You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "t oo (Jira)" <ji...@apache.org> on 2019/12/05 23:38:00 UTC
[jira] [Commented] (SPARK-22860) Spark workers log ssl passwords
passed to the executors
[ https://issues.apache.org/jira/browse/SPARK-22860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16989255#comment-16989255 ]
t oo commented on SPARK-22860:
------------------------------
[~kabhwan] can this go in 2.4.5?
> Spark workers log ssl passwords passed to the executors
> -------------------------------------------------------
>
> Key: SPARK-22860
> URL: https://issues.apache.org/jira/browse/SPARK-22860
> Project: Spark
> Issue Type: Bug
> Components: Spark Core
> Affects Versions: 2.1.1
> Reporter: Felix K.
> Assignee: Jungtaek Lim
> Priority: Major
> Fix For: 3.0.0
>
>
> The workers log the spark.ssl.keyStorePassword and spark.ssl.trustStorePassword passed by cli to the executor processes. The ExecutorRunner should escape passwords to not appear in the worker's log files in INFO level. In this example, you can see my 'SuperSecretPassword' in a worker log:
> {code}
> 17/12/08 08:04:12 INFO ExecutorRunner: Launch command: "/global/myapp/oem/jdk/bin/java" "-cp" "/global/myapp/application/myapp_software/thing_loader_lib/core-repository-model-zzz-1.2.3-SNAPSHOT.jar
> [...]
> :/global/myapp/application/spark-2.1.1-bin-hadoop2.7/jars/*" "-Xmx16384M" "-Dspark.authenticate.enableSaslEncryption=true" "-Dspark.ssl.keyStorePassword=SuperSecretPassword" "-Dspark.ssl.keyStore=/global/myapp/application/config/ssl/keystore.jks" "-Dspark.ssl.trustStore=/global/myapp/application/config/ssl/truststore.jks" "-Dspark.ssl.enabled=true" "-Dspark.driver.port=39927" "-Dspark.ssl.protocol=TLS" "-Dspark.ssl.trustStorePassword=SuperSecretPassword" "-Dspark.authenticate=true" "-Dmyapp_IMPORT_DATE=2017-10-30" "-Dmyapp.config.directory=/global/myapp/application/config" "-Dsolr.httpclient.builder.factory=com.company.myapp.loader.auth.LoaderConfigSparkSolrBasicAuthConfigurer" "-Djavax.net.ssl.trustStore=/global/myapp/application/config/ssl/truststore.jks" "-XX:+UseG1GC" "-XX:+UseStringDeduplication" "-Dthings.loader.export.zzz_files=false" "-Dlog4j.configuration=file:/global/myapp/application/config/spark-executor-log4j.properties" "-XX:+HeapDumpOnOutOfMemoryError" "-XX:+UseStringDeduplication" "org.apache.spark.executor.CoarseGrainedExecutorBackend" "--driver-url" "spark://CoarseGrainedScheduler@192.168.0.1:39927" "--executor-id" "2" "--hostname" "192.168.0.1" "--cores" "4" "--app-id" "app-20171208080412-0000" "--worker-url" "spark://Worker@192.168.0.1:59530"
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org