You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by bp...@apache.org on 2022/03/03 10:30:30 UTC
[ranger] branch master updated: RANGER-3595: refactor the file layout of kms.tar
This is an automated email from the ASF dual-hosted git repository.
bpatel pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new de710f6 RANGER-3595: refactor the file layout of kms.tar
de710f6 is described below
commit de710f6620c323e6127c30f735fd348dffe61365
Author: ZhouTianling <zh...@sensorsdata.cn>
AuthorDate: Sat Jan 22 01:49:11 2022 +0800
RANGER-3595: refactor the file layout of kms.tar
---
distro/src/main/assembly/kms.xml | 85 ++++++++++------------
kms/pom.xml | 15 ----
kms/scripts/DBMK2HSM.sh | 2 +-
kms/scripts/DBMKTOAZUREKEYVAULT.sh | 2 +-
kms/scripts/DBMKTOKEYSECURE.sh | 2 +-
kms/scripts/HSMMK2DB.sh | 2 +-
kms/scripts/KEYSECUREMKTOKMSDB.sh | 2 +-
kms/scripts/VerifyIsDBMasterkeyCorrect.sh | 2 +-
kms/scripts/exportKeysToJCEKS.sh | 2 +-
kms/scripts/importJCEKSKeys.sh | 2 +-
kms/scripts/ranger-kms | 6 +-
kms/scripts/setup.sh | 14 ----
.../hadoop/crypto/key/kms/server/KMSWebApp.java | 24 +++++-
kms/src/main/resources/WEB-INF/web.xml | 78 --------------------
kms/src/main/resources/log4j-kmsaudit.properties | 28 -------
.../{resources => webapp}/META-INF/context.xml | 0
16 files changed, 74 insertions(+), 192 deletions(-)
diff --git a/distro/src/main/assembly/kms.xml b/distro/src/main/assembly/kms.xml
index f760507..0387dc6 100755
--- a/distro/src/main/assembly/kms.xml
+++ b/distro/src/main/assembly/kms.xml
@@ -30,37 +30,30 @@
<include>org.apache.ranger:ranger-kms</include>
</includes>
<binaries>
- <outputDirectory>ews/webapp/lib</outputDirectory>
+ <outputDirectory>ews/webapp/WEB-INF/classes</outputDirectory>
<includeDependencies>true</includeDependencies>
- <unpack>false</unpack>
- <includes>
+ <unpack>true</unpack>
+ <dependencySets>
+ <dependencySet>
+ <outputDirectory>ews/webapp/WEB-INF/lib/</outputDirectory>
+ <unpack>false</unpack>
+ <includes>
<include>org.apache.hadoop:hadoop-common:jar:${hadoop.version}</include>
<include>org.apache.hadoop:hadoop-auth:jar:${hadoop.version}</include>
<include>org.eclipse.persistence:eclipselink</include>
<include>org.eclipse.jetty:jetty-client:jar:${jetty-client.version}</include>
<include>org.eclipse.persistence:javax.persistence</include>
<include>com.googlecode.log4jdbc:log4jdbc</include>
- <include>org.slf4j:slf4j-api</include>
- <include>org.slf4j:log4j-over-slf4j:jar:${slf4j.version}</include>
- <include>ch.qos.logback:logback-classic:jar:${logback.version}</include>
- <include>ch.qos.logback:logback-core:jar:${logback.version}</include>
<include>com.codahale.metrics:metrics-core</include>
<include>org.slf4j:jul-to-slf4j</include>
- <include>commons-logging:commons-logging</include>
- <include>com.google.guava:guava</include>
- <include>com.sun.jersey:jersey-core</include>
- <include>com.sun.jersey:jersey-server</include>
<include>javax.servlet:servlet-api</include>
<include>org.mortbay.jetty:jetty</include>
<include>org.mortbay.jetty:jetty-util</include>
- <include>commons-collections:commons-collections</include>
- <include>commons-lang:commons-lang</include>
<include>org.apache.zookeeper:zookeeper:jar:${zookeeper.version}</include>
