You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@slider.apache.org by bi...@apache.org on 2015/03/10 17:03:47 UTC
incubator-slider git commit: SLIDER-801 use AM cert generation for
accumulo app package and its SSL funtests
Repository: incubator-slider
Updated Branches:
refs/heads/develop bf293b9df -> cdda804a5
SLIDER-801 use AM cert generation for accumulo app package and its SSL funtests
Project: http://git-wip-us.apache.org/repos/asf/incubator-slider/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-slider/commit/cdda804a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-slider/tree/cdda804a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-slider/diff/cdda804a
Branch: refs/heads/develop
Commit: cdda804a5043793e2b8acfdcf359e2a498926d91
Parents: bf293b9
Author: Billie Rinaldi <bi...@gmail.com>
Authored: Tue Feb 24 07:13:11 2015 -0800
Committer: Billie Rinaldi <bi...@gmail.com>
Committed: Tue Mar 10 08:54:29 2015 -0700
----------------------------------------------------------------------
app-packages/accumulo/appConfig-default.json | 1 -
.../accumulo/appConfig-secured-default.json | 1 -
.../accumulo/appConfig-ssl-default.json | 99 +++++++
.../accumulo/configuration/accumulo-env.xml | 2 +-
app-packages/accumulo/configuration/client.xml | 5 -
.../package/scripts/accumulo_configuration.py | 73 ++---
app-packages/accumulo/package/scripts/params.py | 21 +-
.../package/templates/accumulo-env.sh.j2 | 42 ---
app-packages/accumulo/pom.xml | 1 +
app-packages/accumulo/src/assembly/accumulo.xml | 7 +
.../funtest/accumulo/AccumuloBasicIT.groovy | 6 +-
.../accumulo/AccumuloMonitorSSLIT.groovy | 8 +
.../funtest/accumulo/AccumuloReadWriteIT.groovy | 3 +-
.../accumulo/AccumuloReadWriteSSLIT.groovy | 27 +-
.../funtest/accumulo/AccumuloSSLTestBase.groovy | 86 +-----
.../slider/funtest/accumulo/CertUtil.java | 275 -------------------
pom.xml | 2 +-
.../providers/agent/AgentProviderService.java | 6 +-
18 files changed, 176 insertions(+), 489 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/cdda804a/app-packages/accumulo/appConfig-default.json
----------------------------------------------------------------------
diff --git a/app-packages/accumulo/appConfig-default.json b/app-packages/accumulo/appConfig-default.json
index d3f963e..85c6985 100644
--- a/app-packages/accumulo/appConfig-default.json
+++ b/app-packages/accumulo/appConfig-default.json
@@ -28,7 +28,6 @@
"site.proxy.port": "${ACCUMULO_PROXY.ALLOCATED_PORT}{PER_CONTAINER}",
"site.global.accumulo_root_password": "NOT_USED",
- "site.global.ssl_cert_dir": "ssl",
"site.global.monitor_protocol": "http",
"site.accumulo-site.instance.volumes": "${DEFAULT_DATA_DIR}/data",
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/cdda804a/app-packages/accumulo/appConfig-secured-default.json
----------------------------------------------------------------------
diff --git a/app-packages/accumulo/appConfig-secured-default.json b/app-packages/accumulo/appConfig-secured-default.json
index 3332662..6d8abaa 100644
--- a/app-packages/accumulo/appConfig-secured-default.json
+++ b/app-packages/accumulo/appConfig-secured-default.json
@@ -29,7 +29,6 @@
"site.proxy.port": "${ACCUMULO_PROXY.ALLOCATED_PORT}{PER_CONTAINER}",
"site.global.accumulo_root_password": "NOT_USED",
- "site.global.ssl_cert_dir": "ssl",
"site.global.monitor_protocol": "http",
"site.accumulo-site.instance.volumes": "${DEFAULT_DATA_DIR}/data",
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/cdda804a/app-packages/accumulo/appConfig-ssl-default.json
----------------------------------------------------------------------
diff --git a/app-packages/accumulo/appConfig-ssl-default.json b/app-packages/accumulo/appConfig-ssl-default.json
new file mode 100644
index 0000000..9781e5f
--- /dev/null
+++ b/app-packages/accumulo/appConfig-ssl-default.json
@@ -0,0 +1,99 @@
+{
+ "schema": "http://example.org/specification/v2.0.0",
+ "metadata": {
+ },
+ "global": {
+ "application.def": ".slider/package/ACCUMULO/${app.package.name}.zip",
+ "java_home": "${app.java.home}",
+
+ "slider.component.keystore.credential.alias.property": "rpc.javax.net.ssl.keyStorePassword",
+ "slider.component.truststore.credential.alias.property": "rpc.javax.net.ssl.trustStorePassword",
+
+ "site.global.app_root": "${AGENT_WORK_ROOT}/app/install/accumulo-${accumulo.version}",
+ "site.global.app_user": "${app.user}",
+ "site.global.user_group": "${app.user.group}",
+
+ "site.global.metric_collector_host": "${NN_HOST}",
+ "site.global.metric_collector_port": "6188",
+ "site.global.metric_collector_lib": "",
+
+ "site.accumulo-env.java_home": "${JAVA_HOME}",
+ "site.accumulo-env.tserver_heapsize": "256m",
+ "site.accumulo-env.master_heapsize": "128m",
+ "site.accumulo-env.monitor_heapsize": "64m",
+ "site.accumulo-env.gc_heapsize": "64m",
+ "site.accumulo-env.other_heapsize": "128m",
+ "site.accumulo-env.hadoop_prefix": "${hadoop.dir}",
+ "site.accumulo-env.hadoop_conf_dir": "/etc/hadoop/conf",
+ "site.accumulo-env.zookeeper_home": "${zk.dir}",
+
+ "site.client.instance.name": "${USER}-${CLUSTER_NAME}",
+
+ "site.proxy.port": "${ACCUMULO_PROXY.ALLOCATED_PORT}{PER_CONTAINER}",
+
+ "site.global.accumulo_root_password": "NOT_USED",
+ "site.global.monitor_protocol": "http",
+
+ "site.accumulo-site.instance.volumes": "${DEFAULT_DATA_DIR}/data",
+ "site.accumulo-site.instance.zookeeper.host": "${ZK_HOST}",
+ "site.accumulo-site.instance.security.authenticator": "org.apache.slider.accumulo.CustomAuthenticator",
+
