1547598 – Cinder logs rabbitmq password in debug log

Bug 1547598 - Cinder logs rabbitmq password in debug log

Summary: Cinder logs rabbitmq password in debug log

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-cinder
Sub Component:
Version:	11.0 (Ocata)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	z5
Target Release:	11.0 (Ocata)
Assignee:	Eric Harney
QA Contact:	Avi Avraham
Docs Contact:	Kim Nylander
URL:
Whiteboard:
Depends On:	1546830 1547716
Blocks:	1547600
TreeView+	depends on / blocked

Reported:	2018-02-21 15:24 UTC by Eric Harney
Modified:	2021-03-24 11:34 UTC (History)
CC List:	7 users (show)
Fixed In Version:	openstack-cinder-10.0.6-16.el7ost
Doc Type:	Bug Fix
Doc Text:	With debug logging enabled, Cinder logged the RabbitMQ password into log files. With this update, the password is now masked in the log files.
Clone Of:	1546830
Environment:
Last Closed:	2018-05-18 16:48:49 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1750074	None	None	None	2018-02-21 15:24:41 UTC
OpenStack gerrit	545486	None	None	None	2018-02-21 15:24:41 UTC
Red Hat Product Errata	RHBA-2018:1611	None	None	None	2018-05-18 16:50:03 UTC

Description Eric Harney 2018-02-21 15:24:42 UTC

+++ This bug was initially created as a clone of Bug #1546830 +++

With debug logging enabled, cinder logs rabbitmq passwords.

https://bugs.launchpad.net/cinder/+bug/1750074

Comment 7 Tzach Shefi 2018-05-06 10:21:48 UTC

Verified on:
openstack-cinder-10.0.6-24.el7ost.noarch

This is the password from cinder.conf
#rabbit_password = guest
rabbit_password = m3pYn2jyRZRkGhAgB6arnbPTv

Debug=true

[root@controller-0 ~]# grep -r m3pYn2jyRZRkGhAgB6arnbPTv /var/log/cinder/
Nothing found 

[root@controller-0 ~]# grep -ir transport_url /var/log/cinder/
/var/log/cinder/scheduler.log:2018-05-06 10:17:16.153 225227 DEBUG cinder.service [req-21049d18-61c6-47b2-b20d-fc615b4e3307 - - - - -] transport_url                  = **** log_opt_values /usr/lib/python2.7/site-packages/oslo_config/cfg.py:2740
/var/log/cinder/scheduler.log:2018-05-06 10:17:16.183 225227 DEBUG cinder.service [req-21049d18-61c6-47b2-b20d-fc615b4e3307 - - - - -] oslo_messaging_notifications.transport_url = **** log_opt_values 

Also nothing found

Comment 10 errata-xmlrpc 2018-05-18 16:48:49 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1611

Note You need to log in before you can comment on or make changes to this bug.