You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@livy.apache.org by js...@apache.org on 2017/06/27 06:39:10 UTC

[29/50] [abbrv] incubator-livy git commit: LIVY-329. Fix two SSL issues. (#308)

LIVY-329. Fix two SSL issues. (#308)

- Livy server url is exposed as http URL even https is enabled, so we should handle this.
- Livy server SSL keystore password and key password currently set to same configurations, which should be separated.

Project: http://git-wip-us.apache.org/repos/asf/incubator-livy/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-livy/commit/2ff8f5c6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-livy/tree/2ff8f5c6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-livy/diff/2ff8f5c6

Branch: refs/heads/master
Commit: 2ff8f5c69f8d7ea05f445b8240945afe910c1ab5
Parents: fbccb69
Author: Saisai Shao <sa...@gmail.com>
Authored: Tue Mar 14 03:52:02 2017 +0800
Committer: Alex Man <al...@users.noreply.github.com>
Committed: Mon Mar 13 12:52:02 2017 -0700

----------------------------------------------------------------------
 conf/livy.conf.template                                  |  3 +++
 server/src/main/scala/com/cloudera/livy/LivyConf.scala   |  4 ++++
 .../main/scala/com/cloudera/livy/server/LivyServer.scala |  2 +-
 .../main/scala/com/cloudera/livy/server/WebServer.scala  | 11 +++--------
 4 files changed, 11 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-livy/blob/2ff8f5c6/conf/livy.conf.template
----------------------------------------------------------------------
diff --git a/conf/livy.conf.template b/conf/livy.conf.template
index c23aab2..8c5fe03 100644
--- a/conf/livy.conf.template
+++ b/conf/livy.conf.template
@@ -3,6 +3,9 @@
 
 # Specify the keystore password.
 # livy.keystore.password =
+#
+# Specify the key password.
+# livy.key-password =
 
 # What host address to start the server on. By default, Livy will bind to all network interfaces.
 # livy.server.host = 0.0.0.0

http://git-wip-us.apache.org/repos/asf/incubator-livy/blob/2ff8f5c6/server/src/main/scala/com/cloudera/livy/LivyConf.scala
----------------------------------------------------------------------
diff --git a/server/src/main/scala/com/cloudera/livy/LivyConf.scala b/server/src/main/scala/com/cloudera/livy/LivyConf.scala
index 6562b03..1db1b8f 100644
--- a/server/src/main/scala/com/cloudera/livy/LivyConf.scala
+++ b/server/src/main/scala/com/cloudera/livy/LivyConf.scala
@@ -66,6 +66,10 @@ object LivyConf {
   val ACCESS_CONTROL_ENABLED = Entry("livy.server.access_control.enabled", false)
   val ACCESS_CONTROL_USERS = Entry("livy.server.access_control.users", null)
 
+  val SSL_KEYSTORE = Entry("livy.keystore", null)
+  val SSL_KEYSTORE_PASSWORD = Entry("livy.keystore.password", null)
+  val SSL_KEY_PASSWORD = Entry("livy.key-password", null)
+
   val AUTH_TYPE = Entry("livy.server.auth.type", null)
   val AUTH_KERBEROS_PRINCIPAL = Entry("livy.server.auth.kerberos.principal", null)
   val AUTH_KERBEROS_KEYTAB = Entry("livy.server.auth.kerberos.keytab", null)

http://git-wip-us.apache.org/repos/asf/incubator-livy/blob/2ff8f5c6/server/src/main/scala/com/cloudera/livy/server/LivyServer.scala
----------------------------------------------------------------------
diff --git a/server/src/main/scala/com/cloudera/livy/server/LivyServer.scala b/server/src/main/scala/com/cloudera/livy/server/LivyServer.scala
index a88f013..0499d48 100644
--- a/server/src/main/scala/com/cloudera/livy/server/LivyServer.scala
+++ b/server/src/main/scala/com/cloudera/livy/server/LivyServer.scala
@@ -231,7 +231,7 @@ class LivyServer extends Logging {
       }
     })
 
-    _serverUrl = Some(s"http://${server.host}:${server.port}")
+    _serverUrl = Some(s"${server.protocol}://${server.host}:${server.port}")
     sys.props("livy.server.serverUrl") = _serverUrl.get
   }
 

http://git-wip-us.apache.org/repos/asf/incubator-livy/blob/2ff8f5c6/server/src/main/scala/com/cloudera/livy/server/WebServer.scala
----------------------------------------------------------------------
diff --git a/server/src/main/scala/com/cloudera/livy/server/WebServer.scala b/server/src/main/scala/com/cloudera/livy/server/WebServer.scala
index a07b05f..8f21180 100644
--- a/server/src/main/scala/com/cloudera/livy/server/WebServer.scala
+++ b/server/src/main/scala/com/cloudera/livy/server/WebServer.scala
@@ -28,18 +28,13 @@ import org.eclipse.jetty.util.ssl.SslContextFactory
 
 import com.cloudera.livy.{LivyConf, Logging}
 
-object WebServer {
-  val KeystoreKey = "livy.keystore"
-  val KeystorePasswordKey = "livy.keystore.password"
-}
-
 class WebServer(livyConf: LivyConf, var host: String, var port: Int) extends Logging {
   val server = new Server()
 
   server.setStopTimeout(1000)
   server.setStopAtShutdown(true)
 
-  val (connector, protocol) = Option(livyConf.get(WebServer.KeystoreKey)) match {
+  val (connector, protocol) = Option(livyConf.get(LivyConf.SSL_KEYSTORE)) match {
     case None =>
       (new ServerConnector(server), "http")
 
@@ -49,9 +44,9 @@ class WebServer(livyConf: LivyConf, var host: String, var port: Int) extends Log
 
       val sslContextFactory = new SslContextFactory()
       sslContextFactory.setKeyStorePath(keystore)
-      Option(livyConf.get(WebServer.KeystorePasswordKey))
+      Option(livyConf.get(LivyConf.SSL_KEYSTORE_PASSWORD))
         .foreach(sslContextFactory.setKeyStorePassword)
-      Option(livyConf.get(WebServer.KeystorePasswordKey))
+      Option(livyConf.get(LivyConf.SSL_KEY_PASSWORD))
         .foreach(sslContextFactory.setKeyManagerPassword)
 
       (new ServerConnector(server,