hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Zhuge (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-14141) Store KMS SSL keystore password in catalina.properties
Date Fri, 03 Mar 2017 02:59:45 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-14141?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

John Zhuge updated HADOOP-14141:
--------------------------------
    Attachment: HADOOP-14141.branch-2.001.patch

Patch branch-2.001
* Store SSL keystore password and truststore password in catalina.properties
* Remove old code related to {{sed}} method
* Rename ssl-server.xml.conf to ssl-server.xml

Testing done
- Run https://github.com/jzhuge/hadoop-bats-tests/blob/master/kms.bats in insecure and SSL
single node setup
- Test keystore password with special characters, e.g., {{<a:bc=def?>}}


> Store KMS SSL keystore password in catalina.properties
> ------------------------------------------------------
>
>                 Key: HADOOP-14141
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14141
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: kms
>    Affects Versions: 2.9.0
>            Reporter: John Zhuge
>            Assignee: John Zhuge
>            Priority: Minor
>         Attachments: HADOOP-14141.branch-2.001.patch
>
>
> HADOOP-14083 stores SSL ciphers in catalina.properties. We can do the same for SSL keystore
password, thus no longer need the current {{sed}} method:
> {noformat}
> # If ssl, the populate the passwords into ssl-server.xml before starting tomcat
> if [ ! "${KMS_SSL_KEYSTORE_PASS}" = "" ] || [ ! "${KMS_SSL_TRUSTSTORE_PASS}" = "" ];
then
>   # Set a KEYSTORE_PASS if not already set
>   KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password}
>   KMS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_KEYSTORE_PASS")
>   KMS_SSL_TRUSTSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_TRUSTSTORE_PASS")
>   cat ${CATALINA_BASE}/conf/ssl-server.xml.conf \
>     | sed 's/"_kms_ssl_keystore_pass_"/'"\"${KMS_SSL_KEYSTORE_PASS_ESCAPED}\""'/g' \
>     | sed 's/"_kms_ssl_truststore_pass_"/'"\"${KMS_SSL_TRUSTSTORE_PASS_ESCAPED}\""'/g'
> ${CATALINA_BASE}/conf/ssl-server.xml
> fi
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message