Scrub tracked secrets and switch ATVM docs to local credential references

- remove hardcoded credentials, tokens, registration codes, and similar secret values from tracked ATVM and CDS MCP docs - replace those values with references to /home/aw/code/cds/.env.credentials.local and the corresponding environment variable names - update current operator guides to instruct sourcing .env.credentials.local before credential-dependent setup and automation workflows - update the ATVM setup scripts to consume ATVM_TARGET_PASSWORD from the environment instead of hardcoding the Ubuntu root SSH password - scrub the remaining tracked artifact log entry that still included the old CMC registration code - keep the local-only credential inventory in .env.credentials.local while leaving that file untracked
2026-03-24 17:32:44 -04:00
parent 4c07863f6c
commit 86b1a0e4a9
13 changed files with 111 additions and 84 deletions
--- a/atvm/archive/imported-notes/cypress-automation-for-cmc.md
+++ b/atvm/archive/imported-notes/cypress-automation-for-cmc.md
@@ -1,5 +1,8 @@
 # Cypress Automation for CMC

+Credentials, tokens, webhooks, and registration codes were scrubbed from this tracked archive.
+Use `/home/aw/code/cds/.env.credentials.local` for the local-only values referenced below.
+
 # Summary

 This document outlines the equipement, hardware, vm inventory and any tips to configure the vms for the cmc cypress automation.  The vms were initially configured manually but as of 2026, are now being configured via AI tools to make configuration more automated and efficient.  The 
@@ -10,7 +13,7 @@ This document outlines the equipement, hardware, vm inventory and any tips to co
 ## __Storage Array/Appliance__


-1. Primary DGS Phoenix Server: 192.168.1.172  (Web GUI login: **admin** / **cdsi2012DGS172**)
+1. Primary DGS Phoenix Server: 192.168.1.172  (Web GUI login: **DGS_PRIMARY_USER** / **DGS_PRIMARY_PASSWORD** from `.env.credentials.local`)

   ***Note:*** For SSH login, use **root** and the password needs to be obtained from <https://callcenter.cdsi.us.com/main/phoenix/>

@@ -30,17 +33,17 @@ This document outlines the equipement, hardware, vm inventory and any tips to co
 ### vSphere vCenter Environment 1


-1. vCenter Server Appliance: 192.168.0.201  (vSphere login: **administrator@qalab.cdsi.local** / **CDSi101!**)
+1. vCenter Server Appliance: 192.168.0.201  (vSphere login: **VCENTER_USER** / **VCENTER_PASSWORD** from `.env.credentials.local`)

-   ***Note:*** For SSH login, **administrator@qalab.cdsi.local** / **CDSi101!** (can also use **root** with the same password?)
+   ***Note:*** For SSH login, use **VCENTER_USER** / **VCENTER_PASSWORD** from `.env.credentials.local` (or the equivalent root credential if still valid).

   
-   1. ESX Server 165: 192.168.1.165 (ssh: root / CDSi101! / IPMI: admin / cdsi2012) - License: 1Y2RU-DWK14-H81E0-UH8Z6-0Y2J4
+   1. ESX Server 165: 192.168.1.165 (ssh: **ESXI_HOST_1_USER** / **ESXI_HOST_1_PASSWORD**; IPMI: **ESXI_HOST_1_IPMI_USER** / **ESXI_HOST_1_IPMI_PASSWORD** from `.env.credentials.local`) - License: 1Y2RU-DWK14-H81E0-UH8Z6-0Y2J4

      
      1. VMware ESXi, 7.0.3, 19193900
      2. Assigned AutomatedTest-VMBootImg-Gold (3 TB)
-   2. ESX Server 166: 192.168.1.166 (ssh: root / CDSi101! / IPMI: admin / cdsi2012) - License: 1Y2RU-DWK14-H81E0-UH8Z6-0Y2J4
+   2. ESX Server 166: 192.168.1.166 (ssh: **ESXI_HOST_2_USER** / **ESXI_HOST_2_PASSWORD**; IPMI: **ESXI_HOST_2_IPMI_USER** / **ESXI_HOST_2_IPMI_PASSWORD** from `.env.credentials.local`) - License: 1Y2RU-DWK14-H81E0-UH8Z6-0Y2J4

