You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Andrew Onischuk <ao...@hortonworks.com> on 2014/01/31 17:31:37 UTC
Review Request 17593: When logging certain operations,
need to mask sensitive properties
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/17593/
-----------------------------------------------------------
Review request for Ambari and Dmitro Lisnichenko.
Bugs: AMBARI-4487
https://issues.apache.org/jira/browse/AMBARI-4487
Repository: ambari
Description
-------
Add an ability to mark properties as sensitive during formatting to the resource_mangemenent, to the script writter this should look like this:
cmd = format("bash -x {mysql_adduser_path} {daemon_name} {hive_metastore_user_name} {hive_metastore_user_passwd!p} {mysql_host[0]}")
!p - which is a password flag.
Protect the passwords for hive, nagios and oozie.
Diffs
-----
ambari-agent/src/main/python/resource_management/core/__init__.py e321fef
ambari-agent/src/main/python/resource_management/core/base.py 462bdce
ambari-agent/src/main/python/resource_management/core/environment.py 931b223
ambari-agent/src/main/python/resource_management/core/logger.py PRE-CREATION
ambari-agent/src/main/python/resource_management/core/providers/__init__.py ea2fef3
ambari-agent/src/main/python/resource_management/core/providers/accounts.py 12350ac
ambari-agent/src/main/python/resource_management/core/providers/mount.py 703d669
ambari-agent/src/main/python/resource_management/core/providers/package/yumrpm.py 2e7218e
ambari-agent/src/main/python/resource_management/core/providers/package/zypper.py 665a563
ambari-agent/src/main/python/resource_management/core/providers/service.py f8db8b8
ambari-agent/src/main/python/resource_management/core/providers/system.py ca428e2
ambari-agent/src/main/python/resource_management/core/shell.py 6739974
ambari-agent/src/main/python/resource_management/libraries/functions/check_process_status.py b127b6a
ambari-agent/src/main/python/resource_management/libraries/functions/default.py a66b9cd
ambari-agent/src/main/python/resource_management/libraries/functions/format.py 87869ea
ambari-agent/src/main/python/resource_management/libraries/providers/properties_file.py 70d9218
ambari-agent/src/main/python/resource_management/libraries/providers/xml_config.py b2b8609
ambari-server/src/main/resources/stacks/HDP/1.3.3/services/HIVE/package/scripts/hive_service.py e8d4e5c
ambari-server/src/main/resources/stacks/HDP/1.3.3/services/HIVE/package/scripts/mysql_server.py 8567311
ambari-server/src/main/resources/stacks/HDP/1.3.3/services/HIVE/package/scripts/params.py 734d3ed
ambari-server/src/main/resources/stacks/HDP/1.3.3/services/HIVE/package/scripts/status_params.py 7770975
ambari-server/src/main/resources/stacks/HDP/1.3.3/services/NAGIOS/package/scripts/nagios.py 9150995
ambari-server/src/main/resources/stacks/HDP/1.3.3/services/OOZIE/package/scripts/oozie_service.py 1d8767c
ambari-server/src/main/resources/stacks/HDP/2.1.1/services/HIVE/package/scripts/hive_service.py e8d4e5c
ambari-server/src/main/resources/stacks/HDP/2.1.1/services/HIVE/package/scripts/mysql_server.py 8567311
ambari-server/src/main/resources/stacks/HDP/2.1.1/services/HIVE/package/scripts/params.py 734d3ed
ambari-server/src/main/resources/stacks/HDP/2.1.1/services/HIVE/package/scripts/status_params.py 7770975