+ "site.accumulo-site.general.security.credential.provider.paths": "jceks://hdfs/user/${USER}/accumulo-${CLUSTER_NAME}.jceks",
+ "site.accumulo-site.instance.rpc.ssl.enabled": "true",
+ "site.accumulo-site.instance.rpc.ssl.clientAuth": "true",
+ "site.accumulo-site.general.kerberos.keytab": "${accumulo.keytab}",
+ "site.accumulo-site.general.kerberos.principal": "${accumulo.principal}",
+ "site.accumulo-site.rpc.javax.net.ssl.keyStore": "${AGENT_WORK_ROOT}/secstores/keystore-${COMPONENT_NAME}.p12",
+ "site.accumulo-site.rpc.javax.net.ssl.keyStoreType": "PKCS12",
+ "site.accumulo-site.rpc.javax.net.ssl.trustStore": "${AGENT_WORK_ROOT}/secstores/truststore-${COMPONENT_NAME}.p12",
+ "site.accumulo-site.rpc.javax.net.ssl.trustStoreType": "PKCS12",
+
+ "site.accumulo-site.tserver.memory.maps.native.enabled": "false",
+ "site.accumulo-site.tserver.memory.maps.max": "80M",
+ "site.accumulo-site.tserver.cache.data.size": "7M",
+ "site.accumulo-site.tserver.cache.index.size": "20M",
+ "site.accumulo-site.tserver.sort.buffer.size": "50M",
+ "site.accumulo-site.tserver.walog.max.size": "40M",
+
+ "site.accumulo-site.trace.user": "root",
+
+ "site.accumulo-site.master.port.client": "0",
+ "site.accumulo-site.trace.port.client": "0",
+ "site.accumulo-site.tserver.port.client": "0",
+ "site.accumulo-site.gc.port.client": "0",
+ "site.accumulo-site.monitor.port.client": "${ACCUMULO_MONITOR.ALLOCATED_PORT}",
+ "site.accumulo-site.monitor.port.log4j": "0",
+ "site.accumulo-site.master.replication.coordinator.port": "0",
+ "site.accumulo-site.replication.receipt.service.port": "0",
+
+ "site.accumulo-site.general.classpaths": "$ACCUMULO_HOME/lib/accumulo-server.jar,\n$ACCUMULO_HOME/lib/accumulo-core.jar,\n$ACCUMULO_HOME/lib/accumulo-start.jar,\n$ACCUMULO_HOME/lib/accumulo-fate.jar,\n$ACCUMULO_HOME/lib/accumulo-proxy.jar,\n$ACCUMULO_HOME/lib/[^.].*.jar,\n$ZOOKEEPER_HOME/zookeeper[^.].*.jar,\n$HADOOP_CONF_DIR,\n${@//site/accumulo-env/hadoop_conf_dir},\n$HADOOP_PREFIX/[^.].*.jar,\n$HADOOP_PREFIX/lib/[^.].*.jar,\n$HADOOP_PREFIX/share/hadoop/common/.*.jar,\n$HADOOP_PREFIX/share/hadoop/common/lib/.*.jar,\n$HADOOP_PREFIX/share/hadoop/hdfs/.*.jar,\n$HADOOP_PREFIX/share/hadoop/mapreduce/.*.jar,\n$HADOOP_PREFIX/share/hadoop/yarn/.*.jar,\n${hadoop.dir}/.*.jar,\n${hadoop.dir}/lib/.*.jar,\n${hdfs.dir}/.*.jar,\n${mapred.dir}/.*.jar,\n${yarn.dir}/.*.jar,"
+ },
+ "credentials": {
+ "jceks://hdfs/user/${USER}/accumulo-${CLUSTER_NAME}.jceks": ["root.initial.password", "instance.secret", "trace.token.property.password", "rpc.javax.net.ssl.keyStorePassword", "rpc.javax.net.ssl.trustStorePassword"]
+ },
+ "components": {
+ "slider-appmaster": {
+ "jvm.heapsize": "256M",
+ "slider.am.keytab.local.path": "${accumulo.headless.keytab}",
+ "slider.keytab.principal.name": "${accumulo.headless.principal}"
+ },
+ "ACCUMULO_MASTER": {
+ "slider.component.security.stores.required": "true"
+ },
+ "ACCUMULO_TSERVER": {
+ "slider.component.security.stores.required": "true"
+ },
+ "ACCUMULO_MONITOR": {
+ "slider.component.security.stores.required": "true"
+ },
+ "ACCUMULO_GC": {
+ "slider.component.security.stores.required": "true"
+ },
+ "ACCUMULO_TRACER": {
+ "slider.component.security.stores.required": "true"
+ },
+ "ACCUMULO_PROXY": {
+ "slider.component.security.stores.required": "true"
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/cdda804a/app-packages/accumulo/configuration/accumulo-env.xml
----------------------------------------------------------------------
diff --git a/app-packages/accumulo/configuration/accumulo-env.xml b/app-packages/accumulo/configuration/accumulo-env.xml
index 65b6804..b993a5c 100644
--- a/app-packages/accumulo/configuration/accumulo-env.xml
+++ b/app-packages/accumulo/configuration/accumulo-env.xml
@@ -75,7 +75,7 @@ export HADOOP_PREFIX=${@//site/accumulo-env/hadoop_prefix}
export HADOOP_CONF_DIR=${@//site/accumulo-env/hadoop_conf_dir}
export JAVA_HOME=${@//site/accumulo-env/java_home}
export ZOOKEEPER_HOME=${@//site/accumulo-env/zookeeper_home}
-export ACCUMULO_LOG_DIR=$ACCUMULO_HOME/logs
+export ACCUMULO_LOG_DIR=${@//site/global/app_log_dir}
export ACCUMULO_TSERVER_OPTS="-Xmx${@//site/accumulo-env/tserver_heapsize} -Xms${@//site/accumulo-env/tserver_heapsize}"
export ACCUMULO_MASTER_OPTS="-Xmx${@//site/accumulo-env/master_heapsize} -Xms${@//site/accumulo-env/master_heapsize}"
export ACCUMULO_MONITOR_OPTS="-Xmx${@//site/accumulo-env/monitor_heapsize} -Xms${@//site/accumulo-env/monitor_heapsize}"
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/cdda804a/app-packages/accumulo/configuration/client.xml
----------------------------------------------------------------------
diff --git a/app-packages/accumulo/configuration/client.xml b/app-packages/accumulo/configuration/client.xml
index 481b7d1..313f6b6 100644
--- a/app-packages/accumulo/configuration/client.xml
+++ b/app-packages/accumulo/configuration/client.xml
@@ -41,9 +41,4 @@
<value>${@//site/accumulo-site/instance.rpc.ssl.clientAuth}</value>
<description>SSL client auth enabled.</description>
</property>
- <property>
- <name>general.security.credential.provider.paths</name>
- <value>${@//site/accumulo-site/general.security.credential.provider.paths}</value>
- <description>Client credential provider containing cert passwords.</description>
- </property>
</configuration>
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/cdda804a/app-packages/accumulo/package/scripts/accumulo_configuration.py
----------------------------------------------------------------------
