Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id B1BBF200BF7 for ; Mon, 9 Jan 2017 22:29:59 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id B0560160B49; Mon, 9 Jan 2017 21:29:59 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 0FB9C160B3E for ; Mon, 9 Jan 2017 22:29:57 +0100 (CET) Received: (qmail 27767 invoked by uid 500); 9 Jan 2017 21:29:56 -0000 Mailing-List: contact common-commits-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list common-commits@hadoop.apache.org Received: (qmail 27731 invoked by uid 99); 9 Jan 2017 21:29:56 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 09 Jan 2017 21:29:56 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 83214DF9E6; Mon, 9 Jan 2017 21:29:56 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: xgong@apache.org To: common-commits@hadoop.apache.org Date: Mon, 09 Jan 2017 21:29:59 -0000 Message-Id: In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [04/21] hadoop git commit: HADOOP-13597. Switch KMS from Tomcat to Jetty. Contributed by John Zhuge. archived-at: Mon, 09 Jan 2017 21:29:59 -0000 http://git-wip-us.apache.org/repos/asf/hadoop/blob/5d182949/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh b/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh index 7611f2a..b4955d5 100755 --- a/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh +++ b/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh @@ -13,92 +13,52 @@ # limitations under the License. # -MYNAME="${BASH_SOURCE-$0}" +MYNAME="${0##*/}" -function hadoop_usage +## @description Print usage +## @audience private +## @stability stable +## @replaceable no +function print_usage { - hadoop_add_subcommand "run" "Start kms in the current window" - hadoop_add_subcommand "run -security" "Start in the current window with security manager" - hadoop_add_subcommand "start" "Start kms in a separate window" - hadoop_add_subcommand "start -security" "Start in a separate window with security manager" - hadoop_add_subcommand "status" "Return the LSB compliant status" - hadoop_add_subcommand "stop" "Stop kms, waiting up to 5 seconds for the process to end" - hadoop_add_subcommand "top n" "Stop kms, waiting up to n seconds for the process to end" - hadoop_add_subcommand "stop -force" "Stop kms, wait up to 5 seconds and then use kill -KILL if still running" - hadoop_add_subcommand "stop n -force" "Stop kms, wait up to n seconds and then use kill -KILL if still running" - hadoop_generate_usage "${MYNAME}" false + cat </dev/null && pwd -P) - HADOOP_DEFAULT_LIBEXEC_DIR="${bin}/../libexec" -fi - -HADOOP_LIBEXEC_DIR="${HADOOP_LIBEXEC_DIR:-$HADOOP_DEFAULT_LIBEXEC_DIR}" -# shellcheck disable=SC2034 -HADOOP_NEW_CONFIG=true -if [[ -f "${HADOOP_LIBEXEC_DIR}/kms-config.sh" ]]; then - . "${HADOOP_LIBEXEC_DIR}/kms-config.sh" -else - echo "ERROR: Cannot execute ${HADOOP_LIBEXEC_DIR}/kms-config.sh." 2>&1 - exit 1 -fi - -# The Java System property 'kms.http.port' it is not used by Kms, -# it is used in Tomcat's server.xml configuration file -# - -hadoop_debug "Using CATALINA_OPTS: ${CATALINA_OPTS}" - -# We're using hadoop-common, so set up some stuff it might need: -hadoop_finalize - -hadoop_verify_logdir +echo "WARNING: ${MYNAME} is deprecated," \ + "please use 'hadoop [--daemon start|status|stop] kms'." >&2 if [[ $# = 0 ]]; then - case "${HADOOP_DAEMON_MODE}" in - status) - hadoop_status_daemon "${CATALINA_PID}" - exit - ;; - start) - set -- "start" - ;; - stop) - set -- "stop" - ;; - esac + print_usage + exit fi -hadoop_finalize_catalina_opts -export CATALINA_OPTS - -# A bug in catalina.sh script does not use CATALINA_OPTS for stopping the server -# -if [[ "${1}" = "stop" ]]; then - export JAVA_OPTS=${CATALINA_OPTS} -fi +case $1 in + run) + args=("kms") + ;; + start|stop|status) + args=("--daemon" "$1" "kms") + ;; + *) + echo "Unknown sub-command \"$1\"." + print_usage + exit 1 + ;; +esac -# If ssl, the populate the passwords into ssl-server.xml before