1546830 – Cinder logs rabbitmq password in debug log

Bug 1546830 - Cinder logs rabbitmq password in debug log

Summary: Cinder logs rabbitmq password in debug log

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-cinder
Sub Component:
Version:	12.0 (Pike)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	z3
Target Release:	12.0 (Pike)
Assignee:	Eric Harney
QA Contact:	Avi Avraham
Docs Contact:	Kim Nylander
URL:
Whiteboard:
Depends On:
Blocks:	1547598 1547600
TreeView+	depends on / blocked

Reported:	2018-02-19 17:27 UTC by Eric Harney
Modified:	2021-03-24 11:35 UTC (History)
CC List:	5 users (show)
Fixed In Version:	openstack-cinder-11.1.0-2.el7ost
Doc Type:	Bug Fix
Doc Text:	With debug logging enabled, Cinder logged the RabbitMQ password into log files. With this update, the password is now masked in the log files.
Clone Of:
Clones:	1547598 1547600 1547716 (view as bug list)
Environment:
Last Closed:	2018-08-20 12:46:46 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1750074	None	None	None	2018-02-19 17:27:01 UTC
OpenStack gerrit	545486	None	None	None	2018-02-21 15:20:15 UTC
Red Hat Bugzilla	1547716	high	CLOSED	Manila logs rabbitmq password in debug log	2021-02-22 00:41:40 UTC
Red Hat Product Errata	RHBA-2018:2516	None	None	None	2018-08-20 12:47:54 UTC

Internal Links: 1547716

Description Eric Harney 2018-02-19 17:27:01 UTC

With debug logging enabled, cinder logs rabbitmq passwords.

https://bugs.launchpad.net/cinder/+bug/1750074

Comment 9 Tzach Shefi 2018-06-30 19:23:37 UTC

Verified on:
openstack-cinder-11.1.0-14.el7ost.noarch

Deploye a system with Cinder debug=true.
From cinder.conf
[root@controller-0 ~]# grep rabbit_pass /etc/cinder/cinder.conf 
#rabbit_password = guest
rabbit_password=chPtzjPyJUEQDAcj4UkmbJyby

Grepping for password returns nothing.
Meaning password doesn't show up in logs any more, OK to verify. 

grep -ir chPtzjPyJUEQDAcj4UkmbJyby /var/log/cinder/
[root@controller-0 ~]#

Comment 11 errata-xmlrpc 2018-08-20 12:46:46 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2516

Note You need to log in before you can comment on or make changes to this bug.