hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From xg...@apache.org
Subject [38/57] [abbrv] hadoop git commit: HADOOP-13990. Document KMS usage of CredentialProvider API. Contributed by John Zhuge.
Date Thu, 26 Jan 2017 21:12:32 GMT
HADOOP-13990. Document KMS usage of CredentialProvider API. Contributed by John Zhuge.


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/9c0a4d3e
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/9c0a4d3e
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/9c0a4d3e

Branch: refs/heads/YARN-5734
Commit: 9c0a4d3e71910db58d76f8ad7b597fb7a1f300ed
Parents: b57368b
Author: Xiao Chen <xiao@apache.org>
Authored: Tue Jan 24 21:30:10 2017 -0800
Committer: Xiao Chen <xiao@apache.org>
Committed: Tue Jan 24 21:30:10 2017 -0800

----------------------------------------------------------------------
 .../hadoop-common/src/site/markdown/CredentialProviderAPI.md      | 1 +
 hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm    | 3 +++
 2 files changed, 4 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/9c0a4d3e/hadoop-common-project/hadoop-common/src/site/markdown/CredentialProviderAPI.md
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/site/markdown/CredentialProviderAPI.md
b/hadoop-common-project/hadoop-common/src/site/markdown/CredentialProviderAPI.md
index 30dfdd8..5e475ce 100644
--- a/hadoop-common-project/hadoop-common/src/site/markdown/CredentialProviderAPI.md
+++ b/hadoop-common-project/hadoop-common/src/site/markdown/CredentialProviderAPI.md
@@ -100,6 +100,7 @@ In summary, first, provision the credentials into a provider then configure
the
 |SSL Passwords        |FileBasedKeyStoresFactory leverages the credential provider API in
order to resolve the SSL related passwords.|TODO|
 |HDFS                 |DFSUtil leverages Configuration.getPassword method to use the credential
provider API and/or fallback to the clear text value stored in ssl-server.xml.|TODO|
 |YARN                 |WebAppUtils uptakes the use of the credential provider API through
the new method on Configuration called getPassword. This provides an alternative to storing
the passwords in clear text within the ssl-server.xml file while maintaining backward compatibility.|TODO|
+|KMS                  |Uses HttpServer2.loadSSLConfiguration that leverages Configuration.getPassword
to read SSL related credentials. They may be resolved through Credential Provider and/or from
the clear text in the config when allowed.|[KMS](../../hadoop-kms/index.html)|
 |AWS <br/> S3/S3A     |Uses Configuration.getPassword to get the S3 credentials. They
may be resolved through the credential provider API or from the config for backward compatibility.|[AWS
S3/S3A Usage](../../hadoop-aws/tools/hadoop-aws/index.html)|
 |Azure <br/> WASB     |Uses Configuration.getPassword to get the WASB credentials.
They may be resolved through the credential provider API or from the config for backward compatibility.|[Azure
WASB Usage](../../hadoop-azure/index.html)|
 |Azure <br/> ADLS     |Uses Configuration.getPassword to get the ADLS credentials.
They may be resolved through the credential provider API or from the config for backward compatibility.|[Azure
ADLS Usage](../../hadoop-azure-datalake/index.html)|

http://git-wip-us.apache.org/repos/asf/hadoop/blob/9c0a4d3e/hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm b/hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm
index 810d568..09284e5 100644
--- a/hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm
+++ b/hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm
@@ -302,6 +302,9 @@ Configure `etc/hadoop/ssl-server.xml` with proper values, for example:
 </property>
 ```
 
+The SSL passwords can be secured by a credential provider. See
+[Credential Provider API](../../../hadoop-project-dist/hadoop-common/CredentialProviderAPI.html).
+
 You need to create an SSL certificate for the KMS. As the `kms` Unix user, using the Java
`keytool` command to create the SSL certificate:
 
     $ keytool -genkey -alias jetty -keyalg RSA


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org


Mime
View raw message