rh#2128834

Description of problem:

There are multiple components that shows the plain-text passwords in /var/log/messages during openstack overcloud update run.

{'command': ['/bin/bash', '-c', "/usr/bin/virsh secret-define --file /etc/nova/secret.xml && /usr/bin/virsh secret-set-value --secret '3E4DB0C9-EA6B-4A8E-B3E1-FF8D5B3D2643' --base64 'SGVsbG8gdGhlcmUgOi0pCg=='"]

/usr/bin/redis-cli -s /var/run/redis/redis.sock -a <password> info 

mysql --defaults-extra-file=/etc/my.cnf -nNE --connect-timeout=10 --user=clustercheck --password=<password> --host=localhost --port=3306 -e SHOW STATUS LIKE 'wsrep_local_state'; 

mysql -nNE --user=clustercheck --password=<password> -h localhost -e show status like 'wsrep_cluster_status';


Version-Release number of selected component (if applicable):

RHOSP16.2

How reproducible:

openstack overcloud update run

And check /var/log/messages

Actual results:

Passwords are visible in /var/log/messages

Expected results:

The passwords should be redacted or hidden otherwise.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2128834
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3261