<include>org.apache.curator:curator-framework</include>
<include>org.apache.curator:curator-client</include>
<include>org.apache.curator:curator-test</include>
<include>asm:asm-all</include>
- <include>com.sun.jersey:jersey-bundle</include>
<include>org.apache.httpcomponents:httpclient</include>
<include>javax.activation:activation</include>
<include>org.apache.directory.server:apacheds-i18n</include>
@@ -72,24 +65,15 @@
<include>commons-beanutils:commons-beanutils</include>
<include>commons-cli:commons-cli</include>
<include>commons-codec:commons-codec:jar:${commons.codec.version}</include>
- <include>org.apache.commons:commons-compress:jar:${commons.compress.version}</include>
- <include>org.apache.commons:commons-configuration2</include>
<include>commons-digester:commons-digester</include>
<include>commons-io:commons-io</include>
<include>org.apache.commons:commons-math3</include>
<include>commons-net:commons-net:jar:${commons.net.version}</include>
<include>org.apache.curator:curator-recipes</include>
- <include>com.google.code.gson:gson</include>
<include>org.apache.hadoop:hadoop-annotations</include>
- <include>org.apache.htrace:htrace-core4</include>
<include>org.apache.httpcomponents:httpcore</include>
- <include>org.codehaus.jackson:jackson-core-asl</include>
- <include>org.codehaus.jackson:jackson-jaxrs</include>
- <include>org.codehaus.jackson:jackson-mapper-asl</include>
- <include>org.codehaus.jackson:jackson-xc</include>
<include>javax.xml.bind:jaxb-api</include>
<include>com.sun.xml.bind:jaxb-impl</include>
- <include>com.sun.jersey:jersey-json</include>
<include>org.codehaus.jettison:jettison</include>
<include>jline:jline</include>
<include>com.jcraft:jsch</include>
@@ -102,11 +86,7 @@
<include>org.apache.httpcomponents:httpmime:jar:${httpcomponents.httpmime.version}</include>
<include>org.apache.httpcomponents:httpclient:jar:${kms.httpcomponents.httpclient.version}</include>
<include>org.noggit:noggit:jar:${noggit.version}</include>
- <include>com.google.protobuf:protobuf-java:jar:${gcp.protobuf-java.version}</include>
<include>org.apache.hadoop:hadoop-hdfs:jar:${hadoop.version}</include>
- <include>org.apache.htrace:htrace-core4:jar:${htrace-core.version}</include>
- <include>org.codehaus.woodstox:stax2-api</include>
- <include>com.fasterxml.woodstox:woodstox-core</include>
<include>com.fasterxml.jackson.core:jackson-core</include>
<include>com.fasterxml.jackson.core:jackson-annotations</include>
<include>com.fasterxml.jackson.core:jackson-databind</include>
@@ -131,7 +111,6 @@
<include>javax.mail:javax.mail-api</include>
<include>com.sun.mail:javax.mail</include>
<include>com.nimbusds:nimbus-jose-jwt</include>
- <include>org.apache.commons:commons-lang3</include>
<include>com.microsoft.azure:azure-keyvault-webkey</include>
<include>org.bouncycastle:bcprov-jdk15on</include>
<include>org.bouncycastle:bcpkix-jdk15on</include>
@@ -199,19 +178,9 @@
<include>com.tencentcloudapi:tencentcloud-sdk-java</include>
<include>com.squareup.okhttp:logging-interceptor</include>
<include>com.squareup.okhttp:okhttp</include>
- </includes>
- </binaries>
- </moduleSet>
-
- <moduleSet>
- <useAllReactorProjects>true</useAllReactorProjects>
- <includes>
