Log the difference in taupage.yaml on startup #207

a1exsh · 2016-04-12T15:05:08Z

For the stateful applications it might be helpful to have the changes
to Taupage configurtion in the EC2 instance user data to be logged
across restarts.

Using diff with zero lines of unified context: we are only interested
in the changed values.

For the stateful applications it might be helpful to have the changes to Taupage configurtion in the EC2 instance user data to be logged across restarts. Using diff with zero lines of unified context: we are only interested in the changed values.

hjacobs · 2016-04-12T15:06:25Z

Hmm, that does not honor masking sensitive information 😞

hjacobs · 2016-04-12T15:07:18Z

i.e. it would log potentially sensitive information (e.g. think about Plan B Cassandra admin password) to the logging provider => not good

a1exsh · 2016-04-12T15:09:24Z

This is sent to cloud-init-output.log. does this get uploaded to log
service also?

A password will be logged only if it was changed, and yes we can try to
sed/grep it.

On Tue, Apr 12, 2016, 17:07 Henning Jacobs [email protected] wrote:

i.e. it would log potentially sensitive information (e.g. think about Plan
B Cassandra admin password) to the logging provider => not good

—
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub
#207 (comment)

hjacobs · 2016-04-12T15:11:04Z

@a1exsh can you check syslog (which is pushed to log provider)?

a1exsh · 2016-04-12T15:14:12Z

Nothing from that is logged to syslog.

The password will be logged to that could-init-output.log though on first bootup I think.

hjacobs · 2016-04-12T15:20:55Z

runtime/usr/lib/python2.7/dist-packages/cloudinit/handlers/zalando_ami_config.py

+            util.write_file(TMP_TAUPAGE_CONFIG, config_yaml, 0o444)
+
+            LOG.debug("Comparing current configuration with the old one...")
+            subprocess.call(['diff', '-u0', TAUPAGE_CONFIG, TMP_TAUPAGE_CONFIG])


this will fail the first time (/meta/taupage.yaml not there yet)? would be annoying to see an error in the logs..

Ah, yes, good point. Will fix.

Actually, should it not be throwing an error earlier when it tries to read the config with:

LOG.debug("Loading existing configuration...") config_yaml = util.read_file_or_url(TAUPAGE_CONFIG)

?

Ah yes, we always have a /meta/taupage.yaml containing default values (created during Taupage AMI build).

Good, then there's nothing to change at this line. :-)

femueller · 2016-05-10T07:29:04Z

Looks good to me 👍

hjacobs reviewed Apr 12, 2016
View reviewed changes

femueller merged commit 8c22d25 into zalando-stups:master May 10, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Log the difference in taupage.yaml on startup #207

Log the difference in taupage.yaml on startup #207

a1exsh commented Apr 12, 2016

hjacobs commented Apr 12, 2016

hjacobs commented Apr 12, 2016

a1exsh commented Apr 12, 2016

hjacobs commented Apr 12, 2016

a1exsh commented Apr 12, 2016

hjacobs Apr 12, 2016

a1exsh Apr 12, 2016

a1exsh Apr 12, 2016

hjacobs Apr 12, 2016

a1exsh Apr 12, 2016

femueller commented May 10, 2016

Log the difference in taupage.yaml on startup #207

Log the difference in taupage.yaml on startup #207

Conversation

a1exsh commented Apr 12, 2016

hjacobs commented Apr 12, 2016

hjacobs commented Apr 12, 2016

a1exsh commented Apr 12, 2016

hjacobs commented Apr 12, 2016

a1exsh commented Apr 12, 2016

hjacobs Apr 12, 2016

Choose a reason for hiding this comment

a1exsh Apr 12, 2016

Choose a reason for hiding this comment

a1exsh Apr 12, 2016

Choose a reason for hiding this comment

hjacobs Apr 12, 2016

Choose a reason for hiding this comment

a1exsh Apr 12, 2016

Choose a reason for hiding this comment

femueller commented May 10, 2016