diff --git a/app-packages/accumulo/package/scripts/accumulo_configuration.py b/app-packages/accumulo/package/scripts/accumulo_configuration.py
index c55994c..3a0e2ed 100644
--- a/app-packages/accumulo/package/scripts/accumulo_configuration.py
+++ b/app-packages/accumulo/package/scripts/accumulo_configuration.py
@@ -30,43 +30,6 @@ def setup_conf_dir(name=None): # 'master' or 'tserver' or 'monitor' or 'gc' or '
recursive = True
)
- ssl_params = False
- if params.ssl_enabled or (params.monitor_security_enabled and
- name == 'monitor'):
- import os
-
- ssl_params = True
- if os.path.exists(params.keystore_path) or os.path.exists(params.truststore_path):
- if os.path.exists(params.keystore_path) and os.path.exists(params.truststore_path):
- # assume keystores were already set up properly
- pass
- else:
- self.fail_with_error("something went wrong when certs were created")
-
- Directory( format("{params.conf_dir}/ssl"),
- owner = params.accumulo_user,
- group = params.user_group,
- recursive = True
- )
- if not os.path.exists(params.truststore_path):
- Execute( format("{hadoop_prefix}/bin/hadoop fs -get {params.ssl_cert_dir}/truststore.jks "
- "{params.truststore_path}"),
- user=params.accumulo_user)
- File( params.truststore_path,
- mode=0600,
- group=params.user_group,
- owner=params.accumulo_user,
- replace=False)
- if not os.path.exists(params.keystore_path):
- Execute( format("{hadoop_prefix}/bin/hadoop fs -get {params.ssl_cert_dir}/{params.hostname}.jks "
- "{params.keystore_path}"),
- user=params.accumulo_user)
- File( params.keystore_path,
- mode=0600,
- group=params.user_group,
- owner=params.accumulo_user,
- replace=False)
-
jarname = "SliderAccumuloUtils.jar"
File(format("{params.accumulo_root}/lib/{jarname}"),
mode=0644,
@@ -90,22 +53,10 @@ def setup_conf_dir(name=None): # 'master' or 'tserver' or 'monitor' or 'gc' or '
recursive = True
)
- configs = {}
- if ssl_params:
- configs.update(params.config['configurations']['accumulo-site'])
- if (params.monitor_security_enabled and name == 'monitor'):
- configs[params.monitor_keystore_property] = params.keystore_path
- configs[params.monitor_truststore_property] = params.truststore_path
- if params.ssl_enabled:
- configs[params.ssl_keystore_file_property] = params.keystore_path
- configs[params.ssl_truststore_file_property] = params.truststore_path
- else:
- configs = params.config['configurations']['accumulo-site']
-
# create a site file for server processes
XmlConfig( "accumulo-site.xml",
conf_dir = params.conf_dir,
- configurations = configs,
+ configurations = params.config['configurations']['accumulo-site'],
owner = params.accumulo_user,
group = params.user_group,
mode=0600
@@ -124,11 +75,23 @@ def setup_conf_dir(name=None): # 'master' or 'tserver' or 'monitor' or 'gc' or '
)
# create env file
- accumulo_TemplateConfig( 'accumulo-env.sh')
+ File(format("{params.conf_dir}/accumulo-env.sh"),
+ mode=0644,
+ group=params.user_group,
+ owner=params.accumulo_user,
+ content=InlineTemplate(params.env_sh_template)
+ )
# create client.conf file
+ configs = {}
+ configs.update(params.config['configurations']['client'])
+ update_site_config(configs, 'general.security.credential.provider.paths')
+ update_site_config(configs, 'rpc.javax.net.ssl.trustStore')
+ update_site_config(configs, 'rpc.javax.net.ssl.trustStoreType')
+ update_site_config(configs, 'rpc.javax.net.ssl.keyStore')
+ update_site_config(configs, 'rpc.javax.net.ssl.keyStoreType')
PropertiesFile(format("{params.conf_dir}/client.conf"),
- properties = params.config['configurations']['client'],
+ properties = configs,
owner = params.accumulo_user,
group = params.user_group
)
@@ -175,6 +138,12 @@ def setup_conf_dir(name=None): # 'master' or 'tserver' or 'monitor' or 'gc' or '
group = params.user_group
)
+# update configs
+def update_site_config(configs, name):
+ import params
+ if name in params.config['configurations']['accumulo-site']:
+ configs[name] = params.config['configurations']['accumulo-site'][name]
+
# create file 'name' from template
def accumulo_TemplateConfig(name,
tag=None
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/cdda804a/app-packages/accumulo/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/app-packages/accumulo/package/scripts/params.py b/app-packages/accumulo/package/scripts/params.py
index 3a53cd6..11bcbd9 100644
--- a/app-packages/accumulo/package/scripts/params.py
+++ b/app-packages/accumulo/package/scripts/params.py
@@ -51,29 +51,10 @@ log_dir = config['configurations']['global']['app_log_dir']
daemon_script = format("{accumulo_root}/bin/accumulo")
proxy_conf = format("{conf_dir}/proxy.properties")
-# accumulo monitor certificate properties
-monitor_security_enabled = config['configurations']['global']['monitor_protocol'] == "https"
-monitor_keystore_property = "monitor.ssl.keyStore"
-monitor_truststore_property = "monitor.ssl.trustStore"
-
-# accumulo ssl properties
-ssl_enabled = False
-if 'instance.rpc.ssl.enabled' in config['configurations']['accumulo-site']:
- ssl_enabled = config['configurations']['accumulo-site']['instance.rpc.ssl.enabled']
+# accumulo clientauth
clientauth_enabled = False
if 'instance.rpc.ssl.clientAuth' in config['configurations']['accumulo-site']:
clientauth_enabled = config['configurations']['accumulo-site']['instance.rpc.ssl.clientAuth']
-ssl_cert_dir = config['configurations']['global']['ssl_cert_dir']
-keystore_path = format("{conf_dir}/ssl/keystore.jks")
-truststore_path = format("{conf_dir}/ssl/truststore.jks")
-ssl_keystore_file_property = "rpc.javax.net.ssl.keyStore"
