ceph-volume: use --keyfile instead of --key

We do not want the key to show up on the command line (it may appear in
the process list or sudo log file).

Fixes: http://tracker.ceph.com/issues/22283
Signed-off-by: Sage Weil <sage@redhat.com>
(cherry picked from commit 46abd50f8bcbd347d577581ae42156b718556158)

diff --git a/src/ceph-volume/ceph_volume/util/prepare.py b/src/ceph-volume/ceph_volume/util/prepare.py
index 026ccafae56b6b4677d22edd3ef9b78c4287d4c0..816f95196a0a699a06f72fc30d1664fccd1496e9 100644 (file)
--- a/src/ceph-volume/ceph_volume/util/prepare.py
+++ b/src/ceph-volume/ceph_volume/util/prepare.py
@@ -202,7 +202,7 @@ def osd_mkfs_bluestore(osd_id, fsid, keyring=None, wal=False, db=False):
     ]
 
     if keyring is not None:
-        base_command.extend(['--key', keyring])
+        base_command.extend(['--keyfile', '-'])
 
     if wal:
         base_command.extend(
@@ -218,7 +218,7 @@ def osd_mkfs_bluestore(osd_id, fsid, keyring=None, wal=False, db=False):
 
     command = base_command + supplementary_command
 
-    process.run(command, obfuscate='--key')
+    process.call(command, stdin=keyring)
 
 
 def osd_mkfs_filestore(osd_id, fsid):