clufter-ccs-obfuscate (1) - Linux Manuals

clufter-ccs-obfuscate: ccs-obfuscate

NAME

clufter - ccs-obfuscate

SYNOPSIS

clufter [<global option> ...] ccs-obfuscate [<cmd option ...>]

DESCRIPTION

Obfuscate credentials/IDs in CMAN-based cluster config.

Either obfuscation pass can be suppressed by skip parameter, by default they are performed both in row.

Following conventions are used for substituted ids/credentials: 1. identifiers used for crosslinking (referential integrity) ought to be converted in a way not violating this integrity 2. identifiers clearly out of referential integrity (i.e., arbitrary value unrelated to the rest of the XML tree) ought to be substituted with strings starting with 'REL-' 3. credentials ought to be substituted with strings starting with 'SECRET-' 4. overall, any affected item should be substituted with capitalized string to visually emphasize the substitution

OPTIONS

-h, --help

show help message and exit

-H, --help-full

full help message and exit

Command options:

-i INPUT, --input=INPUT

input CMAN-based cluster configuration file [/etc/cluster/cluster.conf]

-o OUTPUT, --output=OUTPUT

output file with obfuscated credentials/identifiers [c luster-obfuscated-{ccs-obfuscate-identifiers.in.hash}. conf]

-s SKIP, --skip=SKIP

pass to skip (none/ids/creds), neater than --noop [none]

--noop=NOOP

(Advanced) debug only: NOOPize filter (2+: repeat) [none out of ccs-obfuscate-credentials, ccs-obfuscate-identifiers]

--dump=DUMP

(Advanced) debug only: dump (intermediate) output of the filter (2+: repeat) [none out of ccs-obfuscate-credentials, ccs-obfuscate-identifiers, ANY]

Common options:

Either in global (before <cmd>) or command scope (after <cmd>).

--sys=SYS

(Advanced) override autodetected system [linux]

--dist=DIST

override target distro (for SYS=linux; see --list-dists) [centos,7.2.1511,Core]

-q, --quiet

refrain from unnecesary messages (usually on stderr)

--color=[WHEN]

colorize messages if available [auto out of auto, never, always]

-d, --debug

shortcut for --loglevel=DEBUG

--logfile=FILE

specify log file (instead of stderr)

--loglevel=LEVEL

specify log level [WARNING out of NOTSET, DEBUG, INFO, WARNING, ERROR, CRITICAL]

Arguments to value-based `command options' can go without labels when the order wrt. parsing logic respected; skipping those backed by default values otherwise requiring specification then allowed by syntactic sugar: all can be passed as a single, first, ::-delimited argument; magic files: `-', `@DIGIT+'. `{formula}' in output file spec: input-backed (e.g. hash) substitution recipe. All available commands listed as `clufter --list'.

AUTHOR

Written by Jan Pokorný <jpokorny+pkg-clufter [at] redhat.com> and plugin authors.

REPORTING BUGS

Report bugs to <https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%207&component=clufter>

COPYRIGHT

Copyright © 2016 Red Hat, Inc. Licensed under GPLv2+.