Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1547600

Summary: Cinder logs rabbitmq password in debug log
Product: Red Hat OpenStack Reporter: Eric Harney <eharney>
Component: openstack-cinderAssignee: Eric Harney <eharney>
Status: CLOSED ERRATA QA Contact: Avi Avraham <aavraham>
Severity: high Docs Contact: Kim Nylander <knylande>
Priority: high    
Version: 10.0 (Newton)CC: aavraham, chhudson, cschwede, dmacpher, eharney, juwu, knylande, pgrist, srevivo, tshefi, wlehman, wliu
Target Milestone: z8Keywords: Triaged, ZStream
Target Release: 10.0 (Newton)Flags: tshefi: automate_bug-
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-cinder-9.1.4-26.el7ost Doc Type: Bug Fix
Doc Text:
With debug logging enabled, Cinder logged the RabbitMQ password into log files. This update masks the password in the log files.
 Story Points: ---
Clone Of: 1546830 Environment:
Last Closed: 2018-05-17 15:49:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1546830, 1547598    
Bug Blocks:    

Description Eric Harney 2018-02-21 15:26:04 UTC 
+++ This bug was initially created as a clone of Bug #1546830 +++

With debug logging enabled, cinder logs rabbitmq passwords.

https://bugs.launchpad.net/cinder/+bug/1750074
Comment 1 Eric Harney 2018-02-22 14:43:44 UTC 
*** Bug 1547851 has been marked as a duplicate of this bug. ***
Comment 17 Tzach Shefi 2018-04-26 09:03:18 UTC 
Using --latest infra flag produced a newer puddle->10 -p 2018-04-24.2

Verified on:
openstack-cinder-9.1.4-33.el7ost.noarch

With Cinder debug=true on controller, no password found *** ->  

[root@controller-0 ~]# grep transport_url /var/log/cinder/scheduler.log 
2018-04-25 15:44:19.566 89169 DEBUG cinder.service [req-4adb5a11-898f-4d3e-920f-f1200c6d65e9 - - - - -] transport_url                  = **** log_opt_values /usr/lib/python2.7/site-packages/oslo_config/cfg.py:2622
2018-04-25 15:44:19.620 89169 DEBUG cinder.service [req-4adb5a11-898f-4d3e-920f-f1200c6d65e9 - - - - -] oslo_messaging_notifications.transport_url = **** log_opt_values /usr/lib/python2.7/site-packages/oslo_config/cfg.py:2630
2018-04-25 15:44:19.741 89169 DEBUG oslo_service.service [req-4adb5a11-898f-4d3e-920f-f1200c6d65e9 - - - - -] transport_url                  = **** log_opt_values /usr/lib/python2.7/site-packages/oslo_config/cfg.py:2622
2018-04-25 15:44:19.778 89169 DEBUG oslo_service.service [req-4adb5a11-898f-4d3e-920f-f1200c6d65e9 - - - - -] oslo_messaging_notifications.transport_url = **** log_opt_values /usr/lib/python2.7/site-packages/oslo_config/cfg.py:2630


From Cinder.conf -> rabbit_password = JgUszDXxjtBJEwZkEnWtbfJcy
[root@controller-0 ~]# grep -ir JgUszDXxjtBJEwZkEnWtbfJcy /var/log
Returns null. 

Don't see rabbit's password mentioned any where under /var/log/
Comment 20 errata-xmlrpc 2018-05-17 15:49:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1602