ambari-server/src/main/resources/stacks/HDP/2.1.1/services/NAGIOS/package/scripts/nagios.py 9150995
ambari-server/src/main/resources/stacks/HDP/2.1.1/services/OOZIE/package/scripts/oozie_service.py e9edcc9
Diff: https://reviews.apache.org/r/17593/diff/
Testing
-------
deploy on HDP1, HDP2
from the logs:
[root@dev02 ambari]# grep -r "PROTECTED" /var/lib/ambari-agent/data
/var/lib/ambari-agent/data/output-94.txt:2014-01-31 07:38:11,003 - Execute['/usr/jdk64/jdk1.7.0_45/bin/java -cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/share/java/mysql-connector-java.jar org.apache.ambari.server.DBConnectionVerification jdbc:mysql://dev02.hortonworks.com/hive?createDatabaseIfNotExist=true hive [PROTECTED] com.mysql.jdbc.Driver'] {'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin']}
/var/lib/ambari-agent/data/output-71.txt:2014-01-31 07:29:43,570 - Execute['bash -x /tmp/addMysqlUser.sh mysqld hive [PROTECTED] dev02.hortonworks.com'] {'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'], 'tries': 3, 'try_sleep': 5}
/var/lib/ambari-agent/data/output-95.txt:2014-01-31 07:38:14,835 - Execute['/usr/jdk64/jdk1.7.0_45/bin/java -cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/share/java/mysql-connector-java.jar org.apache.ambari.server.DBConnectionVerification jdbc:mysql://dev02.hortonworks.com/hive?createDatabaseIfNotExist=true hive [PROTECTED] com.mysql.jdbc.Driver'] {'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin']}
/var/lib/ambari-agent/data/output-43.txt:2014-01-31 07:15:57,245 - Execute['bash -x /tmp/addMysqlUser.sh mysqld hive [PROTECTED] dev02.hortonworks.com'] {'logoutput': True, 'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'], 'tries': 3, 'try_sleep': 5}
/var/lib/ambari-agent/data/output-85.txt:2014-01-31 07:32:29,601 - Execute['htpasswd -c -b /etc/nagios/htpasswd.users nagiosadmin [PROTECTED]'] {'not_if': 'grep nagiosadmin /etc/nagios/htpasswd.users'}
/var/lib/ambari-agent/data/output-108.txt:2014-01-31 07:44:06,674 - Execute['htpasswd -c -b /etc/nagios/htpasswd.users nagiosadmin [PROTECTED]'] {'not_if': 'grep nagiosadmin /etc/nagios/htpasswd.users'}
/var/lib/ambari-agent/data/output-108.txt:2014-01-31 07:44:06,688 - Skipping Execute['htpasswd -c -b /etc/nagios/htpasswd.users nagiosadmin [PROTECTED]'] due to not_if
Thanks,
Andrew Onischuk
Re: Review Request 17593: When logging certain operations,
need to mask sensitive properties
Posted by Dmitro Lisnichenko <dl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/17593/#review33433
-----------------------------------------------------------
Ship it!
Ship It!
- Dmitro Lisnichenko
On Feb. 3, 2014, 4:01 p.m., Andrew Onischuk wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/17593/
> -----------------------------------------------------------
>
> (Updated Feb. 3, 2014, 4:01 p.m.)
>
>
> Review request for Ambari and Dmitro Lisnichenko.
>
>
> Bugs: AMBARI-4487
> https://issues.apache.org/jira/browse/AMBARI-4487
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Add an ability to mark properties as sensitive during formatting to the resource_mangemenent, to the script writter this should look like this:
> cmd = format("bash -x {mysql_adduser_path} {daemon_name} {hive_metastore_user_name} {hive_metastore_user_passwd!p} {mysql_host[0]}")
> !p - which is a password flag.
>
> Protect the passwords for hive, nagios and oozie.