- <include>org.apache.ranger:ranger-kms</include>
- </includes>
- <binaries>
- <outputDirectory>ews/webapp</outputDirectory>
- <includeDependencies>false</includeDependencies>
- <unpack>true</unpack>
+ </includes>
+ </dependencySet>
+ </dependencySets>
</binaries>
</moduleSet>
@@ -221,7 +190,7 @@
<include>org.apache.ranger:embeddedwebserver</include>
</includes>
<binaries>
- <outputDirectory>ews/webapp/WEB-INF/classes/lib</outputDirectory>
+ <outputDirectory>ews/lib</outputDirectory>
<includeDependencies>true</includeDependencies>
<unpack>false</unpack>
<directoryMode>755</directoryMode>
@@ -232,6 +201,8 @@
<include>org.eclipse.jdt.core.compiler:ecj:jar:P20140317-1600</include>
<include>com.google.protobuf:protobuf-java:jar:${gcp.protobuf-java.version}</include>
<include>org.apache.hadoop:hadoop-hdfs:jar:${hadoop.version}</include>
+ <include>org.apache.hadoop:hadoop-common:jar:${hadoop.version}</include>
+ <include>org.apache.hadoop:hadoop-auth:jar:${hadoop.version}</include>
<include>org.apache.htrace:htrace-core4:jar:${htrace-core.version}</include>
<include>org.apache.solr:solr-solrj:jar:${solr.version}</include>
<include>org.apache.ranger:ranger-plugins-common</include>
@@ -241,6 +212,23 @@
<include>org.apache.ranger:credentialbuilder</include>
<include>org.apache.commons:commons-compress:jar:${commons.compress.version}</include>
<include>org.apache.commons:commons-lang3</include>
+ <include>org.apache.commons:commons-configuration2</include>
+ <include>commons-lang:commons-lang</include>
+ <include>commons-collections:commons-collections</include>
+ <include>commons-logging:commons-logging</include>
+ <include>org.slf4j:slf4j-api</include>
+ <include>org.slf4j:log4j-over-slf4j:jar:${slf4j.version}</include>
+ <include>ch.qos.logback:logback-classic:jar:${logback.version}</include>
+ <include>ch.qos.logback:logback-core:jar:${logback.version}</include>
+ <include>com.google.guava:guava</include>
+ <include>com.google.code.gson:gson</include>
+ <include>com.sun.jersey:jersey-bundle</include>
+ <include>org.codehaus.jackson:jackson-core-asl</include>
+ <include>org.codehaus.jackson:jackson-jaxrs</include>
+ <include>org.codehaus.jackson:jackson-mapper-asl</include>
+ <include>org.codehaus.jackson:jackson-xc</include>
+ <include>org.codehaus.woodstox:stax2-api</include>
+ <include>com.fasterxml.woodstox:woodstox-core</include>
</includes>
</binaries>
</moduleSet>
@@ -266,12 +254,13 @@
<moduleSet>
<useAllReactorProjects>true</useAllReactorProjects>
<includes>
+ <include>org.apache.ranger:ranger-util</include>
<include>org.apache.ranger:ranger-kms-plugin-shim</include>
<include>org.apache.ranger:ranger-plugin-classloader</include>
<include>org.apache.ranger:credentialbuilder</include>
</includes>
<binaries>
- <outputDirectory>ews/webapp/WEB-INF/classes/lib</outputDirectory>
+ <outputDirectory>ews/webapp/WEB-INF/lib</outputDirectory>
<includeDependencies>false</includeDependencies>
<unpack>false</unpack>
<directoryMode>755</directoryMode>
@@ -288,14 +277,14 @@
<include>org.apache.ranger:ranger-kms-plugin</include>
</includes>
<binaries>
- <outputDirectory>ews/webapp/WEB-INF/classes/lib/ranger-kms-plugin-impl</outputDirectory>
+ <outputDirectory>ews/webapp/WEB-INF/lib/ranger-kms-plugin-impl</outputDirectory>
