From e0b6bb96ec1b93a6fd5735f1b24c76f7cc1abb3b Mon Sep 17 00:00:00 2001
From: Neelaksh Singh <neelaksh48@gmail.com>
Date: Thu, 20 May 2021 02:04:02 -0400
Subject: [PATCH] Sensitive key data now hidden in output log

Fixes: #6529

Signed-off-by: Neelaksh Singh <neelaksh48@gmail.com>
(cherry picked from commit d18a9860cde2981bcd71198f152924cc6cf05932)
---
 roles/ceph-client/tasks/create_users_keys.yml        | 4 ++++
 roles/ceph-client/tasks/pre_requisite.yml            | 1 +
 roles/ceph-crash/tasks/main.yml                      | 1 +
 roles/ceph-iscsi-gw/tasks/common.yml                 | 1 +
 roles/ceph-mds/tasks/common.yml                      | 2 ++
 roles/ceph-mgr/tasks/common.yml                      | 1 +
 roles/ceph-nfs/tasks/main.yml                        | 1 +
 roles/ceph-nfs/tasks/pre_requisite_container.yml     | 3 ++-
 roles/ceph-nfs/tasks/pre_requisite_non_container.yml | 1 +
 roles/ceph-osd/tasks/common.yml                      | 2 ++
 roles/ceph-osd/tasks/openstack_config.yml            | 1 +
 roles/ceph-rbd-mirror/tasks/common.yml               | 1 +
 roles/ceph-rgw/tasks/common.yml                      | 1 +
 13 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/roles/ceph-client/tasks/create_users_keys.yml b/roles/ceph-client/tasks/create_users_keys.yml
index a754d9803..c9512175c 100644
--- a/roles/ceph-client/tasks/create_users_keys.yml
+++ b/roles/ceph-client/tasks/create_users_keys.yml
@@ -39,6 +39,7 @@
     - cephx | bool
     - keys | length > 0
     - inventory_hostname == groups.get('_filtered_clients') | first
+  no_log: true
 
 - name: slurp client cephx key(s)
   slurp:
@@ -50,6 +51,7 @@
     - cephx | bool
     - keys | length > 0
     - inventory_hostname == groups.get('_filtered_clients') | first
+  no_log: true
 
 - name: pool related tasks
   when:
@@ -90,3 +92,5 @@
     group: "{{ ceph_uid }}"
   with_items: "{{ hostvars[groups['_filtered_clients'][0]]['slurp_client_keys']['results'] }}"
   when: not item.get('skipped', False)
+  no_log: true
+
diff --git a/roles/ceph-client/tasks/pre_requisite.yml b/roles/ceph-client/tasks/pre_requisite.yml
index 512bbd8fc..e928c664b 100644
--- a/roles/ceph-client/tasks/pre_requisite.yml
+++ b/roles/ceph-client/tasks/pre_requisite.yml
@@ -21,6 +21,7 @@
         owner: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
         group: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
         mode: "{{ ceph_keyring_permissions }}"
+      no_log: true
   when:
     - cephx | bool
     - copy_admin_key | bool
diff --git a/roles/ceph-crash/tasks/main.yml b/roles/ceph-crash/tasks/main.yml
index 4d6d247d1..9723b2477 100644
--- a/roles/ceph-crash/tasks/main.yml
+++ b/roles/ceph-crash/tasks/main.yml
@@ -40,6 +40,7 @@
         owner: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
         group: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
         mode: "{{ ceph_keyring_permissions }}"
+      no_log: true
 
 - name: start ceph-crash daemon
   when: containerized_deployment | bool
diff --git a/roles/ceph-iscsi-gw/tasks/common.yml b/roles/ceph-iscsi-gw/tasks/common.yml
index 0170d4929..b43c0e02d 100644
--- a/roles/ceph-iscsi-gw/tasks/common.yml
+++ b/roles/ceph-iscsi-gw/tasks/common.yml
@@ -25,6 +25,7 @@
   when:
     - cephx | bool
     - copy_admin_key | bool
+  no_log: true
 
 - name: add mgr ip address to trusted list with dashboard - ipv4
   set_fact:
diff --git a/roles/ceph-mds/tasks/common.yml b/roles/ceph-mds/tasks/common.yml
index 83ba66111..d4c9b1f41 100644
--- a/roles/ceph-mds/tasks/common.yml
+++ b/roles/ceph-mds/tasks/common.yml
@@ -40,3 +40,5 @@
   when:
     - cephx | bool
     - item.item.copy_key | bool
+  no_log: true
+
diff --git a/roles/ceph-mgr/tasks/common.yml b/roles/ceph-mgr/tasks/common.yml
index a0fec866f..056638852 100644
--- a/roles/ceph-mgr/tasks/common.yml
+++ b/roles/ceph-mgr/tasks/common.yml
@@ -81,6 +81,7 @@
         - cephx | bool
         - item is not skipped
         - item.item.copy_key | bool
+      no_log: true
 
