Re: [openstack-dev] [cinder] CHAP secret is visible in cinder volume log

2015-04-16 Thread Yogesh Prasad 
Hi All,

Thanks for your comments, due to time zone difference i was not able to
interact.

Regards,
Yogesh
*CloudByte Inc.* <http://www.cloudbyte.com/>

On Thu, Apr 16, 2015 at 11:19 PM, Mike Perez  wrote:

> On 09:41 Apr 16, Mike Perez wrote:
> > On 18:24 Apr 16, Yogesh Prasad wrote:
> > > Hi,
> > >
> > > I am wondering why screen-c-vol.log is displaying the CHAP secret.
> > >
> > > Logs:
> > >
> > > 2015-04-16 16:04:23.288 7306 DEBUG oslo_concurrency.processutils
> > > [req-23c699df-7b21-48d2-ba14-d8ed06642050
> ce8dccba9ccf48fb956060b3e54187a2
> > > 4ad219788df049e0b131e17f603d5faa - - -] CMD "sudo cinder-rootwrap
> > > /etc/cinder/rootwrap.conf iscsiadm -m node -T
> > > iqn.2015-04.acc1.tsm1:acc171fe6fc15fcc4bd4a841594b7876e3df -p
> > > 192.10.44.48:3260 --op update -n* node.session.auth.password -v ***"
> > > returned:* 0 in 0.088s execute
> > >
> /usr/local/lib/python2.7/dist-packages/oslo_concurrency/processutils.py:225
> > >
> > > Above log hides the secret.
> > >
> > > 2015-04-16 16:04:23.290 7306 DEBUG cinder.brick.initiator.connector
> > > [req-23c699df-7b21-48d2-ba14-d8ed06642050
> ce8dccba9ccf48fb956060b3e54187a2
> > > 4ad219788df049e0b131e17f603d5faa - - -] *iscsiadm ('--op', 'update',
> '-n',
> > > 'node.session.auth.password', '-v', u'fakeauthgroupchapsecret')*:
> stdout=
> > > stderr= _run_iscsiadm
> > > /opt/stack/cinder/cinder/brick/initiator/connector.py:455
> > >
> > > However, this one does not hide the secret.
> >
> > This is is specifically happening in oslo_concurrency lib. We could add
> 'v' to
> > the sanitize_keys in oslo_utils.strutils, but that seems a bit weird. I'm
> > waiting for someone to get back to me #openstack-oslo on how to best
> deal with
> > this.
>
> Duh thanks Walt.
>
> https://review.openstack.org/174484
> https://review.openstack.org/174485
>
> --
> Mike Perez
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [cinder] CHAP secret is visible in cinder volume log

2015-04-16 Thread Yogesh Prasad 
Hi,

I am wondering why screen-c-vol.log is displaying the CHAP secret.

Logs:

2015-04-16 16:04:23.288 7306 DEBUG oslo_concurrency.processutils
[req-23c699df-7b21-48d2-ba14-d8ed06642050 ce8dccba9ccf48fb956060b3e54187a2
4ad219788df049e0b131e17f603d5faa - - -] CMD "sudo cinder-rootwrap
/etc/cinder/rootwrap.conf iscsiadm -m node -T
iqn.2015-04.acc1.tsm1:acc171fe6fc15fcc4bd4a841594b7876e3df -p
192.10.44.48:3260 --op update -n* node.session.auth.password -v ***"
returned:* 0 in 0.088s execute
/usr/local/lib/python2.7/dist-packages/oslo_concurrency/processutils.py:225

Above log hides the secret.

2015-04-16 16:04:23.290 7306 DEBUG cinder.brick.initiator.connector
[req-23c699df-7b21-48d2-ba14-d8ed06642050 ce8dccba9ccf48fb956060b3e54187a2
4ad219788df049e0b131e17f603d5faa - - -] *iscsiadm ('--op', 'update', '-n',
'node.session.auth.password', '-v', u'fakeauthgroupchapsecret')*: stdout=
stderr= _run_iscsiadm
/opt/stack/cinder/cinder/brick/initiator/connector.py:455

However, this one does not hide the secret.

In addition, i find that the CHAP credentials are stored as plain string
the database table (volumes).

I guess these are security risks in the current implementation. Any
comments ?