-ssl_truststore_file_property = "rpc.javax.net.ssl.trustStore"
-credential_provider = config['configurations']['accumulo-site']["general.security.credential.provider.paths"]
-#credential_provider = credential_provider.replace("${HOST}", hostname) # if enabled, must propagate to configuration
-if ssl_keystore_file_property in config['configurations']['accumulo-site']:
- keystore_path = config['configurations']['accumulo-site'][ssl_keystore_file_property]
-if ssl_truststore_file_property in config['configurations']['accumulo-site']:
- truststore_path = config['configurations']['accumulo-site'][ssl_truststore_file_property]
# accumulo initialization parameters
accumulo_instance_name = config['configurations']['client']['instance.name']
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/cdda804a/app-packages/accumulo/package/templates/accumulo-env.sh.j2
----------------------------------------------------------------------
diff --git a/app-packages/accumulo/package/templates/accumulo-env.sh.j2 b/app-packages/accumulo/package/templates/accumulo-env.sh.j2
deleted file mode 100755
index 9e365af..0000000
--- a/app-packages/accumulo/package/templates/accumulo-env.sh.j2
+++ /dev/null
@@ -1,42 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-###
-### Configure these environment variables to point to your local installations.
-###
-### The functional tests require conditional values, so keep this style:
-###
-### test -z "$JAVA_HOME" && export JAVA_HOME=/usr/local/lib/jdk-1.6.0
-###
-###
-### Note that the -Xmx -Xms settings below require substantial free memory:
-### you may want to use smaller values, especially when running everything
-### on a single machine.
-###
-
-export HADOOP_PREFIX={{hadoop_prefix}}
-export HADOOP_CONF_DIR={{hadoop_conf_dir}}
-export JAVA_HOME={{java64_home}}
-export ZOOKEEPER_HOME={{zookeeper_home}}
-export ACCUMULO_LOG_DIR={{log_dir}}
-export ACCUMULO_CONF_DIR={{conf_dir}}
-export ACCUMULO_TSERVER_OPTS="-Xmx{{tserver_heapsize}} -Xms{{tserver_heapsize}}"
-export ACCUMULO_MASTER_OPTS="-Xmx{{master_heapsize}} -Xms{{master_heapsize}}"
-export ACCUMULO_MONITOR_OPTS="-Xmx{{monitor_heapsize}} -Xms{{monitor_heapsize}}"
-export ACCUMULO_GC_OPTS="-Xmx{{gc_heapsize}} -Xms{{gc_heapsize}}"
-export ACCUMULO_GENERAL_OPTS="-XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -Djava.net.preferIPv4Stack=true"
-export ACCUMULO_OTHER_OPTS="-Xmx{{other_heapsize}} -Xms{{other_heapsize}}"
-# what do when the JVM runs out of heap memory
-export ACCUMULO_KILL_CMD='kill -9 %p'
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/cdda804a/app-packages/accumulo/pom.xml
----------------------------------------------------------------------
diff --git a/app-packages/accumulo/pom.xml b/app-packages/accumulo/pom.xml
index 678ace5..a04a2b0 100644
--- a/app-packages/accumulo/pom.xml
+++ b/app-packages/accumulo/pom.xml
@@ -242,6 +242,7 @@
<targetPath>${test.app.resources.dir}</targetPath>
<includes>
<include>appConfig-default.json</include>
+ <include>appConfig-ssl-default.json</include>
</includes>
</resource>
</resources>
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/cdda804a/app-packages/accumulo/src/assembly/accumulo.xml
----------------------------------------------------------------------
diff --git a/app-packages/accumulo/src/assembly/accumulo.xml b/app-packages/accumulo/src/assembly/accumulo.xml
index d63fb28..14993a0 100644
--- a/app-packages/accumulo/src/assembly/accumulo.xml
+++ b/app-packages/accumulo/src/assembly/accumulo.xml
@@ -42,6 +42,12 @@
<fileMode>0755</fileMode>
</file>
<file>
+ <source>appConfig-ssl-default.json</source>
+ <outputDirectory>/</outputDirectory>
+ <filtered>true</filtered>
+ <fileMode>0755</fileMode>
+ </file>
+ <file>
<source>clientInstallConfig-default.json</source>
<outputDirectory>/</outputDirectory>
<filtered>true</filtered>
@@ -78,6 +84,7 @@
<exclude>target/**</exclude>
<exclude>appConfig-default.json</exclude>
<exclude>appConfig-secured-default.json</exclude>
+ <exclude>appConfig-ssl-default.json</exclude>
<exclude>clientInstallConfig-default.json</exclude>
<exclude>metainfo.xml</exclude>
</excludes>
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/cdda804a/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloBasicIT.groovy
----------------------------------------------------------------------
diff --git a/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloBasicIT.groovy b/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloBasicIT.groovy
index 4f6d6da..2d137be 100644
--- a/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloBasicIT.groovy
+++ b/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloBasicIT.groovy
@@ -53,11 +53,15 @@ class AccumuloBasicIT extends AccumuloAgentCommandTestBase {
return sysprop("test.app.resources.dir") + "/resources.json"
}
+ protected String getDefaultTemplate() {
+ return sysprop("test.app.resources.dir") + "/appConfig-default.json"
+ }
+
protected String getAppTemplate() {
String appTemplateFile = templateName()
Configuration conf = new Configuration()
FileSystem fs = FileSystem.getLocal(conf)
- InputStream stream = new FileInputStream(sysprop("test.app.resources.dir") + "/appConfig-default.json")
+ InputStream stream = new FileInputStream(getDefaultTemplate())
assert stream!=null, "Couldn't pull appConfig.json from app pkg"
ConfTreeSerDeser c = new ConfTreeSerDeser()
ConfTree t = c.fromStream(stream)
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/cdda804a/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloMonitorSSLIT.groovy
