1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
; crmsh configuration file
; To override per user, create a file ~/.config/crm/crm.conf
;
; [core]
; editor = $EDITOR
; pager = $PAGER
; user =
; skill_level = expert
; sort_elements = yes
; check_frequency = always
; check_mode = strict
; wait = no
; add_quotes = yes
; manage_children = ask
; force = no
; debug = no
; ptest = ptest, crm_simulate
; dotty = dotty
; dot = dot
; ignore_missing_metadata = no
; report_tool_options =
; lock_timeout = 120
; set OCF_1_1_SUPPORT to yes is to fully turn on OCF 1.1 feature once the corresponding CIB detected.
; OCF_1_1_SUPPORT = yes
; obscure_pattern option is the persisent configuration of CLI.
; Example, for the high security concern, obscure_pattern = passw* | ip
; which makes `crm configure show` is equal to
;
; node-1:~ # crm configure show obscure:passw* obscure:ip
; node 1084783297: node1
; primitive fence_device stonith:fence_ilo5 \
; params password="******"
; primitive ip IPaddr2 \
; params ip="******"
;
; The default option is passw*
; If you don't want to obscure, change the value to blank.
;
; obscure_pattern = passw*
[path]
; sharedir = <detected>
; cache = <detected>
; crm_config = <detected>
; crm_daemon_dir = <detected>
crm_daemon_user = @CRM_DAEMON_USER@
ocf_root = @OCF_ROOT_DIR@
; crm_dtd_dir = <detected>
; pe_state_dir = <detected>
; heartbeat_dir = <detected>
; hb_delnode = /usr/share/heartbeat/hb_delnode
; nagios_plugins = /usr/lib/nagios/plugins
; [color]
; style = color
; error = red bold
; ok = green bold
; warn = yellow bold
; info = cyan
; help_keyword = blue bold underline
; help_header = normal bold
; help_topic = yellow bold
; help_block = cyan
; keyword = yellow
; identifier = normal
; attr_name = cyan
; attr_value = red
; resource_reference = green
; id_reference = green
; score = magenta
; ticket = magenta
; [report]
; from_time = -12H
; compress = yes
; speed_up = no
; collect_extra_logs = /var/log/messages /var/log/pacemaker.log
; remove_exist_dest = no
; single_node = no
;
; sanitize_rule = sanitize_pattern[:options] ...
;
; This defines the way to hide sensitive data generated by crm report.
;
; 'sanitize_pattern' is a RegEx string, which is used to matches 'name'
; field of CIB params. The sanitize process will hide 'value' of those
; matched 'name:value' pairs in CIB, PE, pacemaker.log.
;
; 'options' is the predefined, and 'raw' is the only one defined
; currently. With ':raw" option, the sanitize process will fetch
; 'value' results out of CIB 'name:value' pairs, and use them to
; hide all clear text occurence from all files crm report collected.
;
; Example 1:
; sanitize_rule = passw.*
;
; This is the default. It will hide password nam:value pairs.
; The result of crm report clould be like
; name="password", value=******
; @name=password @value=******
; passwd=******
;
;
; Example 2:
; sanitize_rule = ip.*:raw
;
; This will only hide ip addresses. Example, the sanitize process will fetch
; ip=10.10.10.10 and replace all clear text occurrence of "10.10.10.10"
;
;
; Example 3:
; sanitize_rule = passw.*|ip.*:raw
;
; This is useful for the higher security concern.
; The sanitize process will hide all "name:value" pair for password like in
; example 1, and all clear text ip addresses like in example 2 above.
;
; sanitize_rule = passw.*
|