>
>
> Diffs
> -----
>
> ambari-agent/src/main/python/resource_management/core/__init__.py e321fef
> ambari-agent/src/main/python/resource_management/core/base.py 462bdce
> ambari-agent/src/main/python/resource_management/core/environment.py 931b223
> ambari-agent/src/main/python/resource_management/core/logger.py PRE-CREATION
> ambari-agent/src/main/python/resource_management/core/providers/__init__.py ea2fef3
> ambari-agent/src/main/python/resource_management/core/providers/accounts.py 12350ac
> ambari-agent/src/main/python/resource_management/core/providers/mount.py 703d669
> ambari-agent/src/main/python/resource_management/core/providers/package/yumrpm.py 2e7218e
> ambari-agent/src/main/python/resource_management/core/providers/package/zypper.py 665a563
> ambari-agent/src/main/python/resource_management/core/providers/service.py f8db8b8
> ambari-agent/src/main/python/resource_management/core/providers/system.py ca428e2
> ambari-agent/src/main/python/resource_management/core/shell.py 6739974
> ambari-agent/src/main/python/resource_management/libraries/functions/check_process_status.py b127b6a
> ambari-agent/src/main/python/resource_management/libraries/functions/default.py a66b9cd
> ambari-agent/src/main/python/resource_management/libraries/functions/format.py 87869ea
> ambari-agent/src/main/python/resource_management/libraries/providers/properties_file.py 70d9218
> ambari-agent/src/main/python/resource_management/libraries/providers/xml_config.py b2b8609
> ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HIVE/package/scripts/hive_service.py e8d4e5c
> ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HIVE/package/scripts/mysql_server.py 8567311
> ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HIVE/package/scripts/params.py 734d3ed
> ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HIVE/package/scripts/status_params.py 7770975
> ambari-server/src/main/resources/stacks/HDP/1.3.2/services/NAGIOS/package/scripts/nagios.py 9150995
> ambari-server/src/main/resources/stacks/HDP/1.3.2/services/OOZIE/package/scripts/oozie_service.py 1d8767c
> ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HIVE/package/scripts/hive_service.py e8d4e5c
> ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HIVE/package/scripts/mysql_server.py 8567311
> ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HIVE/package/scripts/params.py 734d3ed
> ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HIVE/package/scripts/status_params.py 7770975
> ambari-server/src/main/resources/stacks/HDP/2.0.6/services/NAGIOS/package/scripts/nagios.py 9150995
> ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/oozie_service.py e9edcc9
> ambari-server/src/test/python/stacks/1.3.2/HIVE/test_mysql_server.py 6f95f1c
> ambari-server/src/test/python/stacks/2.0.6/HIVE/test_mysql_server.py 9b61a3e
>
> Diff: https://reviews.apache.org/r/17593/diff/
>
>
> Testing
> -------
>
> 1)deploy on HDP1, HDP2
> from the logs:
> [root@dev02 ambari]# grep -r "PROTECTED" /var/lib/ambari-agent/data
> /var/lib/ambari-agent/data/output-94.txt:2014-01-31 07:38:11,003 - Execute['/usr/jdk64/jdk1.7.0_45/bin/java -cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/share/java/mysql-connector-java.jar org.apache.ambari.server.DBConnectionVerification jdbc:mysql://dev02.hortonworks.com/hive?createDatabaseIfNotExist=true hive [PROTECTED] com.mysql.jdbc.Driver'] {'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin']}
> /var/lib/ambari-agent/data/output-71.txt:2014-01-31 07:29:43,570 - Execute['bash -x /tmp/addMysqlUser.sh mysqld hive [PROTECTED] dev02.hortonworks.com'] {'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'], 'tries': 3, 'try_sleep': 5}
> /var/lib/ambari-agent/data/output-95.txt:2014-01-31 07:38:14,835 - Execute['/usr/jdk64/jdk1.7.0_45/bin/java -cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/share/java/mysql-connector-java.jar org.apache.ambari.server.DBConnectionVerification jdbc:mysql://dev02.hortonworks.com/hive?createDatabaseIfNotExist=true hive [PROTECTED] com.mysql.jdbc.Driver'] {'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin']}
> /var/lib/ambari-agent/data/output-43.txt:2014-01-31 07:15:57,245 - Execute['bash -x /tmp/addMysqlUser.sh mysqld hive [PROTECTED] dev02.hortonworks.com'] {'logoutput': True, 'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'], 'tries': 3, 'try_sleep': 5}
> /var/lib/ambari-agent/data/output-85.txt:2014-01-31 07:32:29,601 - Execute['htpasswd -c -b /etc/nagios/htpasswd.users nagiosadmin [PROTECTED]'] {'not_if': 'grep nagiosadmin /etc/nagios/htpasswd.users'}
> /var/lib/ambari-agent/data/output-108.txt:2014-01-31 07:44:06,674 - Execute['htpasswd -c -b /etc/nagios/htpasswd.users nagiosadmin [PROTECTED]'] {'not_if': 'grep nagiosadmin /etc/nagios/htpasswd.users'}
> /var/lib/ambari-agent/data/output-108.txt:2014-01-31 07:44:06,688 - Skipping Execute['htpasswd -c -b /etc/nagios/htpasswd.users nagiosadmin [PROTECTED]'] due to not_if
>
> 2) Unittests:
> ----------------------------------------------------------------------
> Total run:368
> Total errors:0
> Total failures:0
> OK
>
>
> Thanks,
>
> Andrew Onischuk
>
>
Re: Review Request 17593: When logging certain operations,
need to mask sensitive properties
Posted by Andrew Onischuk <ao...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/17593/
-----------------------------------------------------------
(Updated Feb. 3, 2014, 4:01 p.m.)
