ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Onischuk" <aonis...@hortonworks.com>
Subject Review Request 17593: When logging certain operations, need to mask sensitive properties
Date Fri, 31 Jan 2014 16:31:37 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/17593/
-----------------------------------------------------------

Review request for Ambari and Dmitro Lisnichenko.


Bugs: AMBARI-4487
    https://issues.apache.org/jira/browse/AMBARI-4487


Repository: ambari


Description
-------

Add an ability to mark properties as sensitive during formatting to the resource_mangemenent,
to the script writter this should look like this:
cmd = format("bash -x {mysql_adduser_path} {daemon_name} {hive_metastore_user_name} {hive_metastore_user_passwd!p}
{mysql_host[0]}")
!p - which is a password flag.

Protect the passwords for hive, nagios and oozie.


Diffs
-----

  ambari-agent/src/main/python/resource_management/core/__init__.py e321fef 
  ambari-agent/src/main/python/resource_management/core/base.py 462bdce 
  ambari-agent/src/main/python/resource_management/core/environment.py 931b223 
  ambari-agent/src/main/python/resource_management/core/logger.py PRE-CREATION 
  ambari-agent/src/main/python/resource_management/core/providers/__init__.py ea2fef3 
  ambari-agent/src/main/python/resource_management/core/providers/accounts.py 12350ac 
  ambari-agent/src/main/python/resource_management/core/providers/mount.py 703d669 
  ambari-agent/src/main/python/resource_management/core/providers/package/yumrpm.py 2e7218e

  ambari-agent/src/main/python/resource_management/core/providers/package/zypper.py 665a563

  ambari-agent/src/main/python/resource_management/core/providers/service.py f8db8b8 
  ambari-agent/src/main/python/resource_management/core/providers/system.py ca428e2 
  ambari-agent/src/main/python/resource_management/core/shell.py 6739974 
  ambari-agent/src/main/python/resource_management/libraries/functions/check_process_status.py
b127b6a 
  ambari-agent/src/main/python/resource_management/libraries/functions/default.py a66b9cd

  ambari-agent/src/main/python/resource_management/libraries/functions/format.py 87869ea 
  ambari-agent/src/main/python/resource_management/libraries/providers/properties_file.py
70d9218 
  ambari-agent/src/main/python/resource_management/libraries/providers/xml_config.py b2b8609

  ambari-server/src/main/resources/stacks/HDP/1.3.3/services/HIVE/package/scripts/hive_service.py
e8d4e5c 
  ambari-server/src/main/resources/stacks/HDP/1.3.3/services/HIVE/package/scripts/mysql_server.py
8567311 
  ambari-server/src/main/resources/stacks/HDP/1.3.3/services/HIVE/package/scripts/params.py
734d3ed 
  ambari-server/src/main/resources/stacks/HDP/1.3.3/services/HIVE/package/scripts/status_params.py
7770975 
  ambari-server/src/main/resources/stacks/HDP/1.3.3/services/NAGIOS/package/scripts/nagios.py
9150995 
  ambari-server/src/main/resources/stacks/HDP/1.3.3/services/OOZIE/package/scripts/oozie_service.py
1d8767c 
  ambari-server/src/main/resources/stacks/HDP/2.1.1/services/HIVE/package/scripts/hive_service.py
e8d4e5c 
  ambari-server/src/main/resources/stacks/HDP/2.1.1/services/HIVE/package/scripts/mysql_server.py
8567311 
  ambari-server/src/main/resources/stacks/HDP/2.1.1/services/HIVE/package/scripts/params.py
734d3ed 
  ambari-server/src/main/resources/stacks/HDP/2.1.1/services/HIVE/package/scripts/status_params.py
7770975 
  ambari-server/src/main/resources/stacks/HDP/2.1.1/services/NAGIOS/package/scripts/nagios.py
9150995 
  ambari-server/src/main/resources/stacks/HDP/2.1.1/services/OOZIE/package/scripts/oozie_service.py
e9edcc9 

Diff: https://reviews.apache.org/r/17593/diff/


Testing
-------

deploy on HDP1, HDP2
from the logs:
[root@dev02 ambari]# grep -r "PROTECTED" /var/lib/ambari-agent/data
/var/lib/ambari-agent/data/output-94.txt:2014-01-31 07:38:11,003 - Execute['/usr/jdk64/jdk1.7.0_45/bin/java
-cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/share/java/mysql-connector-java.jar
org.apache.ambari.server.DBConnectionVerification jdbc:mysql://dev02.hortonworks.com/hive?createDatabaseIfNotExist=true
hive [PROTECTED] com.mysql.jdbc.Driver'] {'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin']}
/var/lib/ambari-agent/data/output-71.txt:2014-01-31 07:29:43,570 - Execute['bash -x /tmp/addMysqlUser.sh
mysqld hive [PROTECTED] dev02.hortonworks.com'] {'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'],
'tries': 3, 'try_sleep': 5}
/var/lib/ambari-agent/data/output-95.txt:2014-01-31 07:38:14,835 - Execute['/usr/jdk64/jdk1.7.0_45/bin/java
-cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/share/java/mysql-connector-java.jar
org.apache.ambari.server.DBConnectionVerification jdbc:mysql://dev02.hortonworks.com/hive?createDatabaseIfNotExist=true
hive [PROTECTED] com.mysql.jdbc.Driver'] {'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin']}
/var/lib/ambari-agent/data/output-43.txt:2014-01-31 07:15:57,245 - Execute['bash -x /tmp/addMysqlUser.sh
mysqld hive [PROTECTED] dev02.hortonworks.com'] {'logoutput': True, 'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'],
'tries': 3, 'try_sleep': 5}
/var/lib/ambari-agent/data/output-85.txt:2014-01-31 07:32:29,601 - Execute['htpasswd -c -b
 /etc/nagios/htpasswd.users nagiosadmin [PROTECTED]'] {'not_if': 'grep nagiosadmin /etc/nagios/htpasswd.users'}
/var/lib/ambari-agent/data/output-108.txt:2014-01-31 07:44:06,674 - Execute['htpasswd -c -b
 /etc/nagios/htpasswd.users nagiosadmin [PROTECTED]'] {'not_if': 'grep nagiosadmin /etc/nagios/htpasswd.users'}
/var/lib/ambari-agent/data/output-108.txt:2014-01-31 07:44:06,688 - Skipping Execute['htpasswd
-c -b  /etc/nagios/htpasswd.users nagiosadmin [PROTECTED]'] due to not_if


Thanks,

Andrew Onischuk


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message