<includeDependencies>true</includeDependencies>
<unpack>false</unpack>
<directoryMode>755</directoryMode>
<fileMode>644</fileMode>
<dependencySets>
<dependencySet>
- <outputDirectory>ews/webapp/WEB-INF/classes/lib/ranger-kms-plugin-impl</outputDirectory>
+ <outputDirectory>ews/webapp/WEB-INF/lib/ranger-kms-plugin-impl</outputDirectory>
<unpack>false</unpack>
<includes>
<include>org.apache.commons:commons-configuration2:jar:${commons.configuration.version}</include>
@@ -444,6 +433,12 @@
<fileMode>700</fileMode>
</fileSet>
<fileSet>
+ <outputDirectory>ews/webapp</outputDirectory>
+ <directoryMode>0700</directoryMode>
+ <directory>${project.parent.basedir}/kms/src/main/webapp</directory>
+ <fileMode>0600</fileMode>
+ </fileSet>
+ <fileSet>
<outputDirectory>ews/webapp/WEB-INF/classes/conf.dist</outputDirectory>
<directoryMode>0700</directoryMode>
<directory>${project.parent.basedir}/kms/config/kms-webapp</directory>
diff --git a/kms/pom.xml b/kms/pom.xml
index ade563f..647c130 100644
--- a/kms/pom.xml
+++ b/kms/pom.xml
@@ -28,21 +28,6 @@
</parent>
<dependencies>
<dependency>
- <groupId>org.apache.hadoop</groupId>
- <artifactId>hadoop-kms</artifactId>
- <version>${hadoop.version}</version>
- <exclusions>
- <exclusion>
- <groupId>log4j</groupId>
- <artifactId>*</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.slf4j</groupId>
- <artifactId>*</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
<version>${slf4j.version}</version>
diff --git a/kms/scripts/DBMK2HSM.sh b/kms/scripts/DBMK2HSM.sh
index 001199d..aadda94 100644
--- a/kms/scripts/DBMK2HSM.sh
+++ b/kms/scripts/DBMK2HSM.sh
@@ -20,5 +20,5 @@ else
exit ;
fi
RANGER_KMS_HOME=`dirname $0`
-cp="${RANGER_KMS_HOME}/cred/lib/*:${RANGER_KMS_HOME}/./ews/webapp/WEB-INF/classes/conf/:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/classes/lib/*:${RANGER_KMS_HOME}/ews/webapp/config:${RANGER_KMS_HOME}/ews/lib/*:${RANGER_KMS_HOME}/ews/webapp/lib/*:${RANGER_KMS_HOME}/ews/webapp/META-INF"
+cp="${RANGER_KMS_HOME}/cred/lib/*:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/classes/conf/:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/classes:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/lib/*:${RANGER_KMS_HOME}/ews/lib/*:${RANGER_KMS_HOME}/ews/webapp/META-INF"
java -cp "${cp}" org.apache.hadoop.crypto.key.DB2HSMMKUtil ${1} ${2}
diff --git a/kms/scripts/DBMKTOAZUREKEYVAULT.sh b/kms/scripts/DBMKTOAZUREKEYVAULT.sh
index cfe5a6b..1e5606c 100644
--- a/kms/scripts/DBMKTOAZUREKEYVAULT.sh
+++ b/kms/scripts/DBMKTOAZUREKEYVAULT.sh
@@ -21,5 +21,5 @@ else
fi
RANGER_KMS_HOME=`dirname $0`
-cp="${RANGER_KMS_HOME}/cred/lib/*:${RANGER_KMS_HOME}/./ews/webapp/WEB-INF/classes/conf/:${RANGER_KMS_HOME}/ews/webapp/config:${RANGER_KMS_HOME}/ews/lib/*:${RANGER_KMS_HOME}/ews/webapp/lib/*:${RANGER_KMS_HOME}/ews/webapp/META-INF"
+cp="${RANGER_KMS_HOME}/cred/lib/*:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/classes/conf/:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/classes:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/lib/*:${RANGER_KMS_HOME}/ews/lib/*:${RANGER_KMS_HOME}/ews/webapp/META-INF"
java -cp "${cp}" org.apache.hadoop.crypto.key.DBToAzureKeyVault ${1} ${2} ${3} ${4} ${5} ${6} ${7} ${8} ${9}
