You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Andrew Onischuk (JIRA)" <ji...@apache.org> on 2014/01/31 17:30:09 UTC
[jira] [Commented] (AMBARI-4487) When logging certain operations,
need to mask sensitive properties
[ https://issues.apache.org/jira/browse/AMBARI-4487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13887881#comment-13887881 ]
Andrew Onischuk commented on AMBARI-4487:
-----------------------------------------
from the logs
{code}
[root@dev02 ambari]# grep -r "PROTECTED" /var/lib/ambari-agent/data
/var/lib/ambari-agent/data/output-94.txt:2014-01-31 07:38:11,003 - Execute['/usr/jdk64/jdk1.7.0_45/bin/java -cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/share/java/mysql-connector-java.jar org.apache.ambari.server.DBConnectionVerification jdbc:mysql://dev02.hortonworks.com/hive?createDatabaseIfNotExist=true hive [PROTECTED] com.mysql.jdbc.Driver'] {'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin']}
/var/lib/ambari-agent/data/output-71.txt:2014-01-31 07:29:43,570 - Execute['bash -x /tmp/addMysqlUser.sh mysqld hive [PROTECTED] dev02.hortonworks.com'] {'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'], 'tries': 3, 'try_sleep': 5}
/var/lib/ambari-agent/data/output-95.txt:2014-01-31 07:38:14,835 - Execute['/usr/jdk64/jdk1.7.0_45/bin/java -cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/share/java/mysql-connector-java.jar org.apache.ambari.server.DBConnectionVerification jdbc:mysql://dev02.hortonworks.com/hive?createDatabaseIfNotExist=true hive [PROTECTED] com.mysql.jdbc.Driver'] {'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin']}
/var/lib/ambari-agent/data/output-43.txt:2014-01-31 07:15:57,245 - Execute['bash -x /tmp/addMysqlUser.sh mysqld hive [PROTECTED] dev02.hortonworks.com'] {'logoutput': True, 'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'], 'tries': 3, 'try_sleep': 5}
/var/lib/ambari-agent/data/output-85.txt:2014-01-31 07:32:29,601 - Execute['htpasswd -c -b /etc/nagios/htpasswd.users nagiosadmin [PROTECTED]'] {'not_if': 'grep nagiosadmin /etc/nagios/htpasswd.users'}
/var/lib/ambari-agent/data/output-108.txt:2014-01-31 07:44:06,674 - Execute['htpasswd -c -b /etc/nagios/htpasswd.users nagiosadmin [PROTECTED]'] {'not_if': 'grep nagiosadmin /etc/nagios/htpasswd.users'}
/var/lib/ambari-agent/data/output-108.txt:2014-01-31 07:44:06,688 - Skipping Execute['htpasswd -c -b /etc/nagios/htpasswd.users nagiosadmin [PROTECTED]'] due to not_if
{code}
> When logging certain operations, need to mask sensitive properties
> ------------------------------------------------------------------
>
> Key: AMBARI-4487
> URL: https://issues.apache.org/jira/browse/AMBARI-4487
> Project: Ambari
> Issue Type: Bug
> Reporter: Andrew Onischuk
> Assignee: Andrew Onischuk
> Fix For: 1.5.0
>
> Attachments: AMBARI-4487.patch
>
>
> Add an ability to mark properties as sensitive during formatting to the resource_mangemenent, to the script writter this should look like this:
> {code}
> cmd = format("bash -x {mysql_adduser_path} {daemon_name} {hive_metastore_user_name} {hive_metastore_user_passwd!p} {mysql_host[0]}")
> {code}
> !p - which is a password flag.
> Protect the passwords for hive, nagios and oozie.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)