ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Onischuk (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-4487) When logging certain operations, need to mask sensitive properties
Date Fri, 31 Jan 2014 16:30:09 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-4487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13887881#comment-13887881
] 

Andrew Onischuk commented on AMBARI-4487:
-----------------------------------------

from the logs
{code}
[root@dev02 ambari]# grep -r "PROTECTED" /var/lib/ambari-agent/data
/var/lib/ambari-agent/data/output-94.txt:2014-01-31 07:38:11,003 - Execute['/usr/jdk64/jdk1.7.0_45/bin/java
-cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/share/java/mysql-connector-java.jar
org.apache.ambari.server.DBConnectionVerification jdbc:mysql://dev02.hortonworks.com/hive?createDatabaseIfNotExist=true
hive [PROTECTED] com.mysql.jdbc.Driver'] {'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin']}
/var/lib/ambari-agent/data/output-71.txt:2014-01-31 07:29:43,570 - Execute['bash -x /tmp/addMysqlUser.sh
mysqld hive [PROTECTED] dev02.hortonworks.com'] {'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'],
'tries': 3, 'try_sleep': 5}
/var/lib/ambari-agent/data/output-95.txt:2014-01-31 07:38:14,835 - Execute['/usr/jdk64/jdk1.7.0_45/bin/java
-cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/share/java/mysql-connector-java.jar
org.apache.ambari.server.DBConnectionVerification jdbc:mysql://dev02.hortonworks.com/hive?createDatabaseIfNotExist=true
hive [PROTECTED] com.mysql.jdbc.Driver'] {'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin']}
/var/lib/ambari-agent/data/output-43.txt:2014-01-31 07:15:57,245 - Execute['bash -x /tmp/addMysqlUser.sh
mysqld hive [PROTECTED] dev02.hortonworks.com'] {'logoutput': True, 'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'],
'tries': 3, 'try_sleep': 5}
/var/lib/ambari-agent/data/output-85.txt:2014-01-31 07:32:29,601 - Execute['htpasswd -c -b
 /etc/nagios/htpasswd.users nagiosadmin [PROTECTED]'] {'not_if': 'grep nagiosadmin /etc/nagios/htpasswd.users'}
/var/lib/ambari-agent/data/output-108.txt:2014-01-31 07:44:06,674 - Execute['htpasswd -c -b
 /etc/nagios/htpasswd.users nagiosadmin [PROTECTED]'] {'not_if': 'grep nagiosadmin /etc/nagios/htpasswd.users'}
/var/lib/ambari-agent/data/output-108.txt:2014-01-31 07:44:06,688 - Skipping Execute['htpasswd
-c -b  /etc/nagios/htpasswd.users nagiosadmin [PROTECTED]'] due to not_if
{code}

> When logging certain operations, need to mask sensitive properties
> ------------------------------------------------------------------
>
>                 Key: AMBARI-4487
>                 URL: https://issues.apache.org/jira/browse/AMBARI-4487
>             Project: Ambari
>          Issue Type: Bug
>            Reporter: Andrew Onischuk
>            Assignee: Andrew Onischuk
>             Fix For: 1.5.0
>
>         Attachments: AMBARI-4487.patch
>
>
> Add an ability to mark properties as sensitive during formatting to the resource_mangemenent,
to the script writter this should look like this:
> {code}
> cmd = format("bash -x {mysql_adduser_path} {daemon_name} {hive_metastore_user_name} {hive_metastore_user_passwd!p}
{mysql_host[0]}")
> {code}
> !p - which is a password flag.
> Protect the passwords for hive, nagios and oozie.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message