      
      1. VMware ESXi, 7.0.3, 19193900
@@ -50,23 +53,23 @@ This document outlines the equipement, hardware, vm inventory and any tips to co
 ### ==OLD vSphere vCenter Environment==


-1. ==vCenter Server Appliance: 192.168.0.200  (vSphere login: **administrator@qa.cdsi.local** / **CDSi101!**)==
+1. ==vCenter Server Appliance: 192.168.0.200  (vSphere login: **LEGACY_VCENTER_USER** / **LEGACY_VCENTER_PASSWORD** from `.env.credentials.local`)==

-   ***==Note:==*** ==For SSH login, use **root** with the same password==
+   ***==Note:==*** ==For SSH login, use the matching legacy vCenter credential from `.env.credentials.local`==

   ==\[VM name: **CDS1-VSCA6.7-200**.    Location: ESXi 6.0.0, 192.168.0.43, root/CDSi101\]== 

   \
-2. ==ESXi Server **CDS1-H011**: 192.168.1.11  (SSH login: **root** / **cdsi2012**)==
+2. ==ESXi Server **CDS1-H011**: 192.168.1.11  (SSH login: **LEGACY_ESXI_H011_USER** / **LEGACY_ESXI_H011_PASSWORD** from `.env.credentials.local`)==

-   ==iDRAC: 192.168.2.11  (login: **admin** / **cdsi2012**)==
+   ==iDRAC: 192.168.2.11  (login: **LEGACY_ESXI_H011_IDRAC_USER** / **LEGACY_ESXI_H011_IDRAC_PASSWORD** from `.env.credentials.local`)==

   ==S/W: ESXi 6.5.x.    H/W: Dell R720, 160 GB RAM, 18 x 8Gb FC HBA Ports (*14* passthrough-enabled)== 

   \
-3. ==ESXi Server **CDS1-H018**: 192.168.1.18  (SSH login: **root**/**CDSi2012**)==
+3. ==ESXi Server **CDS1-H018**: 192.168.1.18  (SSH login: **LEGACY_ESXI_H018_USER** / **LEGACY_ESXI_H018_PASSWORD** from `.env.credentials.local`)==

-   ==iDRAC: 192.168.2.18  (login: **admin** / **cdsi2012**)==
+   ==iDRAC: 192.168.2.18  (login: **LEGACY_ESXI_H018_IDRAC_USER** / **LEGACY_ESXI_H018_IDRAC_PASSWORD** from `.env.credentials.local`)==

   ==S/W: ESXi 6.7.x.    H/W: Dell R720, 192 GB RAM, 12 x 8Gb FC HBA Ports (*8* passthrough-enabled)== 

@@ -76,7 +79,7 @@ This document outlines the equipement, hardware, vm inventory and any tips to co
 Used to run cypress script and to initiate other scripts related to the automation testing process.


-1.  atvm-cypress-vm: 192.168.3.190 (ip); 255.255.252.0 (broadcast); 192.168.0.1 (gateway) -  (ssh and RDP login: root / atvmcdsi2012 ; cypressuser / atvmcypress)
+1.  atvm-cypress-vm: 192.168.3.190 (ip); 255.255.252.0 (broadcast); 192.168.0.1 (gateway) -  (ssh and RDP login: **ATVM_CONTROLLER_USER** / **ATVM_CONTROLLER_PASSWORD** ; **ATVM_CONTROLLER_ALT_USER** / **ATVM_CONTROLLER_ALT_PASSWORD** from `.env.credentials.local`)

