Remove secure hieradata files from collect

Supporting controller puppet manifests apply following DOR introduces cached hieradata which will be included in log collect. This change updated collect to remove the secure hieradata files in the cache as they contain clear text passwords. Change-Id: I17542c9fd778107f065531d02c53c59581fc179e Partial-Bug: 1904739 Depends-On: https://review.opendev.org/c/starlingx/config/+/765373 Signed-off-by: Andy Ning <andy.ning@windriver.com>
2020-12-03 09:57:12 -05:00 · 2020-12-03 09:57:12 -05:00 · 17c62bd5aa
parent 2cd822ce73
commit 17c62bd5aa
1 changed files with 1 additions and 0 deletions
--- a/tools/collector/scripts/collect_mask_passwords
+++ b/tools/collector/scripts/collect_mask_passwords
@ -64,6 +64,7 @@ done
 find ${COLLECT_NAME_DIR} -name server-cert.pem | xargs --no-run-if-empty rm -f
 rm -rf ${COLLECT_NAME_DIR}/var/extra/platform/config/*/ssh_config
 rm -f ${COLLECT_NAME_DIR}/var/extra/platform/puppet/*/hieradata/secure*.yaml
+rm -f ${COLLECT_NAME_DIR}/etc/puppet/cache/hieradata/secure*.yaml

 # Mask user passwords in sysinv db dump
 if [ -f ${COLLECT_NAME_DIR}/var/extra/database/sysinv.db.sql.txt ]; then