Bug 1547600 - Cinder logs rabbitmq password in debug log
Summary: Cinder logs rabbitmq password in debug log
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-cinder
Version: 10.0 (Newton)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: z8
: 10.0 (Newton)
Assignee: Eric Harney
QA Contact: Avi Avraham
Kim Nylander
URL:
Whiteboard:
: 1547851 (view as bug list)
Depends On: 1546830 1547598
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-02-21 15:26 UTC by Eric Harney
Modified: 2023-01-13 10:44 UTC (History)
12 users (show)

Fixed In Version: openstack-cinder-9.1.4-26.el7ost
Doc Type: Bug Fix
Doc Text:
With debug logging enabled, Cinder logged the RabbitMQ password into log files. This update masks the password in the log files.
Clone Of: 1546830
Environment:
Last Closed: 2018-05-17 15:49:07 UTC
Target Upstream Version:
Embargoed:
tshefi: automate_bug-

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1750074 0 None None None 2018-02-21 15:26:03 UTC
OpenStack gerrit 545486 0 None None None 2018-02-21 15:26:03 UTC
Red Hat Issue Tracker OSP-4898 0 None None None 2022-08-16 11:09:39 UTC
Red Hat Product Errata RHBA-2018:1602 0 None None None 2018-05-17 15:50:12 UTC

Description Eric Harney 2018-02-21 15:26:04 UTC 
+++ This bug was initially created as a clone of Bug #1546830 +++

With debug logging enabled, cinder logs rabbitmq passwords.

https://bugs.launchpad.net/cinder/+bug/1750074
Comment 1 Eric Harney 2018-02-22 14:43:44 UTC 
*** Bug 1547851 has been marked as a duplicate of this bug. ***
Comment 17 Tzach Shefi 2018-04-26 09:03:18 UTC 
Using --latest infra flag produced a newer puddle->10 -p 2018-04-24.2

Verified on:
openstack-cinder-9.1.4-33.el7ost.noarch

With Cinder debug=true on controller, no password found *** ->  

[root@controller-0 ~]# grep transport_url /var/log/cinder/scheduler.log 
2018-04-25 15:44:19.566 89169 DEBUG cinder.service [req-4adb5a11-898f-4d3e-920f-f1200c6d65e9 - - - - -] transport_url                  = **** log_opt_values /usr/lib/python2.7/site-packages/oslo_config/cfg.py:2622
2018-04-25 15:44:19.620 89169 DEBUG cinder.service [req-4adb5a11-898f-4d3e-920f-f1200c6d65e9 - - - - -] oslo_messaging_notifications.transport_url = **** log_opt_values /usr/lib/python2.7/site-packages/oslo_config/cfg.py:2630
2018-04-25 15:44:19.741 89169 DEBUG oslo_service.service [req-4adb5a11-898f-4d3e-920f-f1200c6d65e9 - - - - -] transport_url                  = **** log_opt_values /usr/lib/python2.7/site-packages/oslo_config/cfg.py:2622
2018-04-25 15:44:19.778 89169 DEBUG oslo_service.service [req-4adb5a11-898f-4d3e-920f-f1200c6d65e9 - - - - -] oslo_messaging_notifications.transport_url = **** log_opt_values /usr/lib/python2.7/site-packages/oslo_config/cfg.py:2630


From Cinder.conf -> rabbit_password = JgUszDXxjtBJEwZkEnWtbfJcy
[root@controller-0 ~]# grep -ir JgUszDXxjtBJEwZkEnWtbfJcy /var/log
Returns null. 

Don't see rabbit's password mentioned any where under /var/log/
Comment 20 errata-xmlrpc 2018-05-17 15:49:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1602
Note You need to log in before you can comment on or make changes to this bug.