 Located on AutomatedTest-Cypress

@@ -89,7 +92,7 @@ Memory 64GB
 Disk Space: 128GB


-2. atvm-cypress-vm-1: 192.168.3.190 (ip); 255.255.252.0 (broadcast); 192.168.0.1 (gateway) -  (ssh and RDP login: root / atvmcdsi2012 ; cypressuser / atvmcypress)
+2. atvm-cypress-vm-1: 192.168.3.190 (ip); 255.255.252.0 (broadcast); 192.168.0.1 (gateway) -  (ssh and RDP login: **ATVM_CONTROLLER_USER** / **ATVM_CONTROLLER_PASSWORD** ; **ATVM_CONTROLLER_ALT_USER** / **ATVM_CONTROLLER_ALT_PASSWORD** from `.env.credentials.local`)

 Located on AutomatedTest-Cypress

@@ -107,7 +110,7 @@ Disk Space: 128GB
 VM used to host offline DVD Linux Repository.  This will not be mirrorred or updated.  It is purely created for internal purposes to help create and configure the atvm clients (especially RHEL).  Created and provided AS IS. ==\[As of 08/28/2024 - Looks like you can use the free account to link to the RedHat repositories to install and update the system.  Tried it for Redhat9.4.  Redhat9.4+ probably won't have Full DVD ISO's (only boot ISOs).  May not need the offline DVD repository but I have not updated the previous OS versions\].  SEE REDHAT FREE ACCOUNT SUBSCRIPTION SECTION OF THIS DOCUMENT.==


-1. linux-repo-vm: 192.168.3.199 (ssh login: root / cdsi2012)
+1. linux-repo-vm: 192.168.3.199 (ssh login: **ATVM_REPO_USER** / **ATVM_REPO_PASSWORD** from `.env.credentials.local`)

 Located on Internal-DVD-Offline-Linux-Repository

@@ -140,13 +143,13 @@ This account is specifically used for the CMC automation test environment.  The
 1. **User:** qatest.atvm@cirrusdata.com (alias email currently linked with anthony.wen@cirrusdata.com. (Ask administrator to switch alias to whoever takes over this environment).  This is used to run through the automation.

   \
-   **Password:** fEMQ9N4KEfYyFnS
+   **Password:** `CMC_TEST_PASSWORD` from `.env.credentials.local`

   \
-   **2FA Registration Code:** C7FIIZV6SGZ67XGATFN7YQHEJI6BHGPL
+   **2FA Registration Code:** `CMC_TEST_TOTP_SECRET` from `.env.credentials.local`

   \
-   **CMC API Token:** lNSrdRkqJWJlxierQTcoIiZppmORigyZiXQsHhGiJtmnGKCGAJTwMpRsqKSLgKdSHTXDpYPtPyszDZTvOvGEoXuBZFdkTkxyvNTlSxYKLsBcEpTbRkRQkQppdwBhaUyauPZxolHmOTeZOVIAZCnyGBTQjVxsSaaJXwaguIgeFbYctONcCBhayNTruJOtYJGYbLBESrRkDMuHZBCpZoMeKgeNjifqdROMYhKCyUFhVhaOvFSWizFNlQZYRInscFw
+   **CMC API Token:** `CIRRUS_API_TOKEN` from `.env.credentials.local`

   \
   **ATVM Xray locations for failed tests:** ../cdc-e2e/cypress/cmcXray
@@ -155,15 +158,15 @@ This account is specifically used for the CMC automation test environment.  The
 2. **User:** qatestuser.atvm@cirrusdata.com (alias email currently linked with anthony.wen@cirrusdata.com).  (Ask administrator to switch alias to whoever takes over this environment).  This is used to test user administration with the automation scripts.