 - name: set mgr key permissions
   file:
diff --git a/roles/ceph-nfs/tasks/main.yml b/roles/ceph-nfs/tasks/main.yml
index 4917e453f..2169908ac 100644
--- a/roles/ceph-nfs/tasks/main.yml
+++ b/roles/ceph-nfs/tasks/main.yml
@@ -75,6 +75,7 @@
       when:
         - not item.0.get('skipped', False)
         - item.0.item.name == 'client.' + ceph_nfs_ceph_user or item.0.item.name == rgw_client_name
+      no_log: true
 
 - name: include start_nfs.yml
   import_tasks: start_nfs.yml
diff --git a/roles/ceph-nfs/tasks/pre_requisite_container.yml b/roles/ceph-nfs/tasks/pre_requisite_container.yml
index d130f5ef2..599f78f82 100644
--- a/roles/ceph-nfs/tasks/pre_requisite_container.yml
+++ b/roles/ceph-nfs/tasks/pre_requisite_container.yml
@@ -39,6 +39,7 @@
       when:
         - cephx | bool
         - item.item.copy_key | bool
+      no_log: true
   when: groups.get(mon_group_name, []) | length > 0
 
 - name: dbus related tasks
@@ -59,4 +60,4 @@
 
     - name: reload dbus configuration
       command: "killall -SIGHUP dbus-daemon"
-  when: ceph_nfs_dynamic_exports | bool
\ No newline at end of file
+  when: ceph_nfs_dynamic_exports | bool
diff --git a/roles/ceph-nfs/tasks/pre_requisite_non_container.yml b/roles/ceph-nfs/tasks/pre_requisite_non_container.yml
index 862aaac1b..f197eec9d 100644
--- a/roles/ceph-nfs/tasks/pre_requisite_non_container.yml
+++ b/roles/ceph-nfs/tasks/pre_requisite_non_container.yml
@@ -74,6 +74,7 @@
       when:
         - cephx | bool
         - item.item.copy_key | bool
+      no_log: true
 
     - name: nfs object gateway related tasks
       when: nfs_obj_gw | bool
diff --git a/roles/ceph-osd/tasks/common.yml b/roles/ceph-osd/tasks/common.yml
index c65a884d6..86087cec1 100644
--- a/roles/ceph-osd/tasks/common.yml
+++ b/roles/ceph-osd/tasks/common.yml
@@ -42,3 +42,5 @@
     - cephx | bool
     - item is not skipped
     - item.item.copy_key | bool
+  no_log: true
+
diff --git a/roles/ceph-osd/tasks/openstack_config.yml b/roles/ceph-osd/tasks/openstack_config.yml
index 83139ad16..254f86a18 100644
--- a/roles/ceph-osd/tasks/openstack_config.yml
+++ b/roles/ceph-osd/tasks/openstack_config.yml
@@ -60,6 +60,7 @@
         - "{{ _osp_keys.results }}"
         - "{{ groups[mon_group_name] }}"
       delegate_to: "{{ item.1 }}"
+      no_log: true
   when:
     - cephx | bool
     - openstack_config | bool
diff --git a/roles/ceph-rbd-mirror/tasks/common.yml b/roles/ceph-rbd-mirror/tasks/common.yml
index 14f5284d2..a47da60e6 100644
--- a/roles/ceph-rbd-mirror/tasks/common.yml
+++ b/roles/ceph-rbd-mirror/tasks/common.yml
@@ -29,6 +29,7 @@
   when:
     - cephx | bool
     - item.item.copy_key | bool
+  no_log: true
 
 - name: create rbd-mirror keyring
   ceph_key:
diff --git a/roles/ceph-rgw/tasks/common.yml b/roles/ceph-rgw/tasks/common.yml
index af54e9029..237f110f6 100644
--- a/roles/ceph-rgw/tasks/common.yml
+++ b/roles/ceph-rgw/tasks/common.yml
@@ -39,6 +39,7 @@
     - cephx | bool
     - item is not skipped
     - item.item.copy_key | bool
+  no_log: true
 
 - name: copy SSL certificate & key data to certificate path
   copy:
-- 
2.47.3