You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "John Zhuge (JIRA)" <ji...@apache.org> on 2017/04/20 21:03:04 UTC
[jira] [Updated] (HADOOP-14141) Store KMS SSL keystore password in
catalina.properties
[ https://issues.apache.org/jira/browse/HADOOP-14141?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
John Zhuge updated HADOOP-14141:
--------------------------------
Resolution: Fixed
Fix Version/s: 2.9.0
Status: Resolved (was: Patch Available)
Thanks [~eddyxu] for the review!
> Store KMS SSL keystore password in catalina.properties
> ------------------------------------------------------
>
> Key: HADOOP-14141
> URL: https://issues.apache.org/jira/browse/HADOOP-14141
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Affects Versions: 2.9.0
> Reporter: John Zhuge
> Assignee: John Zhuge
> Priority: Minor
> Fix For: 2.9.0
>
> Attachments: HADOOP-14141.branch-2.001.patch
>
>
> HADOOP-14083 stores SSL ciphers in catalina.properties. We can do the same for SSL keystore password, thus no longer need the current {{sed}} method:
> {noformat}
> # If ssl, the populate the passwords into ssl-server.xml before starting tomcat
> if [ ! "${KMS_SSL_KEYSTORE_PASS}" = "" ] || [ ! "${KMS_SSL_TRUSTSTORE_PASS}" = "" ]; then
> # Set a KEYSTORE_PASS if not already set
> KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password}
> KMS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_KEYSTORE_PASS")
> KMS_SSL_TRUSTSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_TRUSTSTORE_PASS")
> cat ${CATALINA_BASE}/conf/ssl-server.xml.conf \
> | sed 's/"_kms_ssl_keystore_pass_"/'"\"${KMS_SSL_KEYSTORE_PASS_ESCAPED}\""'/g' \
> | sed 's/"_kms_ssl_truststore_pass_"/'"\"${KMS_SSL_TRUSTSTORE_PASS_ESCAPED}\""'/g' > ${CATALINA_BASE}/conf/ssl-server.xml
> fi
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org