   \
-   **Password:** fEMQ9N4KEfYyFnS#1
+   **Password:** `CMC_USERADMIN_TEST_PASSWORD` from `.env.credentials.local`

   \
-   **2FA Registration Code:** WQ6F6NIDSIY57BLHMTTVBMIXZI44G5F7
+   **2FA Registration Code:** `CMC_USERADMIN_TOTP_SECRET` from `.env.credentials.local`

   \
   **CMC API Tokens:**

-   DQYjVaDFbsFDcfVEoIZNbiiWLkoMOMSzoFyVKkFxwvribCrLiUqEwVVVZDurapQTiJEuGYcJVOvFnXSmcIpwXIJDzPGiidaQwMfbPGirmpKsVZrPQeHAgbABpyNjiDxSOzmGWvDpBEHdrnYceSxtkvYkhSGPOolWOUYdblCuzfnFCuwLtOklRZGsZRAEbBfeJPyrfnZCSMcGBRoVkMRXttYcJKEwOqzlKKKXWtyKKirfyOpSpTlnREUQlgwjGSB
+   `CMC_USERADMIN_API_TOKEN` from `.env.credentials.local`

   \
 3. REDHAT FREE SUBSCRIPTION ACCOUNT - This account is used to access the redhat repos.  The only caveat is that free subscriptions expire in 1 year and need be manually renewed.  The clients will need to be unregistered and re-registered again after the account is renewed.  The automation scripts automatically re-register every time the scripts are ran just for simplicity sake.
@@ -172,7 +175,7 @@ This account is specifically used for the CMC automation test environment.  The
   * Registration: 

   \
-   You may register the redhat vm during installation via the wizard or you can registrer via the following command: `subscription-manager register --username qatest.atvm@cirrusdata.com --password rh@CDSi101cdsi2012`
+   You may register the redhat vm during installation via the wizard or you can registrer via the following command: `subscription-manager register --username "$REDHAT_SUBSCRIPTION_USER" --password "$REDHAT_SUBSCRIPTION_PASSWORD"`

