table of contents
| CLUFTER(1) | User Commands | CLUFTER(1) |
NAME¶
clufter - ccs-obfuscate
SYNOPSIS¶
clufter [<global option> ...] ccs-obfuscate [<cmd option ...>]
DESCRIPTION¶
Obfuscate credentials/IDs in CMAN-based cluster config.
Either obfuscation pass can be suppressed by skip parameter, by default they are performed both in row.
Following conventions are used for substituted ids/credentials: 1. identifiers used for crosslinking (referential integrity) ought to be converted in a way not violating this integrity 2. identifiers clearly out of referential integrity (i.e., arbitrary value unrelated to the rest of the XML tree) ought to be substituted with strings starting with 'REL-' 3. credentials ought to be substituted with strings starting with 'SECRET-' 4. overall, any affected item should be substituted with capitalized string to visually emphasize the substitution
OPTIONS¶
- -h, --help
- show help message and exit
- -H, --help-full
- full help message and exit
- Command options:
- -i INPUT, --input=INPUT
- input CMAN-based cluster configuration file [/etc/cluster/cluster.conf]
- -o OUTPUT, --output=OUTPUT
- output file with obfuscated credentials/identifiers [c luster-obfuscated-{ccs-obfuscate-credentials.in.hash}. conf]
- -s SKIP, --skip=SKIP
- pass to skip (none/ids/creds), neater than --noop [none]
- --noop=NOOP
- (Advanced) debug only: NOOPize filter (2+: repeat) [none out of ccs-obfuscate-credentials, ccs-obfuscate-identifiers]
- --dump=DUMP
- (Advanced) debug only: dump (intermediate) output of the filter (2+: repeat) [none out of ccs-obfuscate-credentials, ccs-obfuscate-identifiers, ANY]
- Common options:
- Either in global (before <cmd>) or command scope (after <cmd>).
- --sys=SYS
- (Advanced) override autodetected system [linux]
- --dist=DIST
- override target distro (for SYS=linux; see --list-dists) [redhat,7.6,Nitrogen]
- -q, --quiet
- refrain from unnecesary messages (usually on stderr)
- --color=[WHEN]
- colorize messages if available [auto out of auto, never, always]
- -d, --debug
- shortcut for --loglevel=DEBUG
- --logfile=FILE
- specify log file (instead of stderr)
- --loglevel=LEVEL
- specify log level [WARNING out of NOTSET, DEBUG, INFO, WARNING, ERROR, CRITICAL]
Arguments to value-based `command options' can go without labels when the order wrt. parsing logic respected; skipping those backed by default values otherwise requiring specification then allowed by syntactic sugar: all can be passed as a single, first, ::-delimited argument; magic files: `-', `@DIGIT+'. `{formula}' in output file spec: input-backed (e.g. hash) substitution recipe. All available commands listed as `clufter --list'.
AUTHOR¶
Written by Jan Pokorný <jpokorny+pkg-clufter@redhat.com> and plugin authors.
REPORTING BUGS¶
Report bugs to <https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%207&component=clufter>
COPYRIGHT¶
Copyright © 2018 Red Hat, Inc. Licensed under GPLv2+.
SEE ALSO¶
cluster.conf(5), ccs(7), clufter(1),
clufter-ccs-artefacts(1), clufter-ccs-disable-rg(1), clufter-ccs-revitalize(1), and perhaps more
| November 2018 | clufter 0.77.1 |