hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Zhuge (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HADOOP-14141) Store KMS SSL keystore password in catalina.properties
Date Thu, 20 Apr 2017 21:03:04 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-14141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15977510#comment-15977510
] 

John Zhuge edited comment on HADOOP-14141 at 4/20/17 9:02 PM:
--------------------------------------------------------------

Committed to branch-2.

Thanks [~eddyxu] for the review!


was (Author: jzhuge):
Thanks [~eddyxu] for the review!

> Store KMS SSL keystore password in catalina.properties
> ------------------------------------------------------
>
>                 Key: HADOOP-14141
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14141
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: kms
>    Affects Versions: 2.9.0
>            Reporter: John Zhuge
>            Assignee: John Zhuge
>            Priority: Minor
>             Fix For: 2.9.0
>
>         Attachments: HADOOP-14141.branch-2.001.patch
>
>
> HADOOP-14083 stores SSL ciphers in catalina.properties. We can do the same for SSL keystore
password, thus no longer need the current {{sed}} method:
> {noformat}
> # If ssl, the populate the passwords into ssl-server.xml before starting tomcat
> if [ ! "${KMS_SSL_KEYSTORE_PASS}" = "" ] || [ ! "${KMS_SSL_TRUSTSTORE_PASS}" = "" ];
then
>   # Set a KEYSTORE_PASS if not already set
>   KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password}
>   KMS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_KEYSTORE_PASS")
>   KMS_SSL_TRUSTSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_TRUSTSTORE_PASS")
>   cat ${CATALINA_BASE}/conf/ssl-server.xml.conf \
>     | sed 's/"_kms_ssl_keystore_pass_"/'"\"${KMS_SSL_KEYSTORE_PASS_ESCAPED}\""'/g' \
>     | sed 's/"_kms_ssl_truststore_pass_"/'"\"${KMS_SSL_TRUSTSTORE_PASS_ESCAPED}\""'/g'
> ${CATALINA_BASE}/conf/ssl-server.xml
> fi
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message