syslog -rw-r----- 1 root root 4.8K Jun 6 21:35 ubuntu-advantage.log Will repeat on oracular -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2101134 Title: [sru] Obfuscation/Collection issues in sosreport/sos 4.8.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-pro/+bug/2101134/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