----------------------------------------------------------------------
diff --git a/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloMonitorSSLIT.groovy b/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloMonitorSSLIT.groovy
index 12f89e0..73cfda7 100644
--- a/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloMonitorSSLIT.groovy
+++ b/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloMonitorSSLIT.groovy
@@ -30,6 +30,14 @@ class AccumuloMonitorSSLIT extends AccumuloSSLTestBase {
protected ConfTree modifyTemplate(ConfTree confTree) {
confTree.global.put("site.global.monitor_protocol", "https")
+ confTree.global.put("site.accumulo-site.monitor.ssl.keyStore",
+ confTree.global.get("site.accumulo-site.rpc.javax.net.ssl.keyStore"))
+ confTree.global.put("site.accumulo-site.monitor.ssl.keyStoreType",
+ confTree.global.get("site.accumulo-site.rpc.javax.net.ssl.keyStoreType"))
+ confTree.global.put("site.accumulo-site.monitor.ssl.trustStore",
+ confTree.global.get("site.accumulo-site.rpc.javax.net.ssl.trustStore"))
+ confTree.global.put("site.accumulo-site.monitor.ssl.trustStoreType",
+ confTree.global.get("site.accumulo-site.rpc.javax.net.ssl.trustStoreType"))
String jks = confTree.global.get(PROVIDER_PROPERTY)
def keys = confTree.credentials.get(jks)
keys.add("monitor.ssl.keyStorePassword")
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/cdda804a/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloReadWriteIT.groovy
----------------------------------------------------------------------
diff --git a/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloReadWriteIT.groovy b/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloReadWriteIT.groovy
index b4118d2..0b9fd9a 100644
--- a/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloReadWriteIT.groovy
+++ b/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloReadWriteIT.groovy
@@ -28,7 +28,6 @@ import org.apache.accumulo.test.VerifyIngest
import org.apache.hadoop.registry.client.api.RegistryConstants
import org.apache.slider.api.ClusterDescription
import org.apache.slider.client.SliderClient
-import org.apache.slider.common.SliderXmlConfKeys
import org.apache.slider.funtest.framework.FuntestProperties
import java.util.concurrent.atomic.AtomicBoolean
@@ -71,6 +70,7 @@ class AccumuloReadWriteIT extends AccumuloBasicIT {
public static void ingest(Connector connector, int rows, int cols, int width, int offset) throws Exception {
TestIngest.Opts opts = new TestIngest.Opts();
+ opts.setPrincipal(USER);
opts.rows = rows;
opts.cols = cols;
opts.dataSize = width;
@@ -83,6 +83,7 @@ class AccumuloReadWriteIT extends AccumuloBasicIT {
public static void verify(Connector connector, int rows, int cols, int width, int offset) throws Exception {
ScannerOpts scannerOpts = new ScannerOpts();
VerifyIngest.Opts opts = new VerifyIngest.Opts();
+ opts.setPrincipal(USER);
opts.rows = rows;
opts.cols = cols;
opts.dataSize = width;
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/cdda804a/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloReadWriteSSLIT.groovy
----------------------------------------------------------------------
diff --git a/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloReadWriteSSLIT.groovy b/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloReadWriteSSLIT.groovy
index 0464cec..b67cd5c 100644
--- a/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloReadWriteSSLIT.groovy
+++ b/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloReadWriteSSLIT.groovy
@@ -24,7 +24,6 @@ import org.apache.accumulo.core.client.security.tokens.PasswordToken
import org.apache.hadoop.registry.client.api.RegistryConstants
import org.apache.slider.api.ClusterDescription
import org.apache.slider.client.SliderClient
-import org.apache.slider.common.SliderXmlConfKeys
import org.apache.slider.funtest.framework.FuntestProperties
import static org.apache.slider.funtest.accumulo.AccumuloReadWriteIT.ingest
@@ -32,6 +31,10 @@ import static org.apache.slider.funtest.accumulo.AccumuloReadWriteIT.interleaveT
import static org.apache.slider.funtest.accumulo.AccumuloReadWriteIT.verify
class AccumuloReadWriteSSLIT extends AccumuloSSLTestBase {
+ protected static final File trustStoreFile = new File(TEST_APP_PKG_DIR, "truststore.p12")
+ protected static final File clientKeyStoreFile = new File(TEST_APP_PKG_DIR, "keystore.p12")
+ public static final String STORE_TYPE = "PKCS12"
+
@Override
public String getClusterName() {
return "test_read_write_ssl";
@@ -50,13 +53,31 @@ class AccumuloReadWriteSSLIT extends AccumuloSSLTestBase {
.withInstance(tree.global.get("site.client.instance.name"))
.withZkHosts(zookeepers)
.withSsl(true)
- .withKeystore(clientKeyStoreFile.toString(), KEY_PASS, null)
- .withTruststore(trustStoreFile.toString(), TRUST_PASS, null)
+ .withKeystore(clientKeyStoreFile.toString(), KEY_PASS, STORE_TYPE)
+ .withTruststore(trustStoreFile.toString(), TRUST_PASS, STORE_TYPE)
return new ZooKeeperInstance(conf)
}
@Override
public void clusterLoadOperations(ClusterDescription cd, SliderClient sliderClient) {
+ slider(EXIT_SUCCESS,
+ [
+ ACTION_CLIENT,
+ ARG_GETCERTSTORE,
+ ARG_KEYSTORE, clientKeyStoreFile.getCanonicalPath(),
+ ARG_NAME, getClusterName(),
+ ARG_PASSWORD, KEY_PASS
+ ])
+
+ slider(EXIT_SUCCESS,
+ [
+ ACTION_CLIENT,
+ ARG_GETCERTSTORE,
+ ARG_TRUSTSTORE, trustStoreFile.getCanonicalPath(),
+ ARG_NAME, getClusterName(),
+ ARG_PASSWORD, TRUST_PASS
+ ])
+
try {