diff --git a/kms/scripts/DBMKTOKEYSECURE.sh b/kms/scripts/DBMKTOKEYSECURE.sh
index c0aa6e5..8bc2bc9 100644
--- a/kms/scripts/DBMKTOKEYSECURE.sh
+++ b/kms/scripts/DBMKTOKEYSECURE.sh
@@ -15,5 +15,5 @@
# limitations under the License.
# -------------------------------------------------------------------------------------
RANGER_KMS_HOME=`dirname $0`
-cp="${RANGER_KMS_HOME}/cred/lib/*:${RANGER_KMS_HOME}/./ews/webapp/WEB-INF/classes/conf/:${RANGER_KMS_HOME}/ews/webapp/config:${RANGER_KMS_HOME}/ews/lib/*:${RANGER_KMS_HOME}/ews/webapp/lib/*:${RANGER_KMS_HOME}/ews/webapp/META-INF"
+cp="${RANGER_KMS_HOME}/cred/lib/*:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/classes/conf/:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/classes:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/lib/*:${RANGER_KMS_HOME}/ews/lib/*:${RANGER_KMS_HOME}/ews/webapp/META-INF"
java -cp "${cp}" org.apache.hadoop.crypto.key.DBToKeySecure ${1} ${2} ${3} ${4}
diff --git a/kms/scripts/HSMMK2DB.sh b/kms/scripts/HSMMK2DB.sh
index 6c77f73..b85db3a 100644
--- a/kms/scripts/HSMMK2DB.sh
+++ b/kms/scripts/HSMMK2DB.sh
@@ -20,5 +20,5 @@ else
exit ;
fi
RANGER_KMS_HOME=`dirname $0`
-cp="${RANGER_KMS_HOME}/cred/lib/*:${RANGER_KMS_HOME}/./ews/webapp/WEB-INF/classes/conf/:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/classes/lib/*:${RANGER_KMS_HOME}/ews/webapp/config:${RANGER_KMS_HOME}/ews/lib/*:${RANGER_KMS_HOME}/ews/webapp/lib/*:${RANGER_KMS_HOME}/ews/webapp/META-INF"
+cp="${RANGER_KMS_HOME}/cred/lib/*:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/classes/conf/:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/classes:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/lib/*:${RANGER_KMS_HOME}/ews/lib/*:${RANGER_KMS_HOME}/ews/webapp/META-INF"
java -cp "${cp}" org.apache.hadoop.crypto.key.HSM2DBMKUtil ${1} ${2}
diff --git a/kms/scripts/KEYSECUREMKTOKMSDB.sh b/kms/scripts/KEYSECUREMKTOKMSDB.sh
index 340e05e..ffced85 100644
--- a/kms/scripts/KEYSECUREMKTOKMSDB.sh
+++ b/kms/scripts/KEYSECUREMKTOKMSDB.sh
@@ -15,5 +15,5 @@
# limitations under the License.
# -------------------------------------------------------------------------------------
RANGER_KMS_HOME=`dirname $0`
-cp="${RANGER_KMS_HOME}/cred/lib/*:${RANGER_KMS_HOME}/./ews/webapp/WEB-INF/classes/conf/:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/classes/lib/*:${RANGER_KMS_HOME}/ews/webapp/config:${RANGER_KMS_HOME}/ews/lib/*:${RANGER_KMS_HOME}/ews/webapp/lib/*:${RANGER_KMS_HOME}/ews/webapp/META-INF"
+cp="${RANGER_KMS_HOME}/cred/lib/*:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/classes/conf/:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/classes:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/lib/*:${RANGER_KMS_HOME}/ews/lib/*:${RANGER_KMS_HOME}/ews/webapp/META-INF"
java -cp "${cp}" org.apache.hadoop.crypto.key.KeySecureToRangerDBMKUtil ${1}
diff --git a/kms/scripts/VerifyIsDBMasterkeyCorrect.sh b/kms/scripts/VerifyIsDBMasterkeyCorrect.sh
index 1c9a2e1..084e46d 100755
--- a/kms/scripts/VerifyIsDBMasterkeyCorrect.sh
+++ b/kms/scripts/VerifyIsDBMasterkeyCorrect.sh
@@ -20,7 +20,7 @@ else
exit ;
fi
RANGER_KMS_HOME=`dirname $0`
-cp="${RANGER_KMS_HOME}/cred/lib/*:${RANGER_KMS_HOME}/./ews/webapp/WEB-INF/classes/conf/:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/classes/lib/*:${RANGER_KMS_HOME}/ews/webapp/config:${RANGER_KMS_HOME}/ews/lib/*:${RANGER_KMS_HOME}/ews/webapp/lib/*:${RANGER_KMS_HOME}/ews/webapp/META-INF"
