From 5213612eafc2d3bde4de453bfa072473e8bf0be7 Mon Sep 17 00:00:00 2001 From: Neelaksh Singh Date: Thu, 20 May 2021 02:04:02 -0400 Subject: [PATCH] Sensitive key data now hidden in output log Fixes: #6529 Signed-off-by: Neelaksh Singh (cherry picked from commit d18a9860cde2981bcd71198f152924cc6cf05932) --- roles/ceph-client/tasks/create_users_keys.yml | 4 ++++ roles/ceph-client/tasks/pre_requisite.yml | 1 + roles/ceph-crash/tasks/main.yml | 1 + roles/ceph-iscsi-gw/tasks/common.yml | 1 + roles/ceph-mds/tasks/common.yml | 2 ++ roles/ceph-mgr/tasks/common.yml | 1 + roles/ceph-nfs/tasks/main.yml | 1 + roles/ceph-nfs/tasks/pre_requisite_container.yml | 1 + roles/ceph-nfs/tasks/pre_requisite_non_container.yml | 1 + roles/ceph-osd/tasks/common.yml | 2 ++ roles/ceph-osd/tasks/openstack_config.yml | 1 + roles/ceph-rbd-mirror/tasks/common.yml | 1 + roles/ceph-rgw/tasks/common.yml | 1 + 13 files changed, 18 insertions(+) diff --git a/roles/ceph-client/tasks/create_users_keys.yml b/roles/ceph-client/tasks/create_users_keys.yml index 7af9abe54..0c99fbb50 100644 --- a/roles/ceph-client/tasks/create_users_keys.yml +++ b/roles/ceph-client/tasks/create_users_keys.yml @@ -52,6 +52,7 @@ - cephx | bool - keys | length > 0 - inventory_hostname == groups.get('_filtered_clients') | first + no_log: true - name: slurp client cephx key(s) slurp: @@ -63,6 +64,7 @@ - cephx | bool - keys | length > 0 - inventory_hostname == groups.get('_filtered_clients') | first + no_log: true - name: pool related tasks when: @@ -170,3 +172,5 @@ group: "{{ ceph_uid }}" with_items: "{{ hostvars[groups['_filtered_clients'][0]]['slurp_client_keys']['results'] }}" when: not item.get('skipped', False) + no_log: true + diff --git a/roles/ceph-client/tasks/pre_requisite.yml b/roles/ceph-client/tasks/pre_requisite.yml index 697352377..1f144f776 100644 --- a/roles/ceph-client/tasks/pre_requisite.yml +++ b/roles/ceph-client/tasks/pre_requisite.yml @@ -22,4 +22,5 @@ with_items: "{{ _client_keys.results }}" when: - item.item.copy_key | bool + no_log: true when: cephx | bool diff --git a/roles/ceph-crash/tasks/main.yml b/roles/ceph-crash/tasks/main.yml index 97f126c71..89536f4d5 100644 --- a/roles/ceph-crash/tasks/main.yml +++ b/roles/ceph-crash/tasks/main.yml @@ -50,6 +50,7 @@ owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}" group: "{{ ceph_uid if containerized_deployment else 'ceph' }}" mode: "{{ ceph_keyring_permissions }}" + no_log: true - name: start ceph-crash daemon when: containerized_deployment | bool diff --git a/roles/ceph-iscsi-gw/tasks/common.yml b/roles/ceph-iscsi-gw/tasks/common.yml index 292903e35..c5f94ed02 100644 --- a/roles/ceph-iscsi-gw/tasks/common.yml +++ b/roles/ceph-iscsi-gw/tasks/common.yml @@ -21,6 +21,7 @@ when: - cephx | bool - item.item.copy_key | bool + no_log: true - name: add mgr ip address to trusted list with dashboard - ipv4 set_fact: diff --git a/roles/ceph-mds/tasks/common.yml b/roles/ceph-mds/tasks/common.yml index c9df2017d..7d5f9c281 100644 --- a/roles/ceph-mds/tasks/common.yml +++ b/roles/ceph-mds/tasks/common.yml @@ -33,3 +33,5 @@ when: - cephx | bool - item.item.copy_key | bool + no_log: true + diff --git a/roles/ceph-mgr/tasks/common.yml b/roles/ceph-mgr/tasks/common.yml index 9d2d82ec4..0c8ae8a04 100644 --- a/roles/ceph-mgr/tasks/common.yml +++ b/roles/ceph-mgr/tasks/common.yml @@ -74,6 +74,7 @@ - cephx | bool - item is not skipped - item.item.copy_key | bool + no_log: true - name: set mgr key permissions file: diff --git a/roles/ceph-nfs/tasks/main.yml b/roles/ceph-nfs/tasks/main.yml index b788826e4..186fb0f52 100644 --- a/roles/ceph-nfs/tasks/main.yml +++ b/roles/ceph-nfs/tasks/main.yml @@ -75,6 +75,7 @@ when: - not item.0.get('skipped', False) - item.0.item.name == 'client.' + ceph_nfs_ceph_user or item.0.item.name == rgw_client_name + no_log: true - name: include start_nfs.yml import_tasks: start_nfs.yml diff --git a/roles/ceph-nfs/tasks/pre_requisite_container.yml b/roles/ceph-nfs/tasks/pre_requisite_container.yml index 54010dfb7..24d3121f9 100644 --- a/roles/ceph-nfs/tasks/pre_requisite_container.yml +++ b/roles/ceph-nfs/tasks/pre_requisite_container.yml @@ -32,6 +32,7 @@ when: - cephx | bool - item.item.copy_key | bool + no_log: true when: groups.get(mon_group_name, []) | length > 0 - name: dbus related tasks diff --git a/roles/ceph-nfs/tasks/pre_requisite_non_container.yml b/roles/ceph-nfs/tasks/pre_requisite_non_container.yml index 0bf796a05..4bf1b59be 100644 --- a/roles/ceph-nfs/tasks/pre_requisite_non_container.yml +++ b/roles/ceph-nfs/tasks/pre_requisite_non_container.yml @@ -69,6 +69,7 @@ when: - cephx | bool - item.item.copy_key | bool + no_log: true - name: nfs object gateway related tasks when: nfs_obj_gw | bool diff --git a/roles/ceph-osd/tasks/common.yml b/roles/ceph-osd/tasks/common.yml index 989830952..40f01b6c2 100644 --- a/roles/ceph-osd/tasks/common.yml +++ b/roles/ceph-osd/tasks/common.yml @@ -35,3 +35,5 @@ - cephx | bool - item is not skipped - item.item.copy_key | bool + no_log: true + diff --git a/roles/ceph-osd/tasks/openstack_config.yml b/roles/ceph-osd/tasks/openstack_config.yml index 2adf3ed90..1b8c8d2be 100644 --- a/roles/ceph-osd/tasks/openstack_config.yml +++ b/roles/ceph-osd/tasks/openstack_config.yml @@ -119,6 +119,7 @@ - "{{ _osp_keys.results }}" - "{{ groups[mon_group_name] }}" delegate_to: "{{ item.1 }}" + no_log: true when: - cephx | bool - openstack_config | bool diff --git a/roles/ceph-rbd-mirror/tasks/common.yml b/roles/ceph-rbd-mirror/tasks/common.yml index 5fee414d5..4de1bc7d1 100644 --- a/roles/ceph-rbd-mirror/tasks/common.yml +++ b/roles/ceph-rbd-mirror/tasks/common.yml @@ -22,6 +22,7 @@ when: - cephx | bool - item.item.copy_key | bool + no_log: true - name: create rbd-mirror keyring command: > diff --git a/roles/ceph-rgw/tasks/common.yml b/roles/ceph-rgw/tasks/common.yml index 50e4a6f27..e325ede5b 100644 --- a/roles/ceph-rgw/tasks/common.yml +++ b/roles/ceph-rgw/tasks/common.yml @@ -32,3 +32,4 @@ - cephx | bool - item is not skipped - item.item.copy_key | bool + no_log: true