openstack/devstack
Code Issues Proposed changes

Shorten PKI token logging

Browse Source 
Log only the first 12 characters of auth-token for the Swift
API, since PKI based auth-tokens from keystone can huge (>> 2K).

Also tidy up a comment.

Change-Id: Ib784e8ecdcb7e371fe03458c7fd82b4460fa82b9
Signed-off-by: Peter Portante <peter.portante@redhat.com>
This commit is contained in:
Peter Portante 2013-11-20 14:33:16 -05:00
parent 298f7d4843
commit cee4b3bddf
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/swift
View File

@ -96,6 +96,13 @@ SWIFT_PARTITION_POWER_SIZE=${SWIFT_PARTITION_POWER_SIZE:-9}
SWIFT_REPLICAS=${SWIFT_REPLICAS:-1} SWIFT_REPLICAS=${SWIFT_REPLICAS:-1}
SWIFT_REPLICAS_SEQ=$(seq ${SWIFT_REPLICAS}) SWIFT_REPLICAS_SEQ=$(seq ${SWIFT_REPLICAS})
# Set ``SWIFT_LOG_TOKEN_LENGTH`` to configure how many characters of an auth
# token should be placed in the logs. When keystone is used with PKI tokens,
# the token values can be huge, seemingly larger the 2K, at the least. We
# restrict it here to a default of 12 characters, which should be enough to
# trace through the logs when looking for its use.
SWIFT_LOG_TOKEN_LENGTH=${SWIFT_LOG_TOKEN_LENGTH:-12}
# Set ``OBJECT_PORT_BASE``, ``CONTAINER_PORT_BASE``, ``ACCOUNT_PORT_BASE`` # Set ``OBJECT_PORT_BASE``, ``CONTAINER_PORT_BASE``, ``ACCOUNT_PORT_BASE``
# Port bases used in port number calclution for the service "nodes" # Port bases used in port number calclution for the service "nodes"
# The specified port number will be used, the additinal ports calculated by # The specified port number will be used, the additinal ports calculated by
@ -281,6 +288,9 @@ function configure_swift() {
SWIFT_EXTRAS_MIDDLEWARE_LAST="${SWIFT_EXTRAS_MIDDLEWARE_LAST} ceilometer" SWIFT_EXTRAS_MIDDLEWARE_LAST="${SWIFT_EXTRAS_MIDDLEWARE_LAST} ceilometer"
fi fi
# Restrict the length of auth tokens in the swift proxy-server logs.
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:proxy-logging reveal_sensitive_prefix ${SWIFT_LOG_TOKEN_LENGTH}
# By default Swift will be installed with keystone and tempauth middleware # By default Swift will be installed with keystone and tempauth middleware
# and add the swift3 middleware if its configured for it. The token for # and add the swift3 middleware if its configured for it. The token for
# tempauth would be prefixed with the reseller_prefix setting `TEMPAUTH_` the # tempauth would be prefixed with the reseller_prefix setting `TEMPAUTH_` the
@ -336,7 +346,7 @@ EOF
cp ${SWIFT_DIR}/etc/swift.conf-sample ${SWIFT_CONF_DIR}/swift.conf cp ${SWIFT_DIR}/etc/swift.conf-sample ${SWIFT_CONF_DIR}/swift.conf
iniset ${SWIFT_CONF_DIR}/swift.conf swift-hash swift_hash_path_suffix ${SWIFT_HASH} iniset ${SWIFT_CONF_DIR}/swift.conf swift-hash swift_hash_path_suffix ${SWIFT_HASH}
# This function generates an object/account/proxy configuration # This function generates an object/container/account configuration
# emulating 4 nodes on different ports # emulating 4 nodes on different ports
function generate_swift_config() { function generate_swift_config() {
local swift_node_config=$1 local swift_node_config=$1