From: Adam King <adking@redhat.com>
Date: Tue, 19 Oct 2021 12:19:53 +0000 (-0400)
Subject: mgr/cephadm: suppress TLSV1_ALERT_DECRYPT_ERROR from cherrypy
X-Git-Tag: v17.1.0~559^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=8ae74d991fdc2ce5a3e92412eae3aa63f183dbb2;p=ceph.git

mgr/cephadm: suppress TLSV1_ALERT_DECRYPT_ERROR from cherrypy

These errors can pop up transiently when the mgr restarts
as the agents have not yet been redeployed with the new certs.
If there's actually a persistant issue with the ssl handshake
we'll find out because the agent will stay down (and a health
warning will be raised). So, these tls alert errors end up not
being necessary to see and tend confuse people into thinking something
is actually wrong because a traceback is getting logged.

Signed-off-by: Adam King <adking@redhat.com>
---

diff --git a/src/pybind/mgr/cephadm/agent.py b/src/pybind/mgr/cephadm/agent.py
index 35067c0f35a5b..f0b112a089d4a 100644
--- a/src/pybind/mgr/cephadm/agent.py
+++ b/src/pybind/mgr/cephadm/agent.py
@@ -1,6 +1,7 @@
 import cherrypy
 import ipaddress
 import json
+import logging
 import socket
 import ssl
 import tempfile
@@ -27,6 +28,18 @@ if TYPE_CHECKING:
     from cephadm.module import CephadmOrchestrator
 
 
+def cherrypy_filter(record: logging.LogRecord) -> int:
+    blocked = [
+        'TLSV1_ALERT_DECRYPT_ERROR'
+    ]
+    msg = record.getMessage()
+    return not any([m for m in blocked if m in msg])
+
+
+logging.getLogger('cherrypy.access').addFilter(cherrypy_filter)
+logging.getLogger('cherrypy.error').addFilter(cherrypy_filter)
+
+
 class CherryPyThread(threading.Thread):
     def __init__(self, mgr: "CephadmOrchestrator") -> None:
         self.mgr = mgr