ceph-volume: do not use --key during mkfs #19260
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Also, don't print the raw key to the log. Signed-off-by: Sage Weil <sage@redhat.com>
liewegas
force-pushed
the
wip-volume-key
branch
from
91c6527
to
b75f8b0
Compare
theanalyst
reviewed
Nov 30, 2017
| base_command.extend(['--key', keyring]) | ||
| import tempfile | ||
| temp = tempfile.NamedTemporaryFile() | ||
| os.chmod(f.name, 0600) |
There was a problem hiding this comment.
what is f here? are you meaning temp.name?
theanalyst
reviewed
Nov 30, 2017
| @@ -205,7 +205,12 @@ def osd_mkfs_bluestore(osd_id, fsid, keyring=None, wal=False, db=False): | |||
| ] | |||
|
|
|||
| if keyring is not None: | |||
| base_command.extend(['--key', keyring]) | |||
| import tempfile | |||
liewegas
force-pushed
the
wip-volume-key
branch
from
b75f8b0
to
672083c
Compare
|
@liewegas can you push this to ceph-ci so that we can trigger our functional tests? |
alfredodeza
reviewed
Nov 30, 2017
| @@ -221,7 +226,7 @@ def osd_mkfs_bluestore(osd_id, fsid, keyring=None, wal=False, db=False): | |||
|
|
|||
| command = base_command + supplementary_command | |||
|
|
|||
| process.run(command, obfuscate='--key') | |||
| process.run(command, obfuscate='--keyfile') | |||
There was a problem hiding this comment.
if the temp file is never closed it will not be removed. Are we OK with the file being around? If we want to remove it we would need to check if temp was created, and if so, then close it after process.run here
We do not want the key to show up on the command line (it may appear in the process list or sudo log file). Fixes: http://tracker.ceph.com/issues/22283 Signed-off-by: Sage Weil <sage@redhat.com>
liewegas
force-pushed
the
wip-volume-key
branch
from
672083c
to
41973ee
Compare
|
updated! better?
|
|
jenkins test ceph-volume lvm xenial-bluestore-create |
|
jenkins test ceph-volume lvm centos7-bluestore-create |
|
@liewegas valid failures from the bluestore side of things: From: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
http://tracker.ceph.com/issues/22283