HAProxy Enterprise Documentation 2.7r1

set anon

Enable or disable anonymized mode for the current CLI session.

Description

In anonymized mode, fields in command outputs that are considered sensitive or confidential are obscured with hashes. These hashes are designed to be consistent throughout output so that troubleshooters can trace data in output without viewing the underlying sensitive data.

A key for the hash function can be appended as in set anon on <key>. The key must be a 32-bit integer between 0 and 4294967295.

The hashes have a low enough bit count (24) to make them non-reversible due to the high number of possible matches. When anonymization is turned on, if no key is specified, the global key is used (either specified in the configuration file by anonkey or set via the CLI command set anon global-key). If no such key has been set, a random one is generated. It is useful to specify the key to be used for the current session, for example, to reuse the key that was used in a previous dump to help compare outputs.

The set anon command applies only to the current API session. Therefore, it has no effect unless combined with other commands in the same session.

Examples

Enable anonymization for a show sess inline command, where the commands run once and then exit:

$ echo "set anon on; show sess" | \
   sudo socat stdio unix-connect:/var/run/hapee-2.7/hapee-lb.sock
0x56295ad1dcb0: proto=tcpv4 src=3129d1:60985 fe=1d10c8 be=7c69ee srv=f908f6
 ts=00 epoch=0x1 age=16s calls=3 rate=0 cpu=0 lat=0 rq[f=49c40000h,i=0,an=8000h,rx=,wx=,ax=]
 rp[f=80400000h,i=0,an=1400000h,rx=4m55s,wx=,ax=] scf=[8,80h,fd=86] scb=[8,11h,fd=42] exp=4m55s rc=0 c_exp=

Enable anonymization in an interactive session:

  1. Connect to the Runtime API socket:

    $ sudo socat stdio unix-connect:/var/run/hapee-2.7/hapee-lb.sock

  2. Start an interactive session:

    prompt

  3. Try a command with anonymization off:

    show sess
    0x56295ac7a100: proto=tcpv4 src=192.168.56.1:60950 fe=fe_main be=servers srv=web1
  ts=00 epoch=0 age=4s calls=2 rate=0 cpu=0 lat=0 rq[f=49c40080h,i=0,an=8000h,rx=,wx=,ax=]
  rp[f=80400000h,i=0,an=1400000h,rx=4m55s,wx=,ax=] scf=[8,80h,fd=23] scb=[8,11h,fd=57] exp=5s rc=0 c_exp=

  4. Enable anonymization.

    set anon on

  5. Use a command that will now have its output anonymized.

    show sess
    0x56295ad1dcb0: proto=tcpv4 src=3129d1:60985 fe=1d10c8 be=7c69ee srv=f908f6
 ts=00 epoch=0x1 age=16s calls=3 rate=0 cpu=0 lat=0 rq[f=49c40000h,i=0,an=8000h,rx=,wx=,ax=]
 rp[f=80400000h,i=0,an=1400000h,rx=4m55s,wx=,ax=] scf=[8,80h,fd=86] scb=[8,11h,fd=42] exp=4m55s rc=0 c_exp=

See also

Next up

set anon global-key