jgotteswinter opened a new issue, #10847:
URL: https://github.com/apache/cloudstack/issues/10847
### problem
When live migrating vms, the whole libvirt xml definition gets logged to
/var/log/cloudstack/agent/agent.log (Log Level set to INFO). This includes for
example the vnc password, and i guess it would also include the luks password
for encrypted volumes.
```
2025-05-09 10:38:46,164 INFO
[resource.wrapper.LibvirtMigrateCommandWrapper] (agentRequest-Handler-1:null)
(logid:b55d2348) Starting live migration of instance [i-58-xxx-VM] to
destination host [qemu+tls://10.xx.xx.xx/system] having the final XML
configuration: [<domain type='kvm'>
<name>i-58-4522-VM</name>
<uuid>511d4065-bdd8-4f5f-8dd3-xxxxxxx</uuid>
<description>Ubuntu 22.04 LTS</description>
<memory unit='KiB'>67108864</memory>
<currentMemory unit='KiB'>67108864</currentMemory>
<vcpu placement='static'>16</vcpu>
<iothreads>1</iothreads>
<cputune>
<shares>1250</shares>
<period>10000</period>
<quota>10000</quota>
</cputune>
<resource>
<partition>/machine</partition>
</resource>
<sysinfo type='smbios'>
<system>
<entry name='manufacturer'>Apache Software Foundation</entry>
<entry name='product'>CloudStack KVM Hypervisor</entry>
<entry name='uuid'>511d4065-bdd8-4f5f-8dd3-xxxxxxxx</entry>
</system>
</sysinfo>
<os>
<type arch='x86_64' machine='pc-i440fx-8.2'>hvm</type>
<boot dev='cdrom'/>
<boot dev='hd'/>
<smbios mode='sysinfo'/>
</os>
<features>
<acpi/>
<apic/>
<pae/>
</features>
<cpu mode='host-model' check='partial'>
<topology sockets='4' dies='1' cores='4' threads='1'/>
</cpu>
<clock offset='utc'>
<timer name='kvmclock'/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2' cache='none' io='native'
discard='unmap'/>
<source
file='/mnt/2c568429-23f5-3e75-8208-xxxxx/0b3ca1d6-bdba-4cc8-bb7f-xxxxx'/>
<target dev='sda' bus='scsi'/>
<serial>0b3ca1d6bdba4xxxxx</serial>
<address type='drive' controller='0' bus='0' target='0' unit='0'/>
</disk>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2' cache='none' io='native'
discard='unmap'/>
<source
file='/mnt/2c568429-23f5-3e75-8208-xxxxx/cd683178-03ad-4834-b51b-xxxxxx'/>
<target dev='sdb' bus='scsi'/>
<serial>cd68317803ad4834xxx</serial>
<address type='drive' controller='0' bus='0' target='0' unit='1'/>
</disk>
<disk type='file' device='cdrom'>
<driver name='qemu' type='raw'/>
<target dev='hdc' bus='ide'/>
<readonly/>
<address type='drive' controller='0' bus='1' target='0' unit='0'/>
</disk>
<controller type='scsi' index='0' model='virtio-scsi'>
<driver queues='16' iothread='1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x09'
function='0x0'/>
</controller>
<controller type='ide' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01'
function='0x1'/>
</controller>
<controller type='virtio-serial' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04'
function='0x0'/>
</controller>
<interface type='bridge'>
<mac address='02:06:01:02:xx:xx'/>
<source bridge='xxxx'/>
<bandwidth>
<inbound average='640000' peak='640000'/>
<outbound average='640000' peak='640000'/>
</bandwidth>
<model type='virtio'/>
<link state='up'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03'
function='0x0'/>
</interface>
<serial type='pty'>
<target type='isa-serial' port='0'>
<model name='isa-serial'/>
</target>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
<channel type='unix'>
<source mode='bind'
path='/var/lib/libvirt/qemu/i-58-xxxx-VM.org.qemu.guest_agent.0'/>
<target type='virtio' name='org.qemu.guest_agent.0'/>
<address type='virtio-serial' controller='0' bus='0' port='1'/>
</channel>
<input type='tablet' bus='usb'>
<address type='usb' bus='0' port='1'/>
</input>
<input type='mouse' bus='ps2'/>
<graphics type='vnc' port='-1' autoport='yes' listen='x.x.x.x'
passwd='**XYZXYZ**'>
<listen type='address' address='x.x.x.x'/>
</graphics>
<video>
<model type='cirrus' vram='16384' heads='1' primary='yes'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02'
function='0x0'/>
</video>
<watchdog model='i6300esb' action='none'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07'
function='0x0'/>
</watchdog>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05'
function='0x0'/>
</memballoon>
<rng model='virtio'>
<rate bytes='2048' period='1000'/>
<backend model='random'>/dev/random</backend>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06'
function='0x0'/>
</rng>
</devices>
</domain>
].
```
### versions
ACS 4.19.2
### The steps to reproduce the bug
### What to do about it?
_No response_
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