Review request for Ambari and Dmitro Lisnichenko.
Bugs: AMBARI-4487
https://issues.apache.org/jira/browse/AMBARI-4487
Repository: ambari
Description
-------
Add an ability to mark properties as sensitive during formatting to the resource_mangemenent, to the script writter this should look like this:
cmd = format("bash -x {mysql_adduser_path} {daemon_name} {hive_metastore_user_name} {hive_metastore_user_passwd!p} {mysql_host[0]}")
!p - which is a password flag.
Protect the passwords for hive, nagios and oozie.
Diffs (updated)
-----
ambari-agent/src/main/python/resource_management/core/__init__.py e321fef
ambari-agent/src/main/python/resource_management/core/base.py 462bdce
ambari-agent/src/main/python/resource_management/core/environment.py 931b223
ambari-agent/src/main/python/resource_management/core/logger.py PRE-CREATION
ambari-agent/src/main/python/resource_management/core/providers/__init__.py ea2fef3
ambari-agent/src/main/python/resource_management/core/providers/accounts.py 12350ac
ambari-agent/src/main/python/resource_management/core/providers/mount.py 703d669
ambari-agent/src/main/python/resource_management/core/providers/package/yumrpm.py 2e7218e
ambari-agent/src/main/python/resource_management/core/providers/package/zypper.py 665a563
ambari-agent/src/main/python/resource_management/core/providers/service.py f8db8b8
ambari-agent/src/main/python/resource_management/core/providers/system.py ca428e2
ambari-agent/src/main/python/resource_management/core/shell.py 6739974
ambari-agent/src/main/python/resource_management/libraries/functions/check_process_status.py b127b6a
ambari-agent/src/main/python/resource_management/libraries/functions/default.py a66b9cd
ambari-agent/src/main/python/resource_management/libraries/functions/format.py 87869ea
ambari-agent/src/main/python/resource_management/libraries/providers/properties_file.py 70d9218
ambari-agent/src/main/python/resource_management/libraries/providers/xml_config.py b2b8609
ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HIVE/package/scripts/hive_service.py e8d4e5c
ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HIVE/package/scripts/mysql_server.py 8567311
ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HIVE/package/scripts/params.py 734d3ed
ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HIVE/package/scripts/status_params.py 7770975
ambari-server/src/main/resources/stacks/HDP/1.3.2/services/NAGIOS/package/scripts/nagios.py 9150995
ambari-server/src/main/resources/stacks/HDP/1.3.2/services/OOZIE/package/scripts/oozie_service.py 1d8767c
ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HIVE/package/scripts/hive_service.py e8d4e5c
ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HIVE/package/scripts/mysql_server.py 8567311
ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HIVE/package/scripts/params.py 734d3ed
ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HIVE/package/scripts/status_params.py 7770975
ambari-server/src/main/resources/stacks/HDP/2.0.6/services/NAGIOS/package/scripts/nagios.py 9150995
ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/oozie_service.py e9edcc9
ambari-server/src/test/python/stacks/1.3.2/HIVE/test_mysql_server.py 6f95f1c
