Description
HADOOP-14083 stores SSL ciphers in catalina.properties. We can do the same for SSL keystore password, thus no longer need the current sed method:
# If ssl, the populate the passwords into ssl-server.xml before starting tomcat if [ ! "${KMS_SSL_KEYSTORE_PASS}" = "" ] || [ ! "${KMS_SSL_TRUSTSTORE_PASS}" = "" ]; then # Set a KEYSTORE_PASS if not already set KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password} KMS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_KEYSTORE_PASS") KMS_SSL_TRUSTSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_TRUSTSTORE_PASS") cat ${CATALINA_BASE}/conf/ssl-server.xml.conf \ | sed 's/"_kms_ssl_keystore_pass_"/'"\"${KMS_SSL_KEYSTORE_PASS_ESCAPED}\""'/g' \ | sed 's/"_kms_ssl_truststore_pass_"/'"\"${KMS_SSL_TRUSTSTORE_PASS_ESCAPED}\""'/g' > ${CATALINA_BASE}/conf/ssl-server.xml fi
Attachments
Attachments
Issue Links
- depends upon
-
HADOOP-14083 KMS should support old SSL clients
- Resolved
- is depended upon by
-
HADOOP-14242 Make KMS Tomcat SSL property sslEnabledProtocols and clientAuth configurable
- Resolved