[HADOOP-14141] Store KMS SSL keystore password in catalina.properties - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.9.0
Fix Version/s: 2.9.0
Component/s: kms
Labels:
None

Target Version/s:

2.9.0

Description

~~HADOOP-14083~~ stores SSL ciphers in catalina.properties. We can do the same for SSL keystore password, thus no longer need the current sed method:

# If ssl, the populate the passwords into ssl-server.xml before starting tomcat
if [ ! "${KMS_SSL_KEYSTORE_PASS}" = "" ] || [ ! "${KMS_SSL_TRUSTSTORE_PASS}" = "" ]; then
  # Set a KEYSTORE_PASS if not already set
  KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password}
  KMS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_KEYSTORE_PASS")
  KMS_SSL_TRUSTSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_TRUSTSTORE_PASS")
  cat ${CATALINA_BASE}/conf/ssl-server.xml.conf \
    | sed 's/"_kms_ssl_keystore_pass_"/'"\"${KMS_SSL_KEYSTORE_PASS_ESCAPED}\""'/g' \
    | sed 's/"_kms_ssl_truststore_pass_"/'"\"${KMS_SSL_TRUSTSTORE_PASS_ESCAPED}\""'/g' > ${CATALINA_BASE}/conf/ssl-server.xml
fi

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-14141.branch-2.001.patch
03/Mar/17 02:59
5 kB
John Zhuge

Issue Links

depends upon

HADOOP-14083 KMS should support old SSL clients

Resolved

is depended upon by

HADOOP-14242 Make KMS Tomcat SSL property sslEnabledProtocols and clientAuth configurable

Resolved

Activity

People

Assignee:: John Zhuge

Reporter:: John Zhuge

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 02/Mar/17 22:03

Updated:: 08/May/17 20:58

Resolved:: 20/Apr/17 21:02