Usage of dogpile.cache.backend.redis requires injection via backend_argument
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
oslo.cache |
Fix Released
|
High
|
Takashi Kajinami |
Bug Description
Using redis backend always require usage of backend_arugment, which is considered advanced.
Because backend_argument is not secret, this means that password in the url may be leaked in logs.
In case we attempt to use the memcache_servers option, it always triggers the following traceback.
```
[Sat Feb 03 03:46:08.438124 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] mod_wsgi (pid=15934): Failed to exec Python script file '/var/www/
[Sat Feb 03 03:46:08.438153 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] mod_wsgi (pid=15934): Exception occurred processing WSGI script '/var/www/
[Sat Feb 03 03:46:08.439106 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] Traceback (most recent call last):
[Sat Feb 03 03:46:08.439128 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] File "/var/www/
[Sat Feb 03 03:46:08.439129 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] application = initialize_
[Sat Feb 03 03:46:08.439131 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] File "/usr/lib/
[Sat Feb 03 03:46:08.439132 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] return flask_core.
[Sat Feb 03 03:46:08.439134 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] File "/usr/lib/
[Sat Feb 03 03:46:08.439135 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] _unused, app = keystone.
[Sat Feb 03 03:46:08.439136 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] File "/usr/lib/
[Sat Feb 03 03:46:08.439137 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] drivers = backends.
[Sat Feb 03 03:46:08.439139 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] File "/usr/lib/
[Sat Feb 03 03:46:08.439140 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] cache.configure
[Sat Feb 03 03:46:08.439141 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] File "/usr/lib/
[Sat Feb 03 03:46:08.439142 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] cache.configure
[Sat Feb 03 03:46:08.439143 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] File "/usr/lib/
[Sat Feb 03 03:46:08.439144 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] region.
[Sat Feb 03 03:46:08.439150 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] File "/usr/lib/
[Sat Feb 03 03:46:08.439151 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] return self.configure(
[Sat Feb 03 03:46:08.439153 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] File "/usr/lib/
[Sat Feb 03 03:46:08.439154 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] self.backend = backend_
[Sat Feb 03 03:46:08.439155 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] File "/usr/lib/
[Sat Feb 03 03:46:08.439156 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] return cls(
[Sat Feb 03 03:46:08.439157 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] File "/usr/lib/
[Sat Feb 03 03:46:08.439159 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] super().__init__(
[Sat Feb 03 03:46:08.439160 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] File "/usr/lib/
[Sat Feb 03 03:46:08.439161 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] self._create_
[Sat Feb 03 03:46:08.439162 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] File "/usr/lib/
[Sat Feb 03 03:46:08.439163 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] sentinel = redis.sentinel.
[Sat Feb 03 03:46:08.439165 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] File "/usr/lib/
[Sat Feb 03 03:46:08.439166 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] self.sentinels = [
[Sat Feb 03 03:46:08.439170 2024] [wsgi:error] [pid 15934:tid 15945] [remote 127.0.0.1:49472] TypeError: 'NoneType' object is not iterable
```
The snippet from keystone.conf
```
[cache]
backend=
memcache_
tls_enabled = true
tls_cafile = /etc/pki/
```
summary: |
- Usage of dogpile.cache.backend.redis always crashes + Usage of dogpile.cache.backend.redis requires injection via + backend_argument |
description: | updated |
Changed in oslo.cache: | |
importance: | Undecided → High |
assignee: | nobody → Takashi Kajinami (kajinamit) |
description: | updated |
Hmm. It seems we are not supposed to use memcache_servers but set url via backend_arguments ?