Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-14141

Store KMS SSL keystore password in catalina.properties

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.9.0
    • Fix Version/s: 2.9.0
    • Component/s: kms
    • Labels:
      None
    • Target Version/s:

      Description

      HADOOP-14083 stores SSL ciphers in catalina.properties. We can do the same for SSL keystore password, thus no longer need the current sed method:

      # If ssl, the populate the passwords into ssl-server.xml before starting tomcat
      if [ ! "${KMS_SSL_KEYSTORE_PASS}" = "" ] || [ ! "${KMS_SSL_TRUSTSTORE_PASS}" = "" ]; then
        # Set a KEYSTORE_PASS if not already set
        KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password}
        KMS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_KEYSTORE_PASS")
        KMS_SSL_TRUSTSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_TRUSTSTORE_PASS")
        cat ${CATALINA_BASE}/conf/ssl-server.xml.conf \
          | sed 's/"_kms_ssl_keystore_pass_"/'"\"${KMS_SSL_KEYSTORE_PASS_ESCAPED}\""'/g' \
          | sed 's/"_kms_ssl_truststore_pass_"/'"\"${KMS_SSL_TRUSTSTORE_PASS_ESCAPED}\""'/g' > ${CATALINA_BASE}/conf/ssl-server.xml
      fi
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jzhuge John Zhuge
                Reporter:
                jzhuge John Zhuge
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: