Removing root_pass from hostgroup

I recently noticed that provisioned systems had the wrong root password. I
have never explicitly set the password anywhere but in the global
"Settings" under the Provisioning tab. I did some digging in the Rails
console and found most of my Hostgroups have an explicit root password set
that does not match the one I use globally. I looked in the audit system
and saw that some of the hostgroups had root password changed by me. I
KNOW I did not do this, so either this is some kind of bug or somehow some
form "autofill" put values into the Root Password field when I updated a
hostgroup. It's also possible my account was exposed thanks to the
Heartbleed issue.

Can the root password be reset for a hostgroup in the Foreman interface? I
am on 1.4.2.

If the root password can't be changed via the interface, is it safe to set
it to 'nil' in the Rails console?

Thanks,

• Trey

Hey,

> that does not match the one I use globally. I looked in the audit system
> and saw that some of the hostgroups had root password changed by me. I
> KNOW I did not do this, so either this is some kind of bug or somehow some

the problem here is very often password save feature in browsers. We do
fight against that, but the only way that reliably works is to change
the field name on every request (e.g. give it a hash like
password_a9b723e2341…).

> Can the root password be reset for a hostgroup in the Foreman interface? I
> am on 1.4.2.
>
> If the root password can't be changed via the interface, is it safe to set
> it to 'nil' in the Rails console?

Unsure about resetting from UI (IMHO no), but you should be safe to do
it via foreman-rake console (use nil value). Backup first anyway.