]> git.apps.os.sepia.ceph.com Git - ceph.git/commitdiff
ceph-volume: do not print luks key encryption
authorGuillaume Abrioux <gabrioux@redhat.com>
Wed, 15 Jun 2022 13:46:32 +0000 (15:46 +0200)
committerGuillaume Abrioux <gabrioux@redhat.com>
Thu, 23 Jun 2022 07:03:02 +0000 (09:03 +0200)
During osd activation, ceph-volume logs the luks key to its log file.

```
[2022-06-15 12:50:35,180][ceph_volume.process][INFO  ] Running command: /usr/bin/ceph --cluster ceph --name client.osd-lockbox.51d0770d-403d-4f81-93e6-e99f627f246c --keyring /var/lib/ceph/osd/ceph-0/lockbox.keyring config-key get dm-crypt/osd/51d0770d-403d-4f81-93e6-e99f627f246c/luks
[2022-06-15 12:50:35,522][ceph_volume.process][INFO  ] stdout ut9NjMK6YtMh1BLMJZ/mE2A7zTNyrp9pW1kHV8F2ipfz1BIX9MkEWhdYB2Azm1JPZ1d7ahIjBMUbrC/Iqqr2jQhP3MIsDzUYj1enw+sw7LeVvGPf0qNUdKmEGu5tUmvtQ+5pbk4T/9PF36kT6vCHKfNML/3fL6nnY8FDySrI4LY=
[2022-06-15 12:50:35,522][ceph_volume.process][INFO  ] Running command: /usr/sbin/cryptsetup --key-size 512 --key-file - --allow-discards luksOpen /dev/ceph-83c307d3-710b-4197-8ecd-0484e17395e3/osd-block-51d0770d-403d-4f81-93e6-e99f627f246c a9HhDO-MiYD-DtYm-SKJf-nO1d-5O3u-FmcCrd
```

Fixes: https://tracker.ceph.com/issues/56066
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 0d97a93faae431f1197d72ee3c4347387f6b1c73)

src/ceph-volume/ceph_volume/util/encryption.py

index 2a2c03337b61f0db47d34c6349435f11f6c16f0b..e1f7ccfebef776f501feaa4295fe198a9c129a21 100644 (file)
@@ -1,13 +1,14 @@
 import base64
 import os
 import logging
-from ceph_volume import process, conf
+from ceph_volume import process, conf, terminal
 from ceph_volume.util import constants, system
 from ceph_volume.util.device import Device
 from .prepare import write_keyring
 from .disk import lsblk, device_family, get_part_entry_type
 
 logger = logging.getLogger(__name__)
+mlogger = terminal.MultiLogger(__name__)
 
 def get_key_size_from_conf():
     """
@@ -135,6 +136,7 @@ def get_dmcrypt_key(osd_id, osd_fsid, lockbox_keyring=None):
     name = 'client.osd-lockbox.%s' % osd_fsid
     config_key = 'dm-crypt/osd/%s/luks' % osd_fsid
 
+    mlogger.info(f'Running ceph config-key get {config_key}')
     stdout, stderr, returncode = process.call(
         [
             'ceph',
@@ -145,7 +147,8 @@ def get_dmcrypt_key(osd_id, osd_fsid, lockbox_keyring=None):
             'get',
             config_key
         ],
-        show_command=True
+        show_command=True,
+        logfile_verbose=False
     )
     if returncode != 0:
         raise RuntimeError('Unable to retrieve dmcrypt secret')