ambari-server/src/test/python/stacks/2.0.6/HIVE/test_mysql_server.py 9b61a3e
Diff: https://reviews.apache.org/r/17593/diff/
Testing
-------
1)deploy on HDP1, HDP2
from the logs:
[root@dev02 ambari]# grep -r "PROTECTED" /var/lib/ambari-agent/data
/var/lib/ambari-agent/data/output-94.txt:2014-01-31 07:38:11,003 - Execute['/usr/jdk64/jdk1.7.0_45/bin/java -cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/share/java/mysql-connector-java.jar org.apache.ambari.server.DBConnectionVerification jdbc:mysql://dev02.hortonworks.com/hive?createDatabaseIfNotExist=true hive [PROTECTED] com.mysql.jdbc.Driver'] {'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin']}
/var/lib/ambari-agent/data/output-71.txt:2014-01-31 07:29:43,570 - Execute['bash -x /tmp/addMysqlUser.sh mysqld hive [PROTECTED] dev02.hortonworks.com'] {'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'], 'tries': 3, 'try_sleep': 5}
/var/lib/ambari-agent/data/output-95.txt:2014-01-31 07:38:14,835 - Execute['/usr/jdk64/jdk1.7.0_45/bin/java -cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/share/java/mysql-connector-java.jar org.apache.ambari.server.DBConnectionVerification jdbc:mysql://dev02.hortonworks.com/hive?createDatabaseIfNotExist=true hive [PROTECTED] com.mysql.jdbc.Driver'] {'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin']}
/var/lib/ambari-agent/data/output-43.txt:2014-01-31 07:15:57,245 - Execute['bash -x /tmp/addMysqlUser.sh mysqld hive [PROTECTED] dev02.hortonworks.com'] {'logoutput': True, 'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'], 'tries': 3, 'try_sleep': 5}
/var/lib/ambari-agent/data/output-85.txt:2014-01-31 07:32:29,601 - Execute['htpasswd -c -b /etc/nagios/htpasswd.users nagiosadmin [PROTECTED]'] {'not_if': 'grep nagiosadmin /etc/nagios/htpasswd.users'}
/var/lib/ambari-agent/data/output-108.txt:2014-01-31 07:44:06,674 - Execute['htpasswd -c -b /etc/nagios/htpasswd.users nagiosadmin [PROTECTED]'] {'not_if': 'grep nagiosadmin /etc/nagios/htpasswd.users'}
/var/lib/ambari-agent/data/output-108.txt:2014-01-31 07:44:06,688 - Skipping Execute['htpasswd -c -b /etc/nagios/htpasswd.users nagiosadmin [PROTECTED]'] due to not_if
2) Unittests:
----------------------------------------------------------------------
Total run:368
Total errors:0
Total failures:0
OK
Thanks,
Andrew Onischuk
Re: Review Request 17593: When logging certain operations,
need to mask sensitive properties
Posted by Andrew Onischuk <ao...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/17593/
-----------------------------------------------------------
(Updated Feb. 3, 2014, 4:01 p.m.)
Review request for Ambari and Dmitro Lisnichenko.
Changes
-------
done.
Bugs: AMBARI-4487
https://issues.apache.org/jira/browse/AMBARI-4487
Repository: ambari
Description
-------
Add an ability to mark properties as sensitive during formatting to the resource_mangemenent, to the script writter this should look like this:
cmd = format("bash -x {mysql_adduser_path} {daemon_name} {hive_metastore_user_name} {hive_metastore_user_passwd!p} {mysql_host[0]}")
!p - which is a password flag.
Protect the passwords for hive, nagios and oozie.