ZooKeeperInstance instance = getInstance()
Connector connector = instance.getConnector(USER, new PasswordToken(PASSWORD))
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/cdda804a/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloSSLTestBase.groovy
----------------------------------------------------------------------
diff --git a/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloSSLTestBase.groovy b/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloSSLTestBase.groovy
index cea28b1..240aad1 100644
--- a/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloSSLTestBase.groovy
+++ b/app-packages/accumulo/src/test/groovy/org/apache/slider/funtest/accumulo/AccumuloSSLTestBase.groovy
@@ -17,14 +17,6 @@
*/
package org.apache.slider.funtest.accumulo
-import groovy.json.JsonSlurper
-import org.apache.accumulo.core.conf.Property
-import org.apache.hadoop.conf.Configuration
-import org.apache.hadoop.fs.Path
-import org.apache.hadoop.yarn.conf.YarnConfiguration
-import org.apache.slider.core.conf.ConfTree
-import org.apache.slider.funtest.framework.AgentUploads
-import org.junit.Before
import org.junit.BeforeClass
import javax.net.ssl.KeyManager
@@ -36,21 +28,13 @@ import java.security.cert.CertificateException
import java.security.cert.X509Certificate
class AccumuloSSLTestBase extends AccumuloBasicIT {
- protected static final File trustStoreFile = new File(TEST_APP_PKG_DIR, "truststore.jks")
- protected static final File clientKeyStoreFile = new File(TEST_APP_PKG_DIR, "keystore.jks")
protected String templateName() {
return sysprop("test.app.resources.dir") + "/appConfig_ssl.json"
}
- protected ConfTree modifyTemplate(ConfTree confTree) {
- confTree.global.put("site.accumulo-site.instance.rpc.ssl.enabled", "true")
- confTree.global.put("site.accumulo-site.instance.rpc.ssl.clientAuth", "true")
- String jks = confTree.global.get(PROVIDER_PROPERTY)
- def keys = confTree.credentials.get(jks)
- keys.add("rpc.javax.net.ssl.keyStorePassword")
- keys.add("rpc.javax.net.ssl.trustStorePassword")
- return confTree
+ protected String getDefaultTemplate() {
+ return sysprop("test.app.resources.dir") + "/appConfig-ssl-default.json"
}
@Override
@@ -72,72 +56,6 @@ class AccumuloSSLTestBase extends AccumuloBasicIT {
SSLContext.setDefault(ctx);
}
- @Before
- public void createCerts() {
- Path certDir = new Path(clusterFS.homeDirectory,
- tree.global.get("site.global.ssl_cert_dir"))
- if (clusterFS.exists(certDir)) {
- clusterFS.delete(certDir, true)
- }
- clusterFS.mkdirs(certDir)
-
- Configuration conf = loadSliderConf()
- String provider = tree.global.get(PROVIDER_PROPERTY)
- provider = provider.replace("hdfs/user",
- conf.get("fs.defaultFS").replace("://", "@") + "/user")
- File rootKeyStoreFile = new File(TEST_APP_PKG_DIR, "root.jks")
-
- if (!rootKeyStoreFile.exists() && !trustStoreFile.exists()) {
- CertUtil.createRootKeyPair(rootKeyStoreFile.toString(),
- Property.INSTANCE_SECRET.toString(), trustStoreFile.toString(),
- Property.RPC_SSL_TRUSTSTORE_PASSWORD.toString(), provider);
- }
-
- AgentUploads agentUploads = new AgentUploads(SLIDER_CONFIG)
- agentUploads.uploader.copyIfOutOfDate(trustStoreFile, new Path(certDir,
- "truststore.jks"), false)
-
- for (node in getNodeList(conf)) {
- File keyStoreFile = new File(TEST_APP_PKG_DIR, node + ".jks")
- if (!keyStoreFile.exists()) {
- CertUtil.createServerKeyPair(keyStoreFile.toString(),
- Property.RPC_SSL_KEYSTORE_PASSWORD.toString(),
- rootKeyStoreFile.toString(), Property.INSTANCE_SECRET.toString(),
- provider, node);
- }
- agentUploads.uploader.copyIfOutOfDate(keyStoreFile, new Path(certDir,
- node + ".jks"), false)
- }
-
- if (!clientKeyStoreFile.exists()) {
- CertUtil.createServerKeyPair(clientKeyStoreFile.toString(),
- Property.RPC_SSL_KEYSTORE_PASSWORD.toString(),
- rootKeyStoreFile.toString(), Property.INSTANCE_SECRET.toString(),
- provider, InetAddress.getLocalHost().getHostName());
- }
- }
-
- def getNodeList(Configuration conf) {
- String address
- if (YarnConfiguration.useHttps(conf)) {
- address = "https://" + conf.get(YarnConfiguration.RM_WEBAPP_HTTPS_ADDRESS,
- YarnConfiguration.DEFAULT_RM_WEBAPP_HTTPS_ADDRESS);
- } else {
- address = "http://" + conf.get(YarnConfiguration.RM_WEBAPP_ADDRESS,
- YarnConfiguration.DEFAULT_RM_WEBAPP_ADDRESS);
- }
- address = address.replace("0.0.0.0", conf.get(YarnConfiguration.RM_ADDRESS)
- .split(":")[0])
- address = address + "/ws/v1/cluster/nodes"
- def slurper = new JsonSlurper()
- def result = slurper.parse(new URL(address))
- def hosts = []
- for (host in result.nodes.node) {
- hosts.add(host.nodeHostName)
- }
- return hosts.unique()
- }
-
private static class DefaultTrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {}
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/cdda804a/app-packages/accumulo/src/test/java/org/apache/slider/funtest/accumulo/CertUtil.java
----------------------------------------------------------------------
diff --git a/app-packages/accumulo/src/test/java/org/apache/slider/funtest/accumulo/CertUtil.java b/app-packages/accumulo/src/test/java/org/apache/slider/funtest/accumulo/CertUtil.java
deleted file mode 100644
index 8bac58f..0000000
--- a/app-packages/accumulo/src/test/java/org/apache/slider/funtest/accumulo/CertUtil.java
+++ /dev/null
@@ -1,275 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.slider.funtest.accumulo;
-
-
-import org.apache.slider.accumulo.ProviderUtil;
-import sun.security.x509.AlgorithmId;
-import sun.security.x509.CertificateAlgorithmId;
-import sun.security.x509.CertificateIssuerName;