   \
   * Re-Register:
@@ -182,7 +185,7 @@ This account is specifically used for the CMC automation test environment.  The
   # subscription-manager remove --all
   # subscription-manager unregister
   # subscription-manager clean
-   # subscription-manager register --username qatest.atvm@cirrusdata.com --password rh@CDSi101cdsi2012
+   # subscription-manager register --username "$REDHAT_SUBSCRIPTION_USER" --password "$REDHAT_SUBSCRIPTION_PASSWORD"
   ```

   \
@@ -192,7 +195,7 @@ This account is specifically used for the CMC automation test environment.  The
   <https://developers.redhat.com/products/rhel/download#publicandprivatecloudreadyrhelimages>

   \
-   * REDHAT LOGIN: qatest.atvm@cirrusdata.com / rh@CDSi101cdsi2012 (alias email currently linked with anthony.wen@cirrusdata.com).  (Ask administrator to switch alias to whoever takes over this environment). 
+   * REDHAT LOGIN: `REDHAT_SUBSCRIPTION_USER` / `REDHAT_SUBSCRIPTION_PASSWORD` from `.env.credentials.local` (alias email currently linked with anthony.wen@cirrusdata.com).  (Ask administrator to switch alias to whoever takes over this environment). 

   \
   ==Note: EOL OSes might not be allowed to register.  In those cases, offline DVD repo needs to be used.==
@@ -265,7 +268,7 @@ Reserved static ip address for atvm environment:
 **__192.1168.3.176 - 179:__** used for atvm infrastructure


-1. 192.168.3.176: atvm-ovirtengine (ssh: root / ovirtcdsi2012; web portal: admin / ovirtcdsi2012) - sometimes after a reboot the kvm shows as down but it really isn't.  Seems like a glitch. Putting it in maintenance mode and activating it seemed to get working again for whatever reason.
+1. 192.168.3.176: atvm-ovirtengine (ssh: **OVIRT_ENGINE_SSH_USER** / **OVIRT_ENGINE_SSH_PASSWORD**; web portal: **OVIRT_ENGINE_WEB_USER** / **OVIRT_ENGINE_WEB_PASSWORD** from `.env.credentials.local`) - sometimes after a reboot the kvm shows as down but it really isn't.  Seems like a glitch. Putting it in maintenance mode and activating it seemed to get working again for whatever reason.

   
   1. AutomatedTest-VMBootImgComputeMigration-Gold (512 GB)
@@ -277,17 +280,17 @@ Reserved static ip address for atvm environment:
   7. CMC Helper: cmchelper-vm (default name)
   8. CMC Disk Image: cmchelper-vm
   9. 4 cpu, 8GB memory, 60GB disk space
-2. 192.168.3.177: atvm-kvm01 (ssh: root / ovirtcdsi2012)
+2. 192.168.3.177: atvm-kvm01 (ssh: **OVIRT_KVM01_USER** / **OVIRT_KVM01_PASSWORD** from `.env.credentials.local`)

   
   1. AutomatedTest-VMBootImgComputeMigration-Gold (512 GB)
   2. atvm-kvm01.cds.lab.com
   3. 8 cpu, 16GB memory, 70GB disk space
-3. 192.168.3.178: atvm-proxmox (ssh: root / promoxcdsi2012)
+3. 192.168.3.178: atvm-proxmox (ssh: **PROXMOX_USER** / **PROXMOX_PASSWORD** from `.env.credentials.local`)

   
   1. https://192.168.3.178:8006/
-   2. email used for alerts: qatestuser.atvm@cirrusdata.com (alias email currently linked with anthony.wen@cirrusdata.com)
+   2. email used for alerts: `PROXMOX_ALERT_EMAIL` from `.env.credentials.local` (alias email currently linked with anthony.wen@cirrusdata.com)
   3. hostname (FQDN): atvm-proxmox.cdsi.us.local
   4. AutomatedTest-VMBootImgComputeMigration-Gold (512 GB)
   5. 8 cpu, 16GB memory, 132GB disk space
@@ -303,7 +306,7 @@ VM's FC Passthrough Adapter Zoning to Pure 192.168.2.8  and Infinidat 192.168.2.

 **__Switch Information:__**

-Brocade 192.168.2.240 admin / password
+Brocade 192.168.2.240 (use the locally managed switch credential; do not store it in tracked docs)


 **__CDS1_ESX165 Passthrough Ports (==In-Use==):__**
@@ -780,8 +783,8 @@ VM's will be powered on and tested 1 at a time.  So the shared resources should
    
    1. 4 CPU, 8GB Memory, \[minimum disk size for specific distribution - as of 02/25/2025, atvm currently uses 16GB for linux, 40GB for windows but need to check distros and adjust accordingly\]
    2. Name the VM hostname (OS won't like "." and sometimes "_" so replace with "-"): "atvm\[#\]-\[os \]\[major\]-\[minor\]" (ex. atvm2-Ubuntu16-04)
-    3. Non-root user creation: cirrus / cdsi2012 (if required)
-    4. root account: root / cdsi2012
+    3. Non-root user creation: `ATVM_NONROOT_DEFAULT_USER` / `ATVM_NONROOT_DEFAULT_PASSWORD` from `.env.credentials.local` (if required)
+    4. root account: `ATVM_TARGET_USER` / `ATVM_TARGET_PASSWORD` from `.env.credentials.local`
    5. Install using minimal installation
    6. Set network as static with 192.168.3.191 / 255.255.252.0 \[broadcast\] / 192.168.0.1 \[gateway\]
 3. Assign SCSI Controller
@@ -1316,4 +1319,4 @@ These clients are created for other QA but on a temporary basis to help them uni


 1. atvmxxx-w2k25 192.168.0.75 - 100 disk migration.  (Tomasz - as of 06/02/2025)
-2. aw-ubuntu24.04 192.168.0.71 (cmc general - carolina 02/18/2026)
+2. aw-ubuntu24.04 192.168.0.71 (cmc general - carolina 02/18/2026)