+cp="${RANGER_KMS_HOME}/cred/lib/*:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/classes/conf/:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/classes:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/lib/*:${RANGER_KMS_HOME}/ews/lib/*:${RANGER_KMS_HOME}/ews/webapp/META-INF"
#echo "${cp}"
java -cp "${cp}" org.apache.hadoop.crypto.key.VerifyIsDBMasterkeyCorrect ${1}
diff --git a/kms/scripts/exportKeysToJCEKS.sh b/kms/scripts/exportKeysToJCEKS.sh
index f320578..8fea278 100644
--- a/kms/scripts/exportKeysToJCEKS.sh
+++ b/kms/scripts/exportKeysToJCEKS.sh
@@ -20,5 +20,5 @@ else
exit ;
fi
RANGER_KMS_HOME=`dirname $0`
-cp="${RANGER_KMS_HOME}/cred/lib/*:${RANGER_KMS_HOME}/./ews/webapp/WEB-INF/classes/conf/:${RANGER_KMS_HOME}/ews/webapp/config:${RANGER_KMS_HOME}/ews/lib/*:${RANGER_KMS_HOME}/ews/webapp/lib/*:${RANGER_KMS_HOME}/ews/webapp/META-INF"
+cp="${RANGER_KMS_HOME}/cred/lib/*:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/classes/conf/:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/classes:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/lib/*:${RANGER_KMS_HOME}/ews/lib/*:${RANGER_KMS_HOME}/ews/webapp/META-INF"
java -cp "${cp}" org.apache.hadoop.crypto.key.Ranger2JKSUtil ${1} ${2}
diff --git a/kms/scripts/importJCEKSKeys.sh b/kms/scripts/importJCEKSKeys.sh
index 5d4fe97..5dbc504 100755
--- a/kms/scripts/importJCEKSKeys.sh
+++ b/kms/scripts/importJCEKSKeys.sh
@@ -20,5 +20,5 @@ else
exit ;
fi
RANGER_KMS_HOME=`dirname $0`
-cp="${RANGER_KMS_HOME}/cred/lib/*:${RANGER_KMS_HOME}/./ews/webapp/WEB-INF/classes/conf/:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/classes/lib/*:${RANGER_KMS_HOME}/ews/webapp/config:${RANGER_KMS_HOME}/ews/lib/*:${RANGER_KMS_HOME}/ews/webapp/lib/*:${RANGER_KMS_HOME}/ews/webapp/META-INF"
+cp="${RANGER_KMS_HOME}/cred/lib/*:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/classes/conf/:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/classes:${RANGER_KMS_HOME}/ews/webapp/WEB-INF/lib/*:${RANGER_KMS_HOME}/ews/lib/*:${RANGER_KMS_HOME}/ews/webapp/META-INF"
java -cp "${cp}" org.apache.hadoop.crypto.key.JKS2RangerUtil ${1} ${2}
diff --git a/kms/scripts/ranger-kms b/kms/scripts/ranger-kms
index 429a31e..49c8af7 100755
--- a/kms/scripts/ranger-kms
+++ b/kms/scripts/ranger-kms
@@ -37,7 +37,6 @@ realScriptDir=`dirname $realScriptPath`
RANGER_KMS_DIR=`(cd $realScriptDir; pwd)`
RANGER_KMS_EWS_DIR=${RANGER_KMS_DIR}/ews
RANGER_KMS_EWS_CONF_DIR="${RANGER_KMS_EWS_DIR}/webapp/WEB-INF/classes/conf"
-RANGER_KMS_EWS_LIB_DIR="${RANGER_KMS_EWS_DIR}/webapp/WEB-INF/classes/lib"
ranger_kms_max_heap_size=1g
@@ -113,7 +112,8 @@ fi
KMS_CONF_DIR=${RANGER_KMS_EWS_DIR}/webapp/WEB-INF/classes/conf
SERVER_NAME=rangerkms
-JAVA_OPTS="${JAVA_OPTS} ${DB_SSL_PARAM} -Dmetric.type=${arg3} -Duser=${USER} -Dhostname=${HOSTNAME} -Dservername=${SERVER_NAME} -Dcatalina.base=${RANGER_KMS_EWS_DIR} -Dkms.config.dir=${KMS_CONF_DIR} -Dlogback.configurationFile=file:${KMS_LOG_PROPERTIES_FILE} -Dkms.log.dir=${TOMCAT_LOG_DIR} -cp ${RANGER_KMS_EWS_CONF_DIR}:${RANGER_KMS_EWS_LIB_DIR}/*:${RANGER_KMS_EWS_DIR}/webapp/lib/*:${JAVA_HOME}/lib/*:${RANGER_HADOOP_CONF_DIR}/*:$CLASSPATH "
+cp="-cp ${RANGER_KMS_EWS_CONF_DIR}:${RANGER_KMS_EWS_DIR}/lib/*:${JAVA_HOME}/lib/*:${RANGER_HADOOP_CONF_DIR}/*:$CLASSPATH"
+JAVA_OPTS="${JAVA_OPTS} ${DB_SSL_PARAM} -Dmetric.type=${arg3} -Duser=${USER} -Dhostname=${HOSTNAME} -Dservername=${SERVER_NAME} -Dcatalina.base=${RANGER_KMS_EWS_DIR} -Dkms.config.dir=${KMS_CONF_DIR} -Dlogback.configurationFile=file:${KMS_LOG_PROPERTIES_FILE} -Dkms.log.dir=${TOMCAT_LOG_DIR} $cp"