-import sun.security.x509.CertificateSerialNumber;
-import sun.security.x509.CertificateSubjectName;
-import sun.security.x509.CertificateValidity;
-import sun.security.x509.CertificateVersion;
-import sun.security.x509.CertificateX509Key;
-import sun.security.x509.X500Name;
-import sun.security.x509.X509CertImpl;
-import sun.security.x509.X509CertInfo;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.InvalidKeyException;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.SignatureException;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-import java.util.Enumeration;
-
-public class CertUtil {
-
- public static void createRootKeyPair(String keyStoreFile,
- String keyStorePasswordProperty, String trustStoreFile,
- String trustStorePasswordProperty, String credentialProvider)
- throws Exception {
- char[] keyStorePassword = ProviderUtil.getPassword(credentialProvider,
- keyStorePasswordProperty);
- char[] trustStorePassword = ProviderUtil.getPassword(credentialProvider,
- trustStorePasswordProperty);
-
- createSelfSignedCert(keyStoreFile, "root", keyStorePassword);
- createPublicCert(trustStoreFile, "root", keyStoreFile, keyStorePassword,
- trustStorePassword);
- }
-
- public static void createServerKeyPair(String keyStoreFile,
- String keyStorePasswordProperty, String rootKeyStoreFile,
- String rootKeyStorePasswordProperty, String credentialProvider,
- String hostname)
- throws Exception {
- char[] keyStorePassword = ProviderUtil.getPassword(credentialProvider,
- keyStorePasswordProperty);
- char[] rootKeyStorePassword = ProviderUtil.getPassword(credentialProvider,
- rootKeyStorePasswordProperty);
-
- createSignedCert(keyStoreFile, "server", hostname, keyStorePassword,
- rootKeyStoreFile, rootKeyStorePassword);
- }
-
-
- private static final String keystoreType = "JKS";
- private static final int keysize = 2048;
- private static final String encryptionAlgorithm = "RSA";
- private static final String signingAlgorithm = "SHA256WITHRSA";
- private static final String issuerDirString = ",O=Apache Slider";
-
- public static void createPublicCert(String targetKeystoreFile, String keyName,
- String rootKeystorePath, char[] rootKeystorePassword,
- char[] truststorePassword) throws KeyStoreException,
- IOException, CertificateException, NoSuchAlgorithmException {
- KeyStore signerKeystore = KeyStore.getInstance(keystoreType);
- char[] signerPasswordArray = rootKeystorePassword;
- FileInputStream rootKeystoreInputStream = null;
- try{
- rootKeystoreInputStream = new FileInputStream(rootKeystorePath);
- signerKeystore.load(rootKeystoreInputStream, signerPasswordArray);
- } finally {
- if(rootKeystoreInputStream != null) {
- rootKeystoreInputStream.close();
- }
- }
- Certificate rootCert = findCert(signerKeystore);
-
- KeyStore keystore = KeyStore.getInstance(keystoreType);
- keystore.load(null, null);
- keystore.setCertificateEntry(keyName + "Cert", rootCert);
- FileOutputStream targetKeystoreOutputStream = null;
- try{
- targetKeystoreOutputStream = new FileOutputStream(targetKeystoreFile);
- keystore.store(targetKeystoreOutputStream, truststorePassword);
- } finally {
- if(targetKeystoreOutputStream != null) {
- targetKeystoreOutputStream.close();
- }
- }
- }
-
- public static void createSignedCert(String targetKeystoreFile,
- String keyName, String hostname, char[] keystorePassword,
- String signerKeystorePath, char[] signerKeystorePassword)
- throws Exception {
- KeyStore signerKeystore = KeyStore.getInstance(keystoreType);
- char[] signerPasswordArray = signerKeystorePassword;
- FileInputStream signerKeystoreInputStream = null;
- try{
- signerKeystoreInputStream = new FileInputStream(signerKeystorePath);
- signerKeystore.load(signerKeystoreInputStream, signerPasswordArray);
- } finally {
- if (signerKeystoreInputStream != null) {
- signerKeystoreInputStream.close();
- }
- }
- Certificate signerCert = findCert(signerKeystore);
- PrivateKey signerKey = findPrivateKey(signerKeystore, signerPasswordArray);
-
- KeyPair kp = generateKeyPair();
- Certificate cert = generateCert(hostname, kp, false,
- signerCert.getPublicKey(), signerKey);
-
- char[] password = keystorePassword;
- KeyStore keystore = KeyStore.getInstance(keystoreType);
- keystore.load(null, null);
- keystore.setCertificateEntry(keyName + "Cert", cert);
- keystore.setKeyEntry(keyName + "Key", kp.getPrivate(), password, new Certificate[] {cert, signerCert});
- FileOutputStream targetKeystoreOutputStream = null;
- try{
- targetKeystoreOutputStream = new FileOutputStream(targetKeystoreFile);
- keystore.store(targetKeystoreOutputStream, password);
- } finally {
- if (targetKeystoreOutputStream != null){
- targetKeystoreOutputStream.close();
- }
- }
- }
-
- public static void createSelfSignedCert(String targetKeystoreFileName,
- String keyName, char[] keystorePassword)
- throws IOException, NoSuchAlgorithmException, CertificateException,
- NoSuchProviderException, InvalidKeyException, SignatureException,
- KeyStoreException {
- File targetKeystoreFile = new File(targetKeystoreFileName);
- if (targetKeystoreFile.exists()) {
- throw new IOException("File exists: "+targetKeystoreFile);
- }
-
- KeyPair kp = generateKeyPair();
-
- Certificate cert = generateCert(null, kp, true,
- kp.getPublic(), kp.getPrivate());
-
- char[] password = keystorePassword;
- KeyStore keystore = KeyStore.getInstance(keystoreType);
- keystore.load(null, null);
- keystore.setCertificateEntry(keyName + "Cert", cert);
