From: Sage Weil <sage@redhat.com>
Date: Thu, 30 Nov 2017 14:33:21 +0000 (-0600)
Subject: ceph-volume: use --keyfile instead of --key
X-Git-Tag: wip-pdonnell-testing-20180317.202121~885^2~1
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=46abd50f8bcbd347d577581ae42156b718556158;p=ceph-ci.git

ceph-volume: use --keyfile instead of --key

We do not want the key to show up on the command line (it may appear in
the process list or sudo log file).

Fixes: http://tracker.ceph.com/issues/22283
Signed-off-by: Sage Weil <sage@redhat.com>
---

diff --git a/src/ceph-volume/ceph_volume/util/prepare.py b/src/ceph-volume/ceph_volume/util/prepare.py
index 6b38fe0978d..26fa32f9d10 100644
--- a/src/ceph-volume/ceph_volume/util/prepare.py
+++ b/src/ceph-volume/ceph_volume/util/prepare.py
@@ -205,7 +205,7 @@ def osd_mkfs_bluestore(osd_id, fsid, keyring=None, wal=False, db=False):
     ]
 
     if keyring is not None:
-        base_command.extend(['--key', keyring])
+        base_command.extend(['--keyfile', '-'])
 
     if wal:
         base_command.extend(
@@ -221,7 +221,7 @@ def osd_mkfs_bluestore(osd_id, fsid, keyring=None, wal=False, db=False):
 
     command = base_command + supplementary_command
 
-    process.run(command, obfuscate='--key')
+    process.call(command, stdin=keyring)
 
 
 def osd_mkfs_filestore(osd_id, fsid):