Diffs
-----
ambari-agent/src/main/python/resource_management/core/__init__.py e321fef
ambari-agent/src/main/python/resource_management/core/base.py 462bdce
ambari-agent/src/main/python/resource_management/core/environment.py 931b223
ambari-agent/src/main/python/resource_management/core/logger.py PRE-CREATION
ambari-agent/src/main/python/resource_management/core/providers/__init__.py ea2fef3
ambari-agent/src/main/python/resource_management/core/providers/accounts.py 12350ac
ambari-agent/src/main/python/resource_management/core/providers/mount.py 703d669
ambari-agent/src/main/python/resource_management/core/providers/package/yumrpm.py 2e7218e
ambari-agent/src/main/python/resource_management/core/providers/package/zypper.py 665a563
ambari-agent/src/main/python/resource_management/core/providers/service.py f8db8b8
ambari-agent/src/main/python/resource_management/core/providers/system.py ca428e2
ambari-agent/src/main/python/resource_management/core/shell.py 6739974
ambari-agent/src/main/python/resource_management/libraries/functions/check_process_status.py b127b6a
ambari-agent/src/main/python/resource_management/libraries/functions/default.py a66b9cd
ambari-agent/src/main/python/resource_management/libraries/functions/format.py 87869ea
ambari-agent/src/main/python/resource_management/libraries/providers/properties_file.py 70d9218
ambari-agent/src/main/python/resource_management/libraries/providers/xml_config.py b2b8609
ambari-server/src/main/resources/stacks/HDP/1.3.3/services/HIVE/package/scripts/hive_service.py e8d4e5c
ambari-server/src/main/resources/stacks/HDP/1.3.3/services/HIVE/package/scripts/mysql_server.py 8567311
ambari-server/src/main/resources/stacks/HDP/1.3.3/services/HIVE/package/scripts/params.py 734d3ed
ambari-server/src/main/resources/stacks/HDP/1.3.3/services/HIVE/package/scripts/status_params.py 7770975
ambari-server/src/main/resources/stacks/HDP/1.3.3/services/NAGIOS/package/scripts/nagios.py 9150995
ambari-server/src/main/resources/stacks/HDP/1.3.3/services/OOZIE/package/scripts/oozie_service.py 1d8767c
ambari-server/src/main/resources/stacks/HDP/2.1.1/services/HIVE/package/scripts/hive_service.py e8d4e5c
ambari-server/src/main/resources/stacks/HDP/2.1.1/services/HIVE/package/scripts/mysql_server.py 8567311
ambari-server/src/main/resources/stacks/HDP/2.1.1/services/HIVE/package/scripts/params.py 734d3ed
ambari-server/src/main/resources/stacks/HDP/2.1.1/services/HIVE/package/scripts/status_params.py 7770975
ambari-server/src/main/resources/stacks/HDP/2.1.1/services/NAGIOS/package/scripts/nagios.py 9150995
ambari-server/src/main/resources/stacks/HDP/2.1.1/services/OOZIE/package/scripts/oozie_service.py e9edcc9
Diff: https://reviews.apache.org/r/17593/diff/
Testing (updated)
-------
1)deploy on HDP1, HDP2
from the logs:
[root@dev02 ambari]# grep -r "PROTECTED" /var/lib/ambari-agent/data
/var/lib/ambari-agent/data/output-94.txt:2014-01-31 07:38:11,003 - Execute['/usr/jdk64/jdk1.7.0_45/bin/java -cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/share/java/mysql-connector-java.jar org.apache.ambari.server.DBConnectionVerification jdbc:mysql://dev02.hortonworks.com/hive?createDatabaseIfNotExist=true hive [PROTECTED] com.mysql.jdbc.Driver'] {'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin']}
/var/lib/ambari-agent/data/output-71.txt:2014-01-31 07:29:43,570 - Execute['bash -x /tmp/addMysqlUser.sh mysqld hive [PROTECTED] dev02.hortonworks.com'] {'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'], 'tries': 3, 'try_sleep': 5}
