search

ansible-middleware / amq

A collection to manage AMQ brokers
Apache License 2.0
13 stars 11 forks source link

The artemis mask command writes additional output when other jars are present in the lib folder, such as the prometheus jar. This creates a misconfiguration. Perhaps it is a problem in the upstream version? #97

Closed RobertFloor closed 9 months ago

RobertFloor commented 9 months ago
SUMMARY

The artemis mask command writes additional output when other jars are present in the lib folder, such as the prometheus jar. This creates a misconfiguration. Perhaps it is a problem in the upstream version?

ISSUE TYPE
ANSIBLE VERSION
[default@c6ca8d3c3c60 /]$ ansible --version
ansible [core 2.15.3]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/default/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/default/.local/lib/python3.11/site-packages/ansible
  ansible collection location = /home/default/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/default/.local/bin/ansible
  python version = 3.11.2 (main, Jun  6 2023, 07:39:01) [GCC 8.5.0 20210514 (Red Hat 8.5.0-18)] (/usr/bin/python3.11)
  jinja version = 3.1.2
  libyaml = True
COLLECTION VERSION
[default@c6ca8d3c3c60 /]$ ansible-galaxy collection list

# /home/default/.ansible/collections/ansible_collections
Collection                    Version
----------------------------- -------
middleware_automation.amq     1.3.10
middleware_automation.common  1.1.2

# /home/default/.local/lib/python3.11/site-packages/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    6.3.0
ansible.netcommon             5.1.2
ansible.posix                 1.5.4
ansible.utils                 2.10.3
ansible.windows               1.14.0
arista.eos                    6.0.1
awx.awx                       22.6.0
azure.azcollection            1.16.0
check_point.mgmt              5.1.1
chocolatey.chocolatey         1.5.1
cisco.aci                     2.7.0
cisco.asa                     4.0.1
cisco.dnac                    6.7.3
cisco.intersight              1.0.27
cisco.ios                     4.6.1
cisco.iosxr                   5.0.3
cisco.ise                     2.5.14
cisco.meraki                  2.15.3
cisco.mso                     2.5.0
cisco.nso                     1.0.3
cisco.nxos                    4.4.0
cisco.ucs                     1.10.0
cloud.common                  2.1.4
cloudscale_ch.cloud           2.3.1
community.aws                 6.2.0
community.azure               2.0.0
community.ciscosmb            1.0.6
community.crypto              2.15.0
community.digitalocean        1.24.0
community.dns                 2.6.0
community.docker              3.4.8
community.fortios             1.0.0
community.general             7.3.0
community.google              1.0.0
community.grafana             1.5.4
community.hashi_vault         5.0.0
community.hrobot              1.8.1
community.libvirt             1.2.0
community.mongodb             1.6.1
community.mysql               3.7.2
community.network             5.0.0
community.okd                 2.3.0
community.postgresql          2.4.3
community.proxysql            1.5.1
community.rabbitmq            1.2.3
community.routeros            2.9.0
community.sap                 1.0.0
community.sap_libs            1.4.1
community.skydive             1.0.0
community.sops                1.6.4
community.vmware              3.9.0
community.windows             1.13.0
community.zabbix              2.1.0
containers.podman             1.10.2
cyberark.conjur               1.2.0
cyberark.pas                  1.0.19
dellemc.enterprise_sonic      2.2.0
dellemc.openmanage            7.6.1
dellemc.powerflex             1.7.0
dellemc.unity                 1.7.1
f5networks.f5_modules         1.25.1
fortinet.fortimanager         2.2.1
fortinet.fortios              2.3.1
frr.frr                       2.0.2
gluster.gluster               1.0.2
google.cloud                  1.2.0
grafana.grafana               2.1.5
hetzner.hcloud                1.16.0
hpe.nimble                    1.1.4
ibm.qradar                    2.1.0
ibm.spectrum_virtualize       1.12.0
infinidat.infinibox           1.3.12
infoblox.nios_modules         1.5.0
inspur.ispim                  1.3.0
inspur.sm                     2.3.0
junipernetworks.junos         5.2.0
kubernetes.core               2.4.0
lowlydba.sqlserver            2.1.0
microsoft.ad                  1.3.0
netapp.aws                    21.7.0
netapp.azure                  21.10.0
netapp.cloudmanager           21.22.0
netapp.elementsw              21.7.0
netapp.ontap                  22.7.0
netapp.storagegrid            21.11.1
netapp.um_info                21.8.0
netapp_eseries.santricity     1.4.0
netbox.netbox                 3.13.0
ngine_io.cloudstack           2.3.0
ngine_io.exoscale             1.0.0
ngine_io.vultr                1.1.3
openstack.cloud               2.1.0
openvswitch.openvswitch       2.1.1
ovirt.ovirt                   3.1.2
purestorage.flasharray        1.20.0
purestorage.flashblade        1.12.1
purestorage.fusion            1.6.0
sensu.sensu_go                1.14.0
servicenow.servicenow         1.0.6
splunk.es                     2.1.0
t_systems_mms.icinga_director 1.33.1
telekom_mms.icinga_director   1.34.1
theforeman.foreman            3.12.0
vmware.vmware_rest            2.3.1
vultr.cloud                   1.8.0
vyos.vyos                     4.1.0
wti.remote                    1.0.5
STEPS TO REPRODUCE

