[jira] [Updated] (HDDS-15385) Accommodate users who cannot rely on webUI functionality with CLI changes

[Ryan Blough (Jira)]

     [ 
https://issues.apache.org/jira/browse/HDDS-15385?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ryan Blough updated HDDS-15385:
-------------------------------
    Summary: Accommodate users who cannot rely on webUI functionality with CLI 
changes  (was: We should accommodate users who work in heavily secured 
environments who cannot rely on webUI functionality with CLI changes)

> Accommodate users who cannot rely on webUI functionality with CLI changes
> -------------------------------------------------------------------------
>
>                 Key: HDDS-15385
>                 URL: https://issues.apache.org/jira/browse/HDDS-15385
>             Project: Apache Ozone
>          Issue Type: Epic
>          Components: Ozone CLI
>            Reporter: Ryan Blough
>            Priority: Major
>
> By design, several functions in Ozone rely on the webUI. The most clear-cut 
> is Recon, but other examples include commands like:
>  * ozone daemonlog (inherited from hadoop daemonlog)
>  * ozone insight (targeting certain debug log categories)
> The key problem is that webUIs are not reliable in secured environments. 
> There is a fairly large combination of firewall policies, encryption layers, 
> privilege restrictions, proxy configurations, up to and including blanket 
> policy prohibitions against exposing any interface which could plausibly 
> contain sensitive data (like debug logs or configurations). Anything that 
> disables or restricts access to the webUI outside of the control of the 
> cluster admin team _also_ breaks the functionality of these commands.
> Unfortunately it is also the case that heavily secured enterprise 
> environments are the same environments that would benefit the most from being 
> able to change log levels, or at least fetch debug log details, without 
> having to change configurations or undergo restarts. This leaves an important 
> segment of heavy users of Ozone unable to efficiently troubleshoot 
> non-obvious problems.
> I think the solution is to skip contact with webUI endpoints, and get the 
> data locally before it is served by the webUI. I suspect this in turn would 
> require some changes to make the data being served by the webUI more 
> accessible to direct CLI access.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@ozone.apache.org
For additional commands, e-mail: issues-h...@ozone.apache.org