mgr/cephadm: suppress TLSV1_ALERT_DECRYPT_ERROR from cherrypy

These errors can pop up transiently when the mgr restarts
as the agents have not yet been redeployed with the new certs.
If there's actually a persistant issue with the ssl handshake
we'll find out because the agent will stay down (and a health
warning will be raised). So, these tls alert errors end up not
being necessary to see and tend confuse people into thinking something
is actually wrong because a traceback is getting logged.

Signed-off-by: Adam King <adking@redhat.com>

diff --git a/src/pybind/mgr/cephadm/agent.py b/src/pybind/mgr/cephadm/agent.py
index 35067c0f35a5b4d63d7be6dca0fadc37f433be50..f0b112a089d4ae805abb11af36896b9b8dc0d27c 100644 (file)
--- a/src/pybind/mgr/cephadm/agent.py
+++ b/src/pybind/mgr/cephadm/agent.py
@@ -1,6 +1,7 @@
 import cherrypy
 import ipaddress
 import json
+import logging
 import socket
 import ssl
 import tempfile
@@ -27,6 +28,18 @@ if TYPE_CHECKING:
     from cephadm.module import CephadmOrchestrator
 
 
+def cherrypy_filter(record: logging.LogRecord) -> int:
+    blocked = [
+        'TLSV1_ALERT_DECRYPT_ERROR'
+    ]
+    msg = record.getMessage()
+    return not any([m for m in blocked if m in msg])
+
+
+logging.getLogger('cherrypy.access').addFilter(cherrypy_filter)
+logging.getLogger('cherrypy.error').addFilter(cherrypy_filter)
+
+
 class CherryPyThread(threading.Thread):
     def __init__(self, mgr: "CephadmOrchestrator") -> None:
         self.mgr = mgr