Shulou(Shulou.com)06/01 Report--

How to desensitize the Cloudera Manager database password, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, I hope you can gain something.

Warm Tip: if using a computer to view the picture is not clear, you can use your mobile phone to open the article and click on the picture in the article to enlarge to see the original picture in high definition.

one

Problem recurrence

We know that the database account password information used by Cloudera Manager is saved in the db.properties file in the / etc/cloudera-scm-server directory, but open this file to view and find that the password option of the database is in clear text, as shown:

If this method saves the password plaintext directly in the file, it is sometimes unacceptable for the production safety requirements of some enterprises. Cloudera officials do not provide a way to desensitize the password plaintext in the file directly, but another method is given.

Test environment

1.CDH6.1

2.Redhat7.4

3. Use root to operate

two

Problem solving

1. Create a script file scm-passwd.sh in the / etc/cloudera-scm-server/ directory and enter the database password for CM

Echo "password"

two。 Modify the group and permissions of the file

Chmod 500 scm-passwd.sh

Chown cloudera-scm:cloudera-scm scm-passwd.sh

3. Mask the old password attribute entry in the db.properties file, add the following, and save the file.

Com.cloudera.cmf.db.password_script=/etc/cloudera-scm-server/scm-passwd.sh

4. Restart the cloudera-scm-server service.

Systemctl restart cloudera-scm-server

5. Log in to CM again and the interface access is normal.

Summary

The database password for 1.Cloudera Manager is saved in clear text in a separate file by default, which has fewer permissions and can only be viewed by root and cloudera-scm users.

two。 The official provides the way to save the database password into a script file separately, and then introduce the script file into the original db.properties file.

When 3.CM runs, if the / etc/cloudera-scm-server/db.properties file does not contain the com.cloudera.cmf.db.password_script attribute, the system starts looking for the value of the com.cloudera.cmf.db.password attribute.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.