This works

[root@amq1 bin]# ./artemis mask --password-codec --hash test
2023-09-08 14:37:19,168 INFO  [org.apache.activemq.artemis.core.server] AMQ221082: Initializing metrics plugin com.redhat.amq.broker.core.server.metrics.plugins.ArtemisPrometheusMetricsPlugin with properties: {}
result: c5a9a21e812fea2794df0114fa7c78b0:a52d7c2dff4a36c7b4ed381b067872b154e88e0b0017ec9a53defdbe865b67161bf4b32f0c22e6928a015afcc5aef512ab0b55f0237f459a39ad5025713aecf6

But logging ends up in the artemis.users file

amq-admin = ENC(2023-09-08 14:35:33,856 INFO  [org.apache.activemq.artemis.core.server] AMQ221082: Initializing metrics plugin com.redhat.amq.broker.core.server.metrics.plugins.ArtemisPrometheusMetricsPlugin with properties: {}
63657b38db1a65d197efd58a56af275c:b6a4fc05591317fd0bc95c7c5a3dbd6ab41764b93cd51aa31a8efb90c9f6ed712dc5d49a7cafc2d90f4e5bce30683aeb7b8160ae19791baf1edd8498bbab41d3)
amq-application-sa = ENC(2023-09-08 14:35:38,378 INFO  [org.apache.activemq.artemis.core.server] AMQ221082: Initializing metrics plugin com.redhat.amq.broker.core.server.metrics.plugins.ArtemisPrometheusMetricsPlugin with properties: {}
f42e63958b97a33141455b2265e04b25:b12c5cb6fbc0adf9d21027473a3d9c7eb16e8c98d6fc4d6c6cfcee53ba1faba47ac3855ef12af9fa82bd673b69d0fddb4ebb4d076e03f10e4bfca1dd0e29e09c)
amq-testers-sa = ENC(2023-09-08 14:35:42,274 INFO  [org.apache.activemq.artemis.core.server] AMQ221082: Initializing metrics plugin com.redhat.amq.broker.core.server.metrics.plugins.ArtemisPrometheusMetricsPlugin with properties: {}
c11e766e2c53940384a1000c908a9be8:238040adcb3a10d85abe2fc6dd136578cec1e8844a173fdde4ad9ed40e3d5df7f017bcb8f1bad4da177dd3b2b2dde5ff9d03500b7600c2375b17ad4b8eaaeebf)

The logging suggests there is a problem with ArtemisPrometheusMetricsPlugin. When I remove this from the broker.xml

    <metrics>
      <plugin class-name="com.redhat.amq.broker.core.server.metrics.plugins.ArtemisPrometheusMetricsPlugin"/>
    </metrics>

I get a password mask command without logging

[root@amq1 bin]# ./artemis mask --password-codec --hash test
result: 5904b58f3a1475b931823395d439069c:2c12c60c736f6a6be94aed1172a67060bc887b7575eebdad54325df76995f9cbabcb220745059502a2f478e7dd4c26747c1b4bd484dc9e939c7fb49cd90263aa
EXPECTED RESULTS

Get not additional login when running artemis amsk command

ACTUAL RESULTS
amq-admin = ENC(2023-09-08 14:35:33,856 INFO  [org.apache.activemq.artemis.core.server] AMQ221082: Initializing metrics plugin com.redhat.amq.broker.core.server.metrics.plugins.ArtemisPrometheusMetricsPlugin with properties: {}
63657b38db1a65d197efd58a56af275c:b6a4fc05591317fd0bc95c7c5a3dbd6ab41764b93cd51aa31a8efb90c9f6ed712dc5d49a7cafc2d90f4e5bce30683aeb7b8160ae19791baf1edd8498bbab41d3)
amq-application-sa = ENC(2023-09-08 14:35:38,378 INFO  [org.apache.activemq.artemis.core.server] AMQ221082: Initializing metrics plugin com.redhat.amq.broker.core.server.metrics.plugins.ArtemisPrometheusMetricsPlugin with properties: {}
f42e63958b97a33141455b2265e04b25:b12c5cb6fbc0adf9d21027473a3d9c7eb16e8c98d6fc4d6c6cfcee53ba1faba47ac3855ef12af9fa82bd673b69d0fddb4ebb4d076e03f10e4bfca1dd0e29e09c)
amq-testers-sa = ENC(2023-09-08 14:35:42,274 INFO  [org.apache.activemq.artemis.core.server] AMQ221082: Initializing metrics plugin com.redhat.amq.broker.core.server.metrics.plugins.ArtemisPrometheusMetricsPlugin with properties: {}
c11e766e2c53940384a1000c908a9be8:238040adcb3a10d85abe2fc6dd136578cec1e8844a173fdde4ad9ed40e3d5df7f017bcb8f1bad4da177dd3b2b2dde5ff9d03500b7600c2375b17ad4b8eaaeebf)
RobertFloor commented 9 months ago

We could prevent is if we add this filter to our log4j config file, but it needs to stay there every run:

appender.console.filter.1.type = RegexFilter
appender.console.filter.1.regex = .*221082.*
appender.console.filter.1.onMatch = DENY
appender.console.filter.1.onMismatch = NEUTRAL
guidograzioli commented 9 months ago

The issue is being evaluated upstream; in any case can you check if the merged PR above fixes your issue in the collection?

RobertFloor commented 9 months ago

yes it fixes our problem