- keystore.setKeyEntry(keyName + "Key", kp.getPrivate(), password, new Certificate[] {cert});
- FileOutputStream targetKeystoreOutputStream = null;
- try{
- targetKeystoreOutputStream = new FileOutputStream(targetKeystoreFile);
- keystore.store(targetKeystoreOutputStream, password);
- } finally {
- if (targetKeystoreOutputStream != null) {
- targetKeystoreOutputStream.close();
- }
- }
- }
-
- private static KeyPair generateKeyPair() throws NoSuchAlgorithmException {
- KeyPairGenerator gen = KeyPairGenerator.getInstance(encryptionAlgorithm);
- gen.initialize(keysize);
- return gen.generateKeyPair();
- }
-
- private static X509Certificate generateCert(
- String hostname, KeyPair kp, boolean isCertAuthority,
- PublicKey signerPublicKey, PrivateKey signerPrivateKey)
- throws IOException, CertificateException, NoSuchProviderException,
- NoSuchAlgorithmException, InvalidKeyException, SignatureException {
- X500Name issuer = new X500Name("CN=root" + issuerDirString);
- X500Name subject;
- if (hostname == null) {
- subject = issuer;
- } else {
- subject = new X500Name("CN=" + hostname + issuerDirString);
- }
-
- X509CertInfo info = new X509CertInfo();
- Date from = new Date();
- Date to = new Date(from.getTime() + 365 * 86400000l);
- CertificateValidity interval = new CertificateValidity(from, to);
- BigInteger sn = new BigInteger(64, new SecureRandom());
-
- info.set(X509CertInfo.VALIDITY, interval);
- info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
- info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(subject));
- info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuer));
- info.set(X509CertInfo.KEY, new CertificateX509Key(kp.getPublic()));
- info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
- AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
- info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
-
- // Sign the cert to identify the algorithm that's used.
- X509CertImpl cert = new X509CertImpl(info);
- cert.sign(signerPrivateKey, signingAlgorithm);
-
- // Update the algorithm, and resign.
- algo = (AlgorithmId)cert.get(X509CertImpl.SIG_ALG);
- info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, algo);
- cert = new X509CertImpl(info);
- cert.sign(signerPrivateKey, signingAlgorithm);
- return cert;
- }
-
- private static Certificate findCert(KeyStore keyStore) throws KeyStoreException {
- Enumeration<String> aliases = keyStore.aliases();
- Certificate cert = null;
- while (aliases.hasMoreElements()) {
- String alias = aliases.nextElement();
- if (keyStore.isCertificateEntry(alias)) {
- // assume only one cert
- cert = keyStore.getCertificate(alias);
- break;
- }
- }
- if (cert == null) {
- throw new KeyStoreException("Could not find cert in keystore");
- }
- return cert;
- }
-
- private static PrivateKey findPrivateKey(KeyStore keyStore, char[] keystorePassword)
- throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
- Enumeration<String> aliases = keyStore.aliases();
- PrivateKey key = null;
- while (aliases.hasMoreElements()) {
- String alias = aliases.nextElement();
- if (keyStore.isKeyEntry(alias)) {
- // assume only one key
- key = (PrivateKey) keyStore.getKey(alias, keystorePassword);
- break;
- }
- }
- if (key == null) {
- throw new KeyStoreException("Could not find private key in keystore");
- }
- return key;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/cdda804a/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 0d58b2b..16bdd72 100644
--- a/pom.xml
+++ b/pom.xml
@@ -135,7 +135,7 @@
<hadoop.version>2.6.0</hadoop.version>
<hbase.version>0.99.0</hbase.version>
- <accumulo.version>1.6.1</accumulo.version>
+ <accumulo.version>1.7.0-SNAPSHOT</accumulo.version>
<!--
artifact versions
-->
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/cdda804a/slider-core/src/main/java/org/apache/slider/providers/agent/AgentProviderService.java
----------------------------------------------------------------------
diff --git a/slider-core/src/main/java/org/apache/slider/providers/agent/AgentProviderService.java b/slider-core/src/main/java/org/apache/slider/providers/agent/AgentProviderService.java
index 1eeb8e5..bdf168e 100644
--- a/slider-core/src/main/java/org/apache/slider/providers/agent/AgentProviderService.java
+++ b/slider-core/src/main/java/org/apache/slider/providers/agent/AgentProviderService.java
@@ -1858,7 +1858,7 @@ public class AgentProviderService extends AbstractProviderService implements
Map<String, Map<String, String>> configurations =
new TreeMap<String, Map<String, String>>();
- Map<String, String> tokens = getStandardTokenMap(appConf);
+ Map<String, String> tokens = getStandardTokenMap(appConf, componentName);
Set<String> configs = new HashSet<String>();
configs.addAll(getApplicationConfigurationTypes());
@@ -1900,7 +1900,8 @@ public class AgentProviderService extends AbstractProviderService implements
}
}
- private Map<String, String> getStandardTokenMap(ConfTreeOperations appConf) throws SliderException {
+ private Map<String, String> getStandardTokenMap(ConfTreeOperations appConf,
+ String componentName) throws SliderException {
Map<String, String> tokens = new HashMap<String, String>();
String nnuri = appConf.get("site.fs.defaultFS");
tokens.put("${NN_URI}", nnuri);
@@ -1912,6 +1913,7 @@ public class AgentProviderService extends AbstractProviderService implements
.getGlobalOptions()
.getMandatoryOption(InternalKeys.INTERNAL_DATA_DIR_PATH));
tokens.put("${JAVA_HOME}", appConf.get(AgentKeys.JAVA_HOME));
+ tokens.put("${COMPONENT_NAME}", componentName);
return tokens;
}