starting tomcat -# -# KMS_SSL_KEYSTORE_PASS is a bit odd. -# if undefined, then the if test will not enable ssl on its own -# if "", set it to "password". -# if custom, use provided password -# -if [[ -f "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" ]]; then - if [[ -n "${KMS_SSL_KEYSTORE_PASS+x}" ]]; then - export KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password} - KMS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_xml_escape \ - "$(hadoop_sed_escape "$KMS_SSL_KEYSTORE_PASS")") - sed -e 's/"_kms_ssl_keystore_pass_"/'"\"${KMS_SSL_KEYSTORE_PASS_ESCAPED}\""'/g' \ - "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" \ - > "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml" - chmod 700 "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml" >/dev/null 2>&1 - fi +# Locate bin +if [[ -n "${HADOOP_HOME}" ]]; then + bin="${HADOOP_HOME}/bin" +else + sbin=$(cd -P -- "$(dirname -- "$0")" >/dev/null && pwd -P) + bin=$(cd -P -- "${sbin}/../bin" >/dev/null && pwd -P) fi -exec "${HADOOP_CATALINA_HOME}/bin/catalina.sh" "$@" +exec "${bin}/hadoop" "${args[@]}" \ No newline at end of file http://git-wip-us.apache.org/repos/asf/hadoop/blob/5d182949/hadoop-common-project/hadoop-kms/src/main/tomcat/ROOT/WEB-INF/web.xml ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/main/tomcat/ROOT/WEB-INF/web.xml b/hadoop-common-project/hadoop-kms/src/main/tomcat/ROOT/WEB-INF/web.xml deleted file mode 100644 index 9d0ae0d..0000000 --- a/hadoop-common-project/hadoop-kms/src/main/tomcat/ROOT/WEB-INF/web.xml +++ /dev/null @@ -1,16 +0,0 @@ - - - - http://git-wip-us.apache.org/repos/asf/hadoop/blob/5d182949/hadoop-common-project/hadoop-kms/src/main/tomcat/ROOT/index.html ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/main/tomcat/ROOT/index.html b/hadoop-common-project/hadoop-kms/src/main/tomcat/ROOT/index.html deleted file mode 100644 index e9e4512..0000000 --- a/hadoop-common-project/hadoop-kms/src/main/tomcat/ROOT/index.html +++ /dev/null @@ -1,27 +0,0 @@ - - - - Hadoop KMS - - -

Hadoop KMS

- - - http://git-wip-us.apache.org/repos/asf/hadoop/blob/5d182949/hadoop-common-project/hadoop-kms/src/main/tomcat/logging.properties ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/main/tomcat/logging.properties b/hadoop-common-project/hadoop-kms/src/main/tomcat/logging.properties deleted file mode 100644 index 7562719..0000000 --- a/hadoop-common-project/hadoop-kms/src/main/tomcat/logging.properties +++ /dev/null @@ -1,67 +0,0 @@ -# -# All Rights Reserved. -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -handlers = 1catalina.org.apache.juli.FileHandler, 2localhost.org.apache.juli.FileHandler, 3manager.org.apache.juli.FileHandler, 4host-manager.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler - -.handlers = 1catalina.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler - -############################################################ -# Handler specific properties. -# Describes specific configuration info for Handlers. -############################################################ - -1catalina.org.apache.juli.FileHandler.level = FINE -1catalina.org.apache.juli.FileHandler.directory = ${kms.log.dir} -1catalina.org.apache.juli.FileHandler.prefix = kms-catalina. - -2localhost.org.apache.juli.FileHandler.level = FINE -2localhost.org.apache.juli.FileHandler.directory = ${kms.log.dir} -2localhost.org.apache.juli.FileHandler.prefix = kms-localhost. - -3manager.org.apache.juli.FileHandler.level = FINE -3manager.org.apache.juli.FileHandler.directory = ${kms.log.dir} -3manager.org.apache.juli.FileHandler.prefix = kms-manager. - -4host-manager.org.apache.juli.FileHandler.level = FINE -4host-manager.org.apache.juli.FileHandler.directory = ${kms.log.dir} -4host-manager.org.apache.juli.FileHandler.prefix = kms-host-manager. - -java.util.logging.ConsoleHandler.level = FINE -java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter - - -############################################################ -# Facility specific properties. -# Provides extra control for each logger. -############################################################ - -org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO -org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = 2localhost.org.apache.juli.FileHandler - -org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].level = INFO -org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].handlers = 3manager.org.apache.juli.FileHandler - -org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level = INFO -org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].handlers = 4host-manager.org.apache.juli.FileHandler - -# For example, set the com.xyz.foo logger to only log SEVERE -# messages: -#org.apache.catalina.startup.ContextConfig.level = FINE -#org.apache.catalina.startup.HostConfig.level = FINE -#org.apache.catalina.session.ManagerBase.level = FINE -#org.apache.catalina.core.AprLifecycleListener.level=FINE http://git-wip-us.apache.org/repos/asf/hadoop/blob/5d182949/hadoop-common-project/hadoop-kms/src/main/tomcat/server.xml ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/main/tomcat/server.xml b/hadoop-common-project/hadoop-kms/src/main/tomcat/server.xml deleted file mode 100644 index d8fd161..0000000 --- a/hadoop-common-project/hadoop-kms/src/main/tomcat/server.xml +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://git-wip-us.apache.org/repos/asf/hadoop/blob/5d182949/hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf b/hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf deleted file mode 100644 index 272542a..0000000 --- a/hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf +++ /dev/null @@ -1,136 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://git-wip-us.apache.org/repos/asf/hadoop/blob/5d182949/hadoop-common-project/hadoop-kms/src/main/webapp/WEB-INF/web.xml ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/main/webapp/WEB-INF/web.xml b/hadoop-common-project/hadoop-kms/src/main/webapp/WEB-INF/web.xml deleted file mode 100644 index d081764..0000000 --- a/hadoop-common-project/hadoop-kms/src/main/webapp/WEB-INF/web.xml +++ /dev/null @@ -1,78 +0,0 @@ - - - - - - org.apache.hadoop.crypto.key.kms.server.KMSWebApp - - - - webservices-driver - com.sun.jersey.spi.container.servlet.ServletContainer - - com.sun.jersey.config.property.packages - org.apache.hadoop.crypto.key.kms.server - - - - - 1 - - - - jmx-servlet - org.apache.hadoop.crypto.key.kms.server.KMSJMXServlet - - - - webservices-driver - /* - - - - jmx-servlet - /jmx - - - - authFilter - org.apache.hadoop.crypto.key.kms.server.KMSAuthenticationFilter - - - - MDCFilter - org.apache.hadoop.crypto.key.kms.server.KMSMDCFilter - - - - authFilter - /* - - - - MDCFilter - /* - - - http://git-wip-us.apache.org/repos/asf/hadoop/blob/5d182949/hadoop-common-project/hadoop-kms/src/site/configuration.xsl ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/site/configuration.xsl b/hadoop-common-project/hadoop-kms/src/site/configuration.xsl new file mode 100644 index 0000000..8f2ae9b --- /dev/null +++ b/hadoop-common-project/hadoop-kms/src/site/configuration.xsl @@ -0,0 +1,49 @@ + + + + + + + + +

Configuration Properties

+ + + + + + + + + + + + + +
namevaluedescription
+ + + + + + + +
+ + + + http://git-wip-us.apache.org/repos/asf/hadoop/blob/5d182949/hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm b/hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm index 58c1fbd..810d568 100644 --- a/hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm +++ b/hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm @@ -29,7 +29,7 @@ The client is a KeyProvider implementation interacts with the KMS using the KMS KMS and its client have built-in security and they support HTTP SPNEGO Kerberos authentication and HTTPS secure transport. -KMS is a Java web-application and it runs using a pre-configured Tomcat bundled with the