/var/lib/ambari-agent/data/output-95.txt:2014-01-31 07:38:14,835 - Execute['/usr/jdk64/jdk1.7.0_45/bin/java -cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/share/java/mysql-connector-java.jar org.apache.ambari.server.DBConnectionVerification jdbc:mysql://dev02.hortonworks.com/hive?createDatabaseIfNotExist=true hive [PROTECTED] com.mysql.jdbc.Driver'] {'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin']}
/var/lib/ambari-agent/data/output-43.txt:2014-01-31 07:15:57,245 - Execute['bash -x /tmp/addMysqlUser.sh mysqld hive [PROTECTED] dev02.hortonworks.com'] {'logoutput': True, 'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'], 'tries': 3, 'try_sleep': 5}
/var/lib/ambari-agent/data/output-85.txt:2014-01-31 07:32:29,601 - Execute['htpasswd -c -b /etc/nagios/htpasswd.users nagiosadmin [PROTECTED]'] {'not_if': 'grep nagiosadmin /etc/nagios/htpasswd.users'}
/var/lib/ambari-agent/data/output-108.txt:2014-01-31 07:44:06,674 - Execute['htpasswd -c -b /etc/nagios/htpasswd.users nagiosadmin [PROTECTED]'] {'not_if': 'grep nagiosadmin /etc/nagios/htpasswd.users'}
/var/lib/ambari-agent/data/output-108.txt:2014-01-31 07:44:06,688 - Skipping Execute['htpasswd -c -b /etc/nagios/htpasswd.users nagiosadmin [PROTECTED]'] due to not_if
2) Unittests:
----------------------------------------------------------------------
Total run:368
Total errors:0
Total failures:0
OK
Thanks,
Andrew Onischuk
Re: Review Request 17593: When logging certain operations,
need to mask sensitive properties
Posted by Dmitro Lisnichenko <dl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/17593/#review33333
-----------------------------------------------------------
Except missing unit tests, patch looks good. Minor proposal: maybe it's better to use a map instead of a list inside Logger. That will eliminate duplicates and may be more effective when format is used in big loops.
- Dmitro Lisnichenko
On Jan. 31, 2014, 4:31 p.m., Andrew Onischuk wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/17593/
> -----------------------------------------------------------
>
> (Updated Jan. 31, 2014, 4:31 p.m.)
>
>
> Review request for Ambari and Dmitro Lisnichenko.
>
>
> Bugs: AMBARI-4487
> https://issues.apache.org/jira/browse/AMBARI-4487
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Add an ability to mark properties as sensitive during formatting to the resource_mangemenent, to the script writter this should look like this:
> cmd = format("bash -x {mysql_adduser_path} {daemon_name} {hive_metastore_user_name} {hive_metastore_user_passwd!p} {mysql_host[0]}")
> !p - which is a password flag.
>
> Protect the passwords for hive, nagios and oozie.
>
>
> Diffs
> -----
>
> ambari-agent/src/main/python/resource_management/core/__init__.py e321fef
> ambari-agent/src/main/python/resource_management/core/base.py 462bdce
> ambari-agent/src/main/python/resource_management/core/environment.py 931b223
> ambari-agent/src/main/python/resource_management/core/logger.py PRE-CREATION
> ambari-agent/src/main/python/resource_management/core/providers/__init__.py ea2fef3
> ambari-agent/src/main/python/resource_management/core/providers/accounts.py 12350ac
> ambari-agent/src/main/python/resource_management/core/providers/mount.py 703d669
> ambari-agent/src/main/python/resource_management/core/providers/package/yumrpm.py 2e7218e
> ambari-agent/src/main/python/resource_management/core/providers/package/zypper.py 665a563
> ambari-agent/src/main/python/resource_management/core/providers/service.py f8db8b8
> ambari-agent/src/main/python/resource_management/core/providers/system.py ca428e2
> ambari-agent/src/main/python/resource_management/core/shell.py 6739974
> ambari-agent/src/main/python/resource_management/libraries/functions/check_process_status.py b127b6a
> ambari-agent/src/main/python/resource_management/libraries/functions/default.py a66b9cd