Regards,
Yogesh
*CloudByte Inc.* 
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [devstack] [IceHouse] Install prettytable>=0.7 to satisfy pip 6/PEP 440

2015-01-02 Thread Yogesh Prasad 
Hi Stackers,

I observe that this commit is present in master branch.

commit 6ec66bb3d1354062ec70be972dba990e886084d5

Install prettytable>=0.7 to satisfy pip 6/PEP 440
...

However, I am facing the issues due to PEP 440 in devstack's
stable/icehouse branch. Is devstack icehouse still maintained ? In other
words will these fixes get into icehouse branch ?

Regards,
Yogesh
*CloudByte Inc.* 
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [cinder] volume creation failed.

2014-06-26 Thread Yogesh Prasad 
Hi,

I have a devstack setup.
Please tell me, how i can create separate log file for each type of logs.
like cinder-api, cinder-scheduler and cinder-volume logs.


On Thu, Jun 26, 2014 at 5:49 PM, Duncan Thomas 
wrote:

> I'm afraid that isn't the log we need to diagnose your problem. Can
> you put cinder-api, cinder-scheduler and cinder-volume logs up please?
>
> On 26 June 2014 13:12, Yogesh Prasad  wrote:
> > Hi All,
> >
> > I have a devstack setup , and i am trying to create a volume but it is
> > creating with error status.
> > Can any one tell me what is the problem?
> >
> > Screen logs --
> >
> > .py:297
> > 2014-06-26 17:37:04.370 DEBUG keystone.notifications [-] CADF Event:
> > {'typeURI': 'http://schemas.dmtf.org/cloud/audit/1.0/event',
> 'initiator':
> > {'typeURI': 'service/security/account/user', 'host': {'agent':
> > 'python-keystoneclient', 'address': '20.10.22.245'}, 'id':
> > 'openstack:d58d5688-f604-4362-9069-8cb217c029c8', 'name':
> > u'6fcd84d16da646dc825411da06bf26b2'}, 'target': {'typeURI':
> > 'service/security/account/user', 'id':
> > 'openstack:85ef43dd-b0ab-4726-898e-36107b06a231'}, 'observer':
> {'typeURI':
> > 'service/security', 'id':
> 'openstack:120866e8-51b9-4338-b41b-2dbea3aa4f17'},
> > 'eventType': 'activity', 'eventTime': '2014-06-26T12:07:04.368547+',
> > 'action': 'authenticate', 'outcome': 'success', 'id':
> > 'openstack:dda01da7-1274-4b4f-8ff5-1dcdb6d80ff4'} from (pid=7033)
> > _send_audit_notification
> /opt/stack/keystone/keystone/notifications.py:297
> > 2014-06-26 17:37:04.902 INFO eventlet.wsgi.server [-] 20.10.22.245 - -
> > [26/Jun/2014 17:37:04] "POST /v2.0//tokens HTTP/1.1" 200 6913 0.771471
> > 2014-06-26 17:37:04.992 DEBUG keystone.middleware.core [-] RBAC:
> > auth_context: {'is_delegated_auth': False, 'user_id':
> > u'27353284443e43278600949a1467c65f', 'roles': [u'admin', u'_member_'],
> > 'trustee_id': None, 'trustor_id': None, 'project_id':
> > u'e19957e0d69c4bfc9a9f872a2fcee1a3', 'trust_id': None} from (pid=7033)
> > process_request /opt/stack/keystone/keystone/middleware/core.py:286
> > 2014-06-26 17:37:05.009 DEBUG keystone.common.wsgi [-] arg_dict: {} from
> > (pid=7033) __call__ /opt/stack/keystone/keystone/common/wsgi.py:181
> > 2014-06-26 17:37:05.023 DEBUG keystone.common.controller [-] RBAC:
> > Authorizing identity:revocation_list() from (pid=7033)
> > _build_policy_check_credentials
> > /opt/stack/keystone/keystone/common/controller.py:54
> > 2014-06-26 17:37:05.027 DEBUG keystone.common.controller [-] RBAC: using
> > auth context from the request environment from (pid=7033)
> > _build_policy_check_credentials
> > /opt/stack/keystone/keystone/common/controller.py:59
> > 2014-06-26 17:37:05.033 DEBUG keystone.policy.backends.rules [-] enforce
> > identity:revocation_list: {'is_delegated_auth': False, 'user_id':
> > u'27353284443e43278600949a1467c65f', 'roles': [u'admin', u'_member_'],
> > 'trustee_id': None, 'trustor_id': None, 'project_id':
> > u'e19957e0d69c4bfc9a9f872a2fcee1a3', 'trust_id': None} from (pid=7033)
> > enforce /opt/stack/keystone/keystone/policy/backends/rules.py:101
> > 2014-06-26 17:37:05.040 DEBUG keystone.openstack.common.policy [-] Rule
> > identity:revocation_list will be now enforced from (pid=7033) enforce
> > /opt/stack/keystone/keystone/openstack/common/policy.py:288
> > 2014-06-26 17:37:05.043 DEBUG keystone.common.controller [-] RBAC:
> > Authorization granted from (pid=7033) inner
> > /opt/stack/keystone/keystone/common/controller.py:151
> > 2014-06-26 17:37:05.228 INFO eventlet.wsgi.server [-] 20.10.22.245 - -
> > [26/Jun/2014 17:37:05] "GET /v2.0/tokens/revoked HTTP/1.1" 200 815
> 0.277525
> >
> > --
> > Thanks & Regards,
> >   Yogesh Prasad.
> >
> > ___
> > OpenStack-dev mailing list
> > OpenStack-dev@lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
>
>
>
> --
> Duncan Thomas
>
> ___
> OpenStack-dev mailing list
> OpenStack-dev@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