Hadoop distribution. +KMS is a Java Jetty web-application. KMS Client Configuration ------------------------ @@ -51,6 +51,15 @@ The following is an example to configure HDFS NameNode as a KMS client in KMS --- +$H3 Start/Stop the KMS + +To start/stop KMS, use `hadoop --daemon start|stop kms`. For example: + + hadoop-${project.version} $ hadoop --daemon start kms + +NOTE: The script `kms.sh` is deprecated. It is now just a wrapper of +`hadoop kms`. + $H3 KMS Configuration Configure the KMS backing KeyProvider properties in the `etc/hadoop/kms-site.xml` configuration file: @@ -71,6 +80,15 @@ The password file is looked up in the Hadoop's configuration directory via the c NOTE: You need to restart the KMS for the configuration changes to take effect. +$H3 KMS HTTP Configuration + +KMS pre-configures the HTTP port to 9600. + +KMS supports the following HTTP [configuration properties](./kms-default.html) +in `etc/hadoop/kms-site.xml`. + +NOTE: You need to restart the KMS for the configuration changes to take effect. + $H3 KMS Cache KMS has two kinds of caching: a CachingKeyProvider for caching the encryption keys, and a KeyProvider for caching the EEKs. @@ -180,36 +198,6 @@ The Aggregation interval is configured via the property : 10000 -$H3 Start/Stop the KMS - -To start/stop KMS use KMS's sbin/kms.sh script. For example: - - hadoop-${project.version} $ sbin/kms.sh start - -NOTE: Invoking the script without any parameters list all possible parameters (start, stop, run, etc.). The `kms.sh` script is a wrapper for Tomcat's `catalina.sh` script that sets the environment variables and Java System properties required to run KMS. - -$H3 Embedded Tomcat Configuration - -To configure the embedded Tomcat go to the `share/hadoop/kms/tomcat/conf`. - -KMS pre-configures the HTTP and Admin ports in Tomcat's `server.xml` to 9600 and 9601. - -Tomcat logs are also preconfigured to go to Hadoop's `logs/` directory. - -The following environment variables (which can be set in KMS's `etc/hadoop/kms-env.sh` script) can be used to alter those values: - -* KMS_HTTP_PORT -* KMS_ADMIN_PORT -* KMS_MAX_THREADS -* KMS_MAX_HTTP_HEADER_SIZE -* KMS_LOGNOTE: You need to restart the KMS for the configuration changes to take effect. - -$H3 Loading native libraries - -The following environment variable (which can be set in KMS's `etc/hadoop/kms-env.sh` script) can be used to specify the location of any required native libraries. For eg. Tomact native Apache Portable Runtime (APR) libraries: - -* JAVA_LIBRARY_PATH - $H3 KMS Security Configuration $H4 Enabling Kerberos HTTP SPNEGO Authentication @@ -279,20 +267,52 @@ If `users`, `groups` or `hosts` has a `*`, it means there are no restrictions fo $H4 KMS over HTTPS (SSL) -To configure KMS to work over HTTPS the following 2 properties must be set in the `etc/hadoop/kms_env.sh` script (shown with default values): +Enable SSL in `etc/hadoop/kms-site.xml`: -* KMS_SSL_KEYSTORE_FILE=$HOME/.keystore -* KMS_SSL_KEYSTORE_PASS=password +```xml + + hadoop.kms.ssl.enabled + true + + Whether SSL is enabled. Default is false, i.e. disabled. + + + +``` -In the KMS `tomcat/conf` directory, replace the `server.xml` file with the provided `ssl-server.xml` file. +Configure `etc/hadoop/ssl-server.xml` with proper values, for example: + +```xml + + ssl.server.keystore.location + ${user.home}/.keystore + Keystore to be used. Must be specified. + + + + ssl.server.keystore.password + + Must be specified. + + + + ssl.server.keystore.keypassword + + Must be specified. + +``` You need to create an SSL certificate for the KMS. As the `kms` Unix user, using the Java `keytool` command to create the SSL certificate: - $ keytool -genkey -alias tomcat -keyalg RSA + $ keytool -genkey -alias jetty -keyalg RSA -You will be asked a series of questions in an interactive prompt. It will create the keystore file, which will be named **.keystore** and located in the `kms` user home directory. +You will be