> ambari-agent/src/main/python/resource_management/libraries/functions/format.py 87869ea
> ambari-agent/src/main/python/resource_management/libraries/providers/properties_file.py 70d9218
> ambari-agent/src/main/python/resource_management/libraries/providers/xml_config.py b2b8609
> ambari-server/src/main/resources/stacks/HDP/1.3.3/services/HIVE/package/scripts/hive_service.py e8d4e5c
> ambari-server/src/main/resources/stacks/HDP/1.3.3/services/HIVE/package/scripts/mysql_server.py 8567311
> ambari-server/src/main/resources/stacks/HDP/1.3.3/services/HIVE/package/scripts/params.py 734d3ed
> ambari-server/src/main/resources/stacks/HDP/1.3.3/services/HIVE/package/scripts/status_params.py 7770975
> ambari-server/src/main/resources/stacks/HDP/1.3.3/services/NAGIOS/package/scripts/nagios.py 9150995
> ambari-server/src/main/resources/stacks/HDP/1.3.3/services/OOZIE/package/scripts/oozie_service.py 1d8767c
> ambari-server/src/main/resources/stacks/HDP/2.1.1/services/HIVE/package/scripts/hive_service.py e8d4e5c
> ambari-server/src/main/resources/stacks/HDP/2.1.1/services/HIVE/package/scripts/mysql_server.py 8567311
> ambari-server/src/main/resources/stacks/HDP/2.1.1/services/HIVE/package/scripts/params.py 734d3ed
> ambari-server/src/main/resources/stacks/HDP/2.1.1/services/HIVE/package/scripts/status_params.py 7770975
> ambari-server/src/main/resources/stacks/HDP/2.1.1/services/NAGIOS/package/scripts/nagios.py 9150995
> ambari-server/src/main/resources/stacks/HDP/2.1.1/services/OOZIE/package/scripts/oozie_service.py e9edcc9
>
> Diff: https://reviews.apache.org/r/17593/diff/
>
>
> Testing
> -------
>
> deploy on HDP1, HDP2
> from the logs:
> [root@dev02 ambari]# grep -r "PROTECTED" /var/lib/ambari-agent/data
> /var/lib/ambari-agent/data/output-94.txt:2014-01-31 07:38:11,003 - Execute['/usr/jdk64/jdk1.7.0_45/bin/java -cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/share/java/mysql-connector-java.jar org.apache.ambari.server.DBConnectionVerification jdbc:mysql://dev02.hortonworks.com/hive?createDatabaseIfNotExist=true hive [PROTECTED] com.mysql.jdbc.Driver'] {'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin']}
> /var/lib/ambari-agent/data/output-71.txt:2014-01-31 07:29:43,570 - Execute['bash -x /tmp/addMysqlUser.sh mysqld hive [PROTECTED] dev02.hortonworks.com'] {'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'], 'tries': 3, 'try_sleep': 5}
> /var/lib/ambari-agent/data/output-95.txt:2014-01-31 07:38:14,835 - Execute['/usr/jdk64/jdk1.7.0_45/bin/java -cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/share/java/mysql-connector-java.jar org.apache.ambari.server.DBConnectionVerification jdbc:mysql://dev02.hortonworks.com/hive?createDatabaseIfNotExist=true hive [PROTECTED] com.mysql.jdbc.Driver'] {'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin']}
> /var/lib/ambari-agent/data/output-43.txt:2014-01-31 07:15:57,245 - Execute['bash -x /tmp/addMysqlUser.sh mysqld hive [PROTECTED] dev02.hortonworks.com'] {'logoutput': True, 'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'], 'tries': 3, 'try_sleep': 5}
> /var/lib/ambari-agent/data/output-85.txt:2014-01-31 07:32:29,601 - Execute['htpasswd -c -b /etc/nagios/htpasswd.users nagiosadmin [PROTECTED]'] {'not_if': 'grep nagiosadmin /etc/nagios/htpasswd.users'}
> /var/lib/ambari-agent/data/output-108.txt:2014-01-31 07:44:06,674 - Execute['htpasswd -c -b /etc/nagios/htpasswd.users nagiosadmin [PROTECTED]'] {'not_if': 'grep nagiosadmin /etc/nagios/htpasswd.users'}
> /var/lib/ambari-agent/data/output-108.txt:2014-01-31 07:44:06,688 - Skipping Execute['htpasswd -c -b /etc/nagios/htpasswd.users nagiosadmin [PROTECTED]'] due to not_if
>
>
> Thanks,
>
> Andrew Onischuk
>
>