Bug 1547598

Summary: Cinder logs rabbitmq password in debug log
Product: Red Hat OpenStack Reporter: Eric Harney <eharney>
Component: openstack-cinderAssignee: Eric Harney <eharney>
Status: CLOSED ERRATA QA Contact: Avi Avraham <aavraham>
Severity: high Docs Contact: Kim Nylander <knylande>
Priority: high    
Version: 11.0 (Ocata)CC: aavraham, cschwede, eharney, juwu, knylande, srevivo, tshefi
Target Milestone: z5Keywords: Triaged, ZStream
Target Release: 11.0 (Ocata)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-cinder-10.0.6-16.el7ost Doc Type: Bug Fix
Doc Text:
With debug logging enabled, Cinder logged the RabbitMQ password into log files. With this update, the password is now masked in the log files.
 Story Points: ---
Clone Of: 1546830 Environment:
Last Closed: 2018-05-18 16:48:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1546830, 1547716    
Bug Blocks: 1547600    

Description Eric Harney 2018-02-21 15:24:42 UTC 
+++ This bug was initially created as a clone of Bug #1546830 +++

With debug logging enabled, cinder logs rabbitmq passwords.

https://bugs.launchpad.net/cinder/+bug/1750074
Comment 7 Tzach Shefi 2018-05-06 10:21:48 UTC 
Verified on:
openstack-cinder-10.0.6-24.el7ost.noarch

This is the password from cinder.conf
#rabbit_password = guest
rabbit_password = m3pYn2jyRZRkGhAgB6arnbPTv

Debug=true

[root@controller-0 ~]# grep -r m3pYn2jyRZRkGhAgB6arnbPTv /var/log/cinder/
Nothing found 

[root@controller-0 ~]# grep -ir transport_url /var/log/cinder/
/var/log/cinder/scheduler.log:2018-05-06 10:17:16.153 225227 DEBUG cinder.service [req-21049d18-61c6-47b2-b20d-fc615b4e3307 - - - - -] transport_url                  = **** log_opt_values /usr/lib/python2.7/site-packages/oslo_config/cfg.py:2740
/var/log/cinder/scheduler.log:2018-05-06 10:17:16.183 225227 DEBUG cinder.service [req-21049d18-61c6-47b2-b20d-fc615b4e3307 - - - - -] oslo_messaging_notifications.transport_url = **** log_opt_values 

Also nothing found
Comment 10 errata-xmlrpc 2018-05-18 16:48:49 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1611