asked a series of questions in an interactive prompt. It will +create the keystore file, which will be named **.keystore** and located in the +user's home directory. -The password you enter for "keystore password" must match the value of the `KMS_SSL_KEYSTORE_PASS` environment variable set in the `kms-env.sh` script in the configuration directory. +The password you enter for "keystore password" must match the value of the +property `ssl.server.keystore.password` set in the `ssl-server.xml` in the +configuration directory. The answer to "What is your first and last name?" (i.e. "CN") must be the hostname of the machine where the KMS will be running. @@ -1032,3 +1052,29 @@ $H4 Get Keys Metadata }, ... ] + +$H3 Deprecated Environment Variables + +The following environment variables are deprecated. Set the corresponding +configuration properties instead. + +Environment Variable | Configuration Property | Configuration File +-------------------------|------------------------------|-------------------- +KMS_HTTP_PORT | hadoop.kms.http.port | kms-site.xml +KMS_MAX_HTTP_HEADER_SIZE | hadoop.http.max.request.header.size and hadoop.http.max.response.header.size | kms-site.xml +KMS_MAX_THREADS | hadoop.http.max.threads | kms-site.xml +KMS_SSL_ENABLED | hadoop.kms.ssl.enabled | kms-site.xml +KMS_SSL_KEYSTORE_FILE | ssl.server.keystore.location | ssl-server.xml +KMS_SSL_KEYSTORE_PASS | ssl.server.keystore.password | ssl-server.xml +KMS_TEMP | hadoop.http.temp.dir | kms-site.xml + +$H3 Default HTTP Services + +Name | Description +-------------------|------------------------------------ +/conf | Display configuration properties +/jmx | Java JMX management interface +/logLevel | Get or set log level per class +/logs | Display log files +/stacks | Display JVM stacks +/static/index.html | The static home page \ No newline at end of file http://git-wip-us.apache.org/repos/asf/hadoop/blob/5d182949/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/MiniKMS.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/MiniKMS.java b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/MiniKMS.java index 8b181ad..f911c5b 100644 --- a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/MiniKMS.java +++ b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/MiniKMS.java @@ -17,83 +17,23 @@ */ package org.apache.hadoop.crypto.key.kms.server; -import com.google.common.base.Preconditions; - -import org.apache.commons.io.IOUtils; -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.fs.Path; -import org.apache.hadoop.http.JettyUtils; -import org.apache.hadoop.util.ThreadUtil; -import org.eclipse.jetty.http.HttpVersion; -import org.eclipse.jetty.server.ConnectionFactory; -import org.eclipse.jetty.server.HttpConfiguration; -import org.eclipse.jetty.server.HttpConnectionFactory; -import org.eclipse.jetty.server.SecureRequestCustomizer; -import org.eclipse.jetty.server.Server; -import org.eclipse.jetty.server.ServerConnector; -import org.eclipse.jetty.server.SslConnectionFactory; -import org.eclipse.jetty.util.ssl.SslContextFactory; -import org.eclipse.jetty.webapp.WebAppContext; - import java.io.File; import java.io.FileOutputStream; import java.io.FileWriter; +import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.io.Writer; -import java.io.IOException; -import java.net.MalformedURLException; import java.net.URL; -import java.util.UUID; - -public class MiniKMS { - private static Server createJettyServer(String keyStore, String password, int inPort) { - try { - boolean ssl = keyStore != null; - String host = "localhost"; - Server server = new Server(); - ServerConnector conn = new ServerConnector(server); - HttpConfiguration httpConfig = new HttpConfiguration(); - httpConfig.setRequestHeaderSize(JettyUtils.HEADER_SIZE); - httpConfig.setResponseHeaderSize(JettyUtils.HEADER_SIZE); - httpConfig.setSecureScheme("https"); - httpConfig.addCustomizer(new SecureRequestCustomizer()); - ConnectionFactory connFactory = new HttpConnectionFactory(httpConfig); - conn.addConnectionFactory(connFactory); - conn.setHost(host); - conn.setPort(inPort); - if (ssl) { - SslContextFactory sslContextFactory = new SslContextFactory(); - sslContextFactory.setNeedClientAuth(false); - sslContextFactory.setKeyStorePath(keyStore); - sslContextFactory.setKeyStoreType("jks"); - sslContextFactory.setKeyStorePassword(password); - conn.addFirstConnectionFactory( - new SslConnectionFactory(sslContextFactory, - HttpVersion.HTTP_1_1.asString())); - } - server.addConnector(conn); - return server; - } catch (Exception ex) { - throw new RuntimeException("Could not start embedded servlet container, " - + ex.getMessage(), ex); - } - } +import com.google.common.base.Preconditions; +import org.apache.commons.io.IOUtils; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.Path; +import org.apache.hadoop.security.ssl.SSLFactory; +import org.apache.hadoop.util.ThreadUtil; - private static URL getJettyURL(Server server) { - boolean ssl = server.getConnectors()[0] - .getConnectionFactory(SslConnectionFactory.class) != null; - try { - String scheme = (ssl) ? "https" : "http"; - return new URL(scheme + "://" + - ((ServerConnector)server.getConnectors()[0]).getHost() + ":" - + ((ServerConnector)server.getConnectors()[0]).getLocalPort()); - } catch (MalformedURLException ex) { - throw new RuntimeException("It should never happen, " + ex.getMessage(), - ex); - } - } +public class MiniKMS { public static class Builder { private File kmsConfDir; @@ -150,7 +90,7 @@ public class MiniKMS { private String log4jConfFile; private String keyStore; private String keyStorePassword; - private Server jetty; + private KMSWebServer jetty; private int inPort; private URL kmsURL; @@ -178,7 +118,6 @@ public class MiniKMS { } public void start() throws Exception { - ClassLoader cl = Thread.currentThread().getContextClassLoader(); System.setProperty(KMSConfiguration.KMS_CONFIG_DIR, kmsConfDir); File aclsFile = new File(kmsConfDir, "kms-acls.xml"); if (!aclsFile.exists()) { @@ -202,35 +141,20 @@ public class MiniKMS { writer.close(); } System.setProperty("log4j.configuration", log4jConfFile); - jetty = createJettyServer(keyStore, keyStorePassword, inPort); - - // we need to do a special handling for MiniKMS to work when in a dir and - // when in a JAR in the classpath thanks to Jetty way of handling of webapps - // when they are in the a DIR, WAR or JAR. - URL webXmlUrl = cl.getResource("kms-webapp/WEB-INF/web.xml"); - if (webXmlUrl == null) { - throw new RuntimeException( - "Could not find kms-webapp/ dir in test classpath"); - } - boolean webXmlInJar = webXmlUrl.getPath().contains(".jar!/"); - String webappPath; - if (webXmlInJar) { - File webInf = new File("target/" + UUID.randomUUID().toString() + - "/kms-webapp/WEB-INF"); - webInf.mkdirs(); - new File(webInf, "web.xml").delete(); - copyResource("kms-webapp/WEB-INF/web.xml", new File(webInf, "web.xml")); - webappPath = webInf.getParentFile().getAbsolutePath(); - } else { - webappPath = cl.getResource("kms-webapp").getPath(); - } - WebAppContext context = new WebAppContext(webappPath, "/kms"); - if (webXmlInJar) { - context.setClassLoader(cl); + + final Configuration conf = KMSConfiguration.getKMSConf(); + conf.set(KMSConfiguration.HTTP_HOST_KEY, "localhost"); + conf.setInt(KMSConfiguration.HTTP_PORT_KEY, inPort); + if (keyStore != null) { + conf.setBoolean(KMSConfiguration.SSL_ENABLED_KEY, true); + conf.set(SSLFactory.SSL_SERVER_KEYSTORE_LOCATION, keyStore); + conf.set(SSLFactory.SSL_SERVER_KEYSTORE_PASSWORD, keyStorePassword); + conf.set(SSLFactory.SSL_SERVER_KEYSTORE_TYPE, "jks"); } - jetty.setHandler(context); + + jetty = new KMSWebServer(conf); jetty.start(); - kmsURL = new URL(getJettyURL(jetty), "kms"); + kmsURL = jetty.getKMSUrl(); } public URL getKMSUrl() { --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org For additional commands, e-mail: common-commits-help@hadoop.apache.org