This wishlist bug has been open a year without any activity. I'm going to move it to "Opinion / Wishlist", which is an easily-obtainable queue of older requests that have come on.
In case you want to work on that, consider writing a blueprints [1] and spec [2]. I'll recommend to read [3] if not yet done. The effort to implement the requested feature is then driven only by the blueprint (and spec). References: [1] https://blueprints.launchpad.net/nova/ [2] https://github.com/openstack/nova-specs [3] https://wiki.openstack.org/wiki/Blueprints ** Changed in: nova Status: Confirmed => Opinion -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1348840 Title: Nova logs iscsi passwords when attaching volumes Status in OpenStack Compute (nova): Opinion Bug description: Example: 2014-07-25 21:50:12.987 4750 DEBUG nova.openstack.common.processutils [req-251c525c-b92e-4638-89a0-c77ee887ff17 119a4280aa594405aabc31b4fc0f640c ae356b4961204701ae7e89b7495c28bb] Running cmd (subprocess): sudo nova-rootwrap /etc/nova/rootwrap.conf iscsiadm -m node -T iqn.2010-10.org.openstack:volume-5940c9ef-ebec-448a-a8eb-971f0ef32a69 -p 10.191.1.1:3260 --op update -n node.session.auth.password -v 266nnohUEzTRP5QtPJ47 execute /usr/lib/python2.7/dist-packages/nova/openstack/common/processutils.py:154 2014-07-25 21:50:13.057 4750 DEBUG nova.openstack.common.processutils [req-251c525c-b92e-4638-89a0-c77ee887ff17 119a4280aa594405aabc31b4fc0f640c ae356b4961204701ae7e89b7495c28bb] Result was 0 execute /usr/lib/python2.7/dist-packages/nova/openstack/common/processutils.py:187 2014-07-25 21:50:13.058 4750 DEBUG nova.virt.libvirt.volume [req-251c525c-b92e-4638-89a0-c77ee887ff17 119a4280aa594405aabc31b4fc0f640c ae356b4961204701ae7e89b7495c28bb] iscsiadm ('--op', 'update', '-n', 'node.session.auth.password', '-v', u'266nnohUEzTRP5QtPJ47'): stdout= stderr= _run_iscsiadm /usr/lib/python2.7/dist-packages/nova/virt/libvirt/volume.py:248 The part after the "-v" is the value to update the open-iscsi record with, and it is the password used to attach the volume. We've found that the following regex can catch these in the logs: node\.session\.auth\.password.* It's a debug level log message, so this issue can be avoided by turning off debug logging in production. However, since it's a command that gets executed with sudo, it ends up in /var/log/auth.log by default too. We'd like to fix this problem at the source by not executing a command that contains the password. Is there any other way to update the record? To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1348840/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