-- 
*Thanks & Regards*,
  Yogesh Prasad.
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [cinder] volume creation faild.

2014-06-26 Thread Yogesh Prasad 
Hi All,

I have a devstack setup , and i am trying to create a volume but it is
creating with error status.
Can any one tell me what is the problem?

Screen logs --

.py:297
2014-06-26 17:37:04.370 DEBUG keystone.notifications [-] CADF Event:
{'typeURI': 'http://schemas.dmtf.org/cloud/audit/1.0/event', 'initiator':
{'typeURI': 'service/security/account/user', 'host': {'agent':
'python-keystoneclient', 'address': '20.10.22.245'}, 'id':
'openstack:d58d5688-f604-4362-9069-8cb217c029c8', 'name':
u'6fcd84d16da646dc825411da06bf26b2'}, 'target': {'typeURI':
'service/security/account/user', 'id':
'openstack:85ef43dd-b0ab-4726-898e-36107b06a231'}, 'observer': {'typeURI':
'service/security', 'id':
'openstack:120866e8-51b9-4338-b41b-2dbea3aa4f17'}, 'eventType': 'activity',
'eventTime': '2014-06-26T12:07:04.368547+', 'action': 'authenticate',
'outcome': 'success', 'id':
'openstack:dda01da7-1274-4b4f-8ff5-1dcdb6d80ff4'} from (pid=7033)
_send_audit_notification /opt/stack/keystone/keystone/notifications.py:297
2014-06-26 17:37:04.902 INFO eventlet.wsgi.server [-] 20.10.22.245 - -
[26/Jun/2014 17:37:04] "POST /v2.0//tokens HTTP/1.1" 200 6913 0.771471
2014-06-26 17:37:04.992 DEBUG keystone.middleware.core [-] RBAC:
auth_context: {'is_delegated_auth': False, 'user_id':
u'27353284443e43278600949a1467c65f', 'roles': [u'admin', u'_member_'],
'trustee_id': None, 'trustor_id': None, 'project_id':
u'e19957e0d69c4bfc9a9f872a2fcee1a3', 'trust_id': None} from (pid=7033)
process_request /opt/stack/keystone/keystone/middleware/core.py:286
2014-06-26 17:37:05.009 DEBUG keystone.common.wsgi [-] arg_dict: {} from
(pid=7033) __call__ /opt/stack/keystone/keystone/common/wsgi.py:181
2014-06-26 17:37:05.023 DEBUG keystone.common.controller [-] RBAC:
Authorizing identity:revocation_list() from (pid=7033)
_build_policy_check_credentials
/opt/stack/keystone/keystone/common/controller.py:54
2014-06-26 17:37:05.027 DEBUG keystone.common.controller [-] RBAC: using
auth context from the request environment from (pid=7033)
_build_policy_check_credentials
/opt/stack/keystone/keystone/common/controller.py:59
2014-06-26 17:37:05.033 DEBUG keystone.policy.backends.rules [-] enforce
identity:revocation_list: {'is_delegated_auth': False, 'user_id':
u'27353284443e43278600949a1467c65f', 'roles': [u'admin', u'_member_'],
'trustee_id': None, 'trustor_id': None, 'project_id':
u'e19957e0d69c4bfc9a9f872a2fcee1a3', 'trust_id': None} from (pid=7033)
enforce /opt/stack/keystone/keystone/policy/backends/rules.py:101
2014-06-26 17:37:05.040 DEBUG keystone.openstack.common.policy [-] Rule
identity:revocation_list will be now enforced from (pid=7033) enforce
/opt/stack/keystone/keystone/openstack/common/policy.py:288
2014-06-26 17:37:05.043 DEBUG keystone.common.controller [-] RBAC:
Authorization granted from (pid=7033) inner
/opt/stack/keystone/keystone/common/controller.py:151
2014-06-26 17:37:05.228 INFO eventlet.wsgi.server [-] 20.10.22.245 - -
[26/Jun/2014 17:37:05] "GET /v2.0/tokens/revoked HTTP/1.1" 200 815 0.277525

