hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From w...@apache.org
Subject hadoop git commit: HADOOP-11344. KMS kms-config.sh sets a default value for the keystore password even in non-ssl setup. Contributed by Arun Suresh.
Date Wed, 03 Dec 2014 03:04:40 GMT
Repository: hadoop
Updated Branches:
  refs/heads/branch-2 d6f3d4893 -> c962eef53


HADOOP-11344. KMS kms-config.sh sets a default value for the keystore password even in non-ssl
setup. Contributed by Arun Suresh.

(cherry picked from commit 3d48ad7eb424206dd1528179b35de4cdf51afdf3)


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/c962eef5
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/c962eef5
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/c962eef5

Branch: refs/heads/branch-2
Commit: c962eef533024e176c5962623164e48c365ec458
Parents: d6f3d48
Author: Andrew Wang <wang@apache.org>
Authored: Tue Dec 2 19:04:20 2014 -0800
Committer: Andrew Wang <wang@apache.org>
Committed: Tue Dec 2 19:04:33 2014 -0800

----------------------------------------------------------------------
 hadoop-common-project/hadoop-common/CHANGES.txt             | 3 +++
 .../hadoop-kms/src/main/libexec/kms-config.sh               | 9 +++++++--
 hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh       | 4 +++-
 3 files changed, 13 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/c962eef5/hadoop-common-project/hadoop-common/CHANGES.txt
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt
index 58bc0ad..1c41002 100644
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@@ -127,6 +127,9 @@ Release 2.7.0 - UNRELEASED
     HADOOP-11337. KeyAuthorizationKeyProvider access checks need to be done
     atomically. (Dian Fu via wang)
 
+    HADOOP-11344. KMS kms-config.sh sets a default value for the keystore
+    password even in non-ssl setup. (Arun Suresh via wang)
+
 Release 2.6.0 - 2014-11-18
 
   INCOMPATIBLE CHANGES

http://git-wip-us.apache.org/repos/asf/hadoop/blob/c962eef5/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh b/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh
index d36ab4d..3ac929a 100644
--- a/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh
+++ b/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh
@@ -150,9 +150,14 @@ else
   print "Using   KMS_SSL_KEYSTORE_FILE:     ${KMS_SSL_KEYSTORE_FILE}"
 fi
 
+# If KMS_SSL_KEYSTORE_PASS is explicitly set to ""
+# then reset to "password". DO NOT set to "password" if
+# variable is NOT defined.
 if [ "${KMS_SSL_KEYSTORE_PASS}" = "" ]; then
-  export KMS_SSL_KEYSTORE_PASS=password
-  print "Setting KMS_SSL_KEYSTORE_PASS:     ********"
+  if [ -n "${KMS_SSL_KEYSTORE_PASS+1}" ]; then
+    export KMS_SSL_KEYSTORE_PASS=password
+    print "Setting KMS_SSL_KEYSTORE_PASS:     ********"
+  fi
 else
   KMS_SSL_KEYSTORE_PASS_DISP=`echo ${KMS_SSL_KEYSTORE_PASS} | sed 's/./*/g'`
   print "Using   KMS_SSL_KEYSTORE_PASS:     ${KMS_SSL_KEYSTORE_PASS_DISP}"

http://git-wip-us.apache.org/repos/asf/hadoop/blob/c962eef5/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh b/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh
index 1e40e10..24a1f54 100644
--- a/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh
+++ b/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh
@@ -54,7 +54,7 @@ catalina_opts="${catalina_opts} -Dkms.ssl.keystore.file=${KMS_SSL_KEYSTORE_FILE}
 print "Adding to CATALINA_OPTS:     ${catalina_opts}"
 print "Found KMS_SSL_KEYSTORE_PASS:     `echo ${KMS_SSL_KEYSTORE_PASS} | sed 's/./*/g'`"
 
-export CATALINA_OPTS="${CATALINA_OPTS_DISP} ${catalina_opts}"
+export CATALINA_OPTS="${CATALINA_OPTS} ${catalina_opts}"
 
 # A bug in catalina.sh script does not use CATALINA_OPTS for stopping the server
 #
@@ -64,6 +64,8 @@ fi
 
 # If ssl, the populate the passwords into ssl-server.xml before starting tomcat
 if [ ! "${KMS_SSL_KEYSTORE_PASS}" = "" ] || [ ! "${KMS_SSL_TRUSTSTORE_PASS}" = "" ]; then
+  # Set a KEYSTORE_PASS if not already set
+  KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password}
   cat ${CATALINA_BASE}/conf/ssl-server.xml.conf \
     | sed 's/_kms_ssl_keystore_pass_/'${KMS_SSL_KEYSTORE_PASS}'/g' \
     | sed 's/_kms_ssl_truststore_pass_/'${KMS_SSL_TRUSTSTORE_PASS}'/g' > ${CATALINA_BASE}/conf/ssl-server.xml


Mime
View raw message