From 68d71309fc3bb2d35c60df5dfd30982f85e5c11a Mon Sep 17 00:00:00 2001 From: Guillaume Abrioux Date: Thu, 16 Jun 2022 09:22:18 +0200 Subject: [PATCH] ceph-volume: do not print the secret of osd keyring during osd preparation, ceph-volume logs the secret of the osd keyring to file ``` [2022-06-15 12:31:17,466][ceph_volume.process][INFO ] Running command: /usr/bin/ceph-authtool /var/lib/ceph/osd/ceph-0/keyring --create-keyring --name osd.0 --add-key AQAM0aliR5JvDRAAQBu0stWl9ZhZrcjijg2BIQ== [2022-06-15 12:31:17,481][ceph_volume.process][INFO ] stdout creating /var/lib/ceph/osd/ceph-0/keyring added entity osd.0 auth(key=AQAM0aliR5JvDRAAQBu0stWl9ZhZrcjijg2BIQ==) ``` This shouldn't be logged nor printed on terminal. Fixes: https://tracker.ceph.com/issues/56071 Signed-off-by: Guillaume Abrioux (cherry picked from commit 4b9cc6b303588e0c44443debe4f04c6160adf5a2) --- src/ceph-volume/ceph_volume/util/prepare.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/ceph-volume/ceph_volume/util/prepare.py b/src/ceph-volume/ceph_volume/util/prepare.py index df6d8c70401ca..ff7427eedd207 100644 --- a/src/ceph-volume/ceph_volume/util/prepare.py +++ b/src/ceph-volume/ceph_volume/util/prepare.py @@ -19,7 +19,8 @@ mlogger = terminal.MultiLogger(__name__) def create_key(): stdout, stderr, returncode = process.call( ['ceph-authtool', '--gen-print-key'], - show_command=True) + show_command=True, + logfile_verbose=False) if returncode != 0: raise RuntimeError('Unable to generate a new auth key') return ' '.join(stdout).strip() @@ -40,13 +41,15 @@ def write_keyring(osd_id, secret, keyring_name='keyring', name=None): """ osd_keyring = '/var/lib/ceph/osd/%s-%s/%s' % (conf.cluster, osd_id, keyring_name) name = name or 'osd.%s' % str(osd_id) - process.run( + mlogger.info(f'Creating keyring file for {name}') + process.call( [ 'ceph-authtool', osd_keyring, '--create-keyring', '--name', name, '--add-key', secret - ]) + ], + logfile_verbose=False) system.chown(osd_keyring) -- 2.39.5