-- 
*Thanks & Regards*,
  Yogesh Prasad.
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [cinder][volume/manager.py] volume driver mapping

2014-06-25 Thread Yogesh Prasad 
Hi All,

I am observing a bit difference in manager.py file between these branches
stable/icehouse and master.
In stable/icehouse various driver mapped in manager.py but it is not in
master.

Please guide me, where i have to map my driver.

*Thanks & Regards*,
  Yogesh Prasad.
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [cinder] set default cinder driver

2014-06-23 Thread Yogesh Prasad 
Hi Lvan,

Thanks for reply, but i am still facing same problem.

I have tried all of these -

1) Inside /etc/cinder/cinder.conf
[DEFAULT]
volume_driver=cinder.volume.drivers.cloudbyte.ElasticenterISCSIDriver

and ran below script
   ./rejoin-stack.sh

2) Inside /devstack/local.conf
[[post-config|$CINDER_CONF]]
volume_driver = cinder.volume.cloudbyte.ElasticenterISCSIDriver

 and ran below script
   ./rejoin-stack.sh

3) Inside /devstack/local.conf
[[local|localrc]]
CINDER_DRIVER=cinder.volume.drivers.cloudbyte.ElasticenterISCSIDriver

and ran below script
   ./rejoin-stack.sh

4) Inside /devstack/local.conf
volume_driver = cinder.volume.drivers.cloudbyte.ElasticenterISCSIDriver

 and ran below script
   ./rejoin-stack.sh

But it is not working.

In addition, what is the py file that reads localrc ?



On Mon, Jun 23, 2014 at 2:14 PM, Ivan Kolodyazhny  wrote:

> Hi Yogesh,
>
> You need to set CINDER_DRIVER variable in your localrc file
>
> Regards,
> Ivan Kolodyazhny,
> Software Engineer,
> Mirantis, Inc.
>
>
> On Mon, Jun 23, 2014 at 10:38 AM, Yogesh Prasad <
> yogesh.pra...@cloudbyte.com> wrote:
>
>>
>> Hi All,
>>
>> I have devstack setup and i want to put my cinder driver as a default
>> driver.
>> How i can do this?
>> please guide.
>> --
>>  *Thanks & Regards*,
>>   Yogesh Prasad.
>>
>> ___
>> OpenStack-dev mailing list
>> OpenStack-dev@lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
> ___
> OpenStack-dev mailing list
> OpenStack-dev@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


-- 
*Thanks & Regards*,
  Yogesh Prasad.
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [cinder] set default cinder driver

2014-06-23 Thread Yogesh Prasad 
Hi All,

I have devstack setup and i want to put my cinder driver as a default
driver.
How i can do this?
please guide.
-- 
*Thanks & Regards*,
  Yogesh Prasad.
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [cinder] Minimum Driver Features for juno

2014-06-20 Thread Yogesh Prasad 
Hi All,

Please tell me what are the minimum Driver Features for juno release.

-- 
*Thanks & Regards*,
  Yogesh Prasad.
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [all] Juno setup

2014-06-20 Thread Yogesh Prasad 
Hi All

I want to create a juno setup.

Please guide me through any links or processes that needs to be followed to
have this setup.

*Thanks & Regards*,
  Yogesh Prasad.
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [Unit-test] Cinder Driver

2014-05-30 Thread Yogesh Prasad 
Hi All,
I have developed a cinder driver. Can you please share the steps to create
an unit test environment and how to run unit test?

*Thanks & Regards*,
  Yogesh Prasad.
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev