You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@slider.apache.org by st...@apache.org on 2014/11/02 15:25:31 UTC
[19/50] git commit: SLIDER-263 AM no longer persists keystore password
SLIDER-263 AM no longer persists keystore password
Project: http://git-wip-us.apache.org/repos/asf/incubator-slider/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-slider/commit/1a071e31
Tree: http://git-wip-us.apache.org/repos/asf/incubator-slider/tree/1a071e31
Diff: http://git-wip-us.apache.org/repos/asf/incubator-slider/diff/1a071e31
Branch: refs/heads/feature/SLIDER-531-registry-enhancements
Commit: 1a071e31dd2f2c4486bcbdfe2f02065efe636545
Parents: d03bf28
Author: Jon Maron <jm...@hortonworks.com>
Authored: Thu Oct 30 21:13:37 2014 -0400
Committer: Jon Maron <jm...@hortonworks.com>
Committed: Thu Oct 30 21:13:37 2014 -0400
----------------------------------------------------------------------
.../org/apache/slider/common/SliderKeys.java | 1 -
.../server/appmaster/SliderAppMaster.java | 11 +++---
.../services/security/CertificateManager.java | 4 +--
.../server/services/security/SecurityUtils.java | 35 ++++++++++++--------
.../agent/TestAgentAMManagementWS.groovy | 16 ++++++---
.../web/rest/agent/TestAMAgentWebServices.java | 6 ++--
6 files changed, 42 insertions(+), 31 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/1a071e31/slider-core/src/main/java/org/apache/slider/common/SliderKeys.java
----------------------------------------------------------------------
diff --git a/slider-core/src/main/java/org/apache/slider/common/SliderKeys.java b/slider-core/src/main/java/org/apache/slider/common/SliderKeys.java
index 89cc263..f11d200 100644
--- a/slider-core/src/main/java/org/apache/slider/common/SliderKeys.java
+++ b/slider-core/src/main/java/org/apache/slider/common/SliderKeys.java
@@ -174,7 +174,6 @@ public interface SliderKeys extends SliderXmlConfKeys {
String KEY_FILE_NAME = "ca.key";
String KEYSTORE_FILE_NAME = "keystore.p12";
String CRT_PASS_FILE_NAME = "pass.txt";
- String PASSPHRASE = "DEV";
String PASS_LEN = "50";
/**
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/1a071e31/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java
----------------------------------------------------------------------
diff --git a/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java b/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java
index efa1b09..39a2572 100644
--- a/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java
+++ b/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java
@@ -687,14 +687,13 @@ public class SliderAppMaster extends AbstractSliderLaunchedService
// Start up the WebApp and track the URL for it
certificateManager = new CertificateManager();
- certificateManager.initialize(
- instanceDefinition.getAppConfOperations()
- .getComponent(SliderKeys.COMPONENT_AM));
+ MapOperations component = instanceDefinition.getAppConfOperations()
+ .getComponent(SliderKeys.COMPONENT_AM);
+ certificateManager.initialize(component);
certificateManager.setPassphrase(instanceDefinition.getPassphrase());
- if (instanceDefinition.
- getAppConfOperations().getComponent(SliderKeys.COMPONENT_AM).
- getOptionBool(AgentKeys.KEY_AGENT_TWO_WAY_SSL_ENABLED, false)) {
+ if (component.getOptionBool(
+ AgentKeys.KEY_AGENT_TWO_WAY_SSL_ENABLED, false)) {
uploadServerCertForLocalization(clustername, fs);
}
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/1a071e31/slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java
----------------------------------------------------------------------
diff --git a/slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java b/slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java
index 3771962..257f8f9 100644
--- a/slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java
+++ b/slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java
@@ -61,8 +61,8 @@ public class CertificateManager {
private String passphrase;
/**
- * Verify that root certificate exists, generate it otherwise.
- */
+ * Verify that root certificate exists, generate it otherwise.
+ */
public void initialize(MapOperations compOperations) {
SecurityUtils.initializeSecurityParameters(compOperations);
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/1a071e31/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java b/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java
index c7ad8dd..527d4e6 100644
--- a/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java
+++ b/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java
@@ -140,6 +140,11 @@ public class SecurityUtils {
}
public static void initializeSecurityParameters(MapOperations configMap) {
+ initializeSecurityParameters(configMap, false);
+ }
+
+ public static void initializeSecurityParameters(MapOperations configMap,
+ boolean persistPassword) {
String keyStoreLocation = configMap.getOption(
SliderXmlConfKeys.KEY_KEYSTORE_LOCATION, getDefaultKeystoreLocation());
File secDirFile = new File(keyStoreLocation).getParentFile();
@@ -167,26 +172,28 @@ public class SecurityUtils {
}
// need to create the password
}
- keystorePass = getKeystorePassword(secDirFile);
+ keystorePass = getKeystorePassword(secDirFile, persistPassword);
securityDir = secDirFile.getAbsolutePath();
}
- private static String getKeystorePassword(File secDirFile) {
+ private static String getKeystorePassword(File secDirFile,
+ boolean persistPassword) {
File passFile = new File(secDirFile, SliderKeys.CRT_PASS_FILE_NAME);
String password = null;
-
if (!passFile.exists()) {
- LOG.info("Generation of file with password");
- try {
- password = RandomStringUtils.randomAlphanumeric(
- Integer.valueOf(SliderKeys.PASS_LEN));
- FileUtils.writeStringToFile(passFile, password);
- passFile.setWritable(true);
- passFile.setReadable(true);
- } catch (IOException e) {
- e.printStackTrace();
- throw new RuntimeException(
- "Error creating certificate password file");
+ LOG.info("Generating keystore password");
+ password = RandomStringUtils.randomAlphanumeric(
+ Integer.valueOf(SliderKeys.PASS_LEN));
+ if (persistPassword) {
+ try {
+ FileUtils.writeStringToFile(passFile, password);
+ passFile.setWritable(true);
+ passFile.setReadable(true);
+ } catch (IOException e) {
+ e.printStackTrace();
+ throw new RuntimeException(
+ "Error creating certificate password file");
+ }
}
} else {
LOG.info("Reading password from existing file");
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/1a071e31/slider-core/src/test/groovy/org/apache/slider/providers/agent/TestAgentAMManagementWS.groovy
----------------------------------------------------------------------
diff --git a/slider-core/src/test/groovy/org/apache/slider/providers/agent/TestAgentAMManagementWS.groovy b/slider-core/src/test/groovy/org/apache/slider/providers/agent/TestAgentAMManagementWS.groovy
index a6c351d..7434c4e 100644
--- a/slider-core/src/test/groovy/org/apache/slider/providers/agent/TestAgentAMManagementWS.groovy
+++ b/slider-core/src/test/groovy/org/apache/slider/providers/agent/TestAgentAMManagementWS.groovy
@@ -23,6 +23,7 @@ import com.sun.jersey.api.client.WebResource
import groovy.transform.CompileStatic
import groovy.util.logging.Slf4j
import org.apache.hadoop.fs.Path
+import org.apache.hadoop.yarn.conf.YarnConfiguration
import org.apache.hadoop.yarn.exceptions.YarnException
import org.apache.slider.api.StatusKeys
import org.apache.slider.client.SliderClient
@@ -57,6 +58,7 @@ import static org.apache.slider.providers.agent.AgentTestUtils.createTestClient
@CompileStatic
@Slf4j
class TestAgentAMManagementWS extends AgentTestBase {
+ private static String password;
public static final String AGENT_URI = "ws/v1/slider/agents/";
final static Logger logger = LoggerFactory.getLogger(TestAgentAMManagementWS.class)
@@ -91,11 +93,11 @@ class TestAgentAMManagementWS extends AgentTestBase {
super.setup()
MapOperations compOperations = new MapOperations();
compOperations.put(SliderXmlConfKeys.KEY_KEYSTORE_LOCATION, "/tmp/work/security/keystore.p12");
- SecurityUtils.initializeSecurityParameters(compOperations);
+ SecurityUtils.initializeSecurityParameters(compOperations, true);
CertificateManager certificateManager = new CertificateManager();
certificateManager.initialize(compOperations);
String keystoreFile = SecurityUtils.getSecurityDir() + File.separator + SliderKeys.KEYSTORE_FILE_NAME;
- String password = SecurityUtils.getKeystorePass();
+ password = SecurityUtils.getKeystorePass();
System.setProperty("javax.net.ssl.trustStore", keystoreFile);
System.setProperty("javax.net.ssl.trustStorePassword", password);
System.setProperty("javax.net.ssl.trustStoreType", "PKCS12");
@@ -184,9 +186,11 @@ class TestAgentAMManagementWS extends AgentTestBase {
InstanceBuilder builder)
throws IOException, SliderException, LockAcquireFailedException {
AggregateConf conf = builder.getInstanceDescription()
- conf.getAppConfOperations().getComponent("slider-appmaster").put(
+ MapOperations component = conf.getAppConfOperations().getComponent("slider-appmaster")
+ component.put(
"ssl.server.keystore.location",
"/tmp/work/security/keystore.p12")
+ component.put("ssl.server.keystore.password", password)
super.persistInstanceDefinition(overwrite, appconfdir, builder)
}
@@ -196,10 +200,12 @@ class TestAgentAMManagementWS extends AgentTestBase {
AggregateConf instanceDefinition,
boolean debugAM)
throws YarnException, IOException {
- instanceDefinition.getAppConfOperations().getComponent("slider-appmaster").put(
+ MapOperations component = instanceDefinition.getAppConfOperations().getComponent("slider-appmaster")
+ component.put(
"ssl.server.keystore.location",
"/tmp/work/security/keystore.p12")
- return super.launchApplication(clustername, clusterDirectory, instanceDefinition, debugAM)
+ component.put("ssl.server.keystore.password", password)
+ return super.launchApplication(clustername, clusterDirectory, instanceDefinition, debugAM)
}
}
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/1a071e31/slider-core/src/test/java/org/apache/slider/server/appmaster/web/rest/agent/TestAMAgentWebServices.java
----------------------------------------------------------------------
diff --git a/slider-core/src/test/java/org/apache/slider/server/appmaster/web/rest/agent/TestAMAgentWebServices.java b/slider-core/src/test/java/org/apache/slider/server/appmaster/web/rest/agent/TestAMAgentWebServices.java
index daa47fa..faec5d8 100644
--- a/slider-core/src/test/java/org/apache/slider/server/appmaster/web/rest/agent/TestAMAgentWebServices.java
+++ b/slider-core/src/test/java/org/apache/slider/server/appmaster/web/rest/agent/TestAMAgentWebServices.java
@@ -80,10 +80,10 @@ public class TestAMAgentWebServices {
}
});
- SecurityUtils.initializeSecurityParameters(new MapOperations());
- MapOperations compOperations = new MapOperations();
+ MapOperations configMap = new MapOperations();
+ SecurityUtils.initializeSecurityParameters(configMap, true);
CertificateManager certificateManager = new CertificateManager();
- certificateManager.initialize(compOperations);
+ certificateManager.initialize(configMap);
String keystoreFile = SecurityUtils.getSecurityDir() + File.separator + SliderKeys.KEYSTORE_FILE_NAME;
String password = SecurityUtils.getKeystorePass();
System.setProperty("javax.net.ssl.trustStore", keystoreFile);