From: Guillaume Abrioux Date: Thu, 16 Jun 2022 07:22:18 +0000 (+0200) Subject: ceph-volume: do not print the secret of osd keyring X-Git-Tag: v17.2.4~237^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=68d71309fc3bb2d35c60df5dfd30982f85e5c11a;p=ceph.git ceph-volume: do not print the secret of osd keyring during osd preparation, ceph-volume logs the secret of the osd keyring to file ``` [2022-06-15 12:31:17,466][ceph_volume.process][INFO ] Running command: /usr/bin/ceph-authtool /var/lib/ceph/osd/ceph-0/keyring --create-keyring --name osd.0 --add-key AQAM0aliR5JvDRAAQBu0stWl9ZhZrcjijg2BIQ== [2022-06-15 12:31:17,481][ceph_volume.process][INFO ] stdout creating /var/lib/ceph/osd/ceph-0/keyring added entity osd.0 auth(key=AQAM0aliR5JvDRAAQBu0stWl9ZhZrcjijg2BIQ==) ``` This shouldn't be logged nor printed on terminal. Fixes: https://tracker.ceph.com/issues/56071 Signed-off-by: Guillaume Abrioux (cherry picked from commit 4b9cc6b303588e0c44443debe4f04c6160adf5a2) --- diff --git a/src/ceph-volume/ceph_volume/util/prepare.py b/src/ceph-volume/ceph_volume/util/prepare.py index df6d8c70401c..ff7427eedd20 100644 --- a/src/ceph-volume/ceph_volume/util/prepare.py +++ b/src/ceph-volume/ceph_volume/util/prepare.py @@ -19,7 +19,8 @@ mlogger = terminal.MultiLogger(__name__) def create_key(): stdout, stderr, returncode = process.call( ['ceph-authtool', '--gen-print-key'], - show_command=True) + show_command=True, + logfile_verbose=False) if returncode != 0: raise RuntimeError('Unable to generate a new auth key') return ' '.join(stdout).strip() @@ -40,13 +41,15 @@ def write_keyring(osd_id, secret, keyring_name='keyring', name=None): """ osd_keyring = '/var/lib/ceph/osd/%s-%s/%s' % (conf.cluster, osd_id, keyring_name) name = name or 'osd.%s' % str(osd_id) - process.run( + mlogger.info(f'Creating keyring file for {name}') + process.call( [ 'ceph-authtool', osd_keyring, '--create-keyring', '--name', name, '--add-key', secret - ]) + ], + logfile_verbose=False) system.chown(osd_keyring)