createRangerKMSPid () {
SLEEP_TIME_AFTER_START=5
nohup java -D${PROC_NAME} ${JAVA_OPTS} ${START_CLASS_NAME} ${KMS_CONFIG_FILENAME} > ${TOMCAT_LOG_FILE} 2>&1 &
@@ -198,7 +198,7 @@ elif [ "${action}" == "METRIC" ]; then
metric;
exit
elif [ "${action}" == "VERSION" ]; then
- ( cd ${RANGER_KMS_LIB_DIR} ; java -cp ranger-util-*.jar org.apache.ranger.common.RangerVersionInfo )
+ ( cd ${RANGER_KMS_EWS_DIR}/webapp/WEB-INF/lib ; java -cp ranger-util-*.jar org.apache.ranger.common.RangerVersionInfo )
exit
else
echo "Invalid argument [$1];"
diff --git a/kms/scripts/setup.sh b/kms/scripts/setup.sh
index 448042e..b5a6e71 100755
--- a/kms/scripts/setup.sh
+++ b/kms/scripts/setup.sh
@@ -451,19 +451,6 @@ copy_db_connector(){
fi
}
-setup_kms(){
- #copying ranger kms provider
- oldP=${PWD}
- cd $PWD/ews/webapp
- log "[I] Adding ranger kms provider as services in hadoop-common jar"
- for f in lib/hadoop-common*.jar
- do
- ${JAVA_HOME}/bin/jar -uf ${f} META-INF/services/org.apache.hadoop.crypto.key.KeyProviderFactory
- chown ${unix_user}:${unix_group} ${f}
- done
- cd ${oldP}
-}
-
checkIfEmpty() {
if [ -z "$1" ]
then
@@ -1295,7 +1282,6 @@ if [ "$?" == "0" ]
then
update_properties
$PYTHON_COMMAND_INVOKER db_setup.py -javapatch
- setup_kms
else
log "[E] DB schema setup failed! Please contact Administrator."
exit 1
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java
index c899bdf..a32444c 100755
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java
@@ -41,6 +41,7 @@ import javax.servlet.ServletContextListener;
import java.io.IOException;
import java.net.URI;
+import java.util.ServiceLoader;
@InterfaceAudience.Private
public class KMSWebApp implements ServletContextListener {
@@ -91,6 +92,27 @@ public class KMSWebApp implements ServletContextListener {
LOG = LoggerFactory.getLogger(KMSWebApp.class);
}
+ /**
+ * @see org.apache.hadoop.crypto.key.KeyProviderFactory
+ *
+ * Code here to ensure KeyProvideFactory subclasses in ews/webapp/ can be loaded.
+ * The hadoop-common.jar in ews/lib can only load subclasses in ews/lib.
+ * This is due to the limitation of ClassLoader mechanism of java/tomcat.
+ */
+ private static KeyProvider createKeyProvider(URI uri, Configuration conf)
+ throws IOException {
+ ServiceLoader<KeyProviderFactory> serviceLoader =
+ ServiceLoader.load(KeyProviderFactory.class);
+ KeyProvider kp = null;
+ for (KeyProviderFactory factory : serviceLoader) {
+ kp = factory.createProvider(uri, conf);
+ if (kp != null) {
+ break;
+ }
+ }
+ return kp;
+ }
+
@Override
public void contextInitialized(ServletContextEvent sce) {
try {
@@ -146,7 +168,7 @@ public class KMSWebApp implements ServletContextListener {
LOG.info("kmsconf size= "+kmsConf.size() + " kms classname="+kmsConf.getClass().getName());
LOG.info("----------------Instantiating key provider ---------------");
KeyProvider keyProvider =
- KeyProviderFactory.get(new URI(providerString), kmsConf);
+ createKeyProvider(new URI(providerString), kmsConf);
Preconditions.checkNotNull(keyProvider, String.format("No" +
" KeyProvider has been initialized, please" +
" check whether %s '%s' is configured correctly in" +
diff --git a/kms/src/main/resources/WEB-INF/web.xml b/kms/src/main/resources/WEB-INF/web.xml
deleted file mode 100644
index 5e2d489..0000000
--- a/kms/src/main/resources/WEB-INF/web.xml
+++ /dev/null
@@ -1,78 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee">
-
- <display-name>ranger-kms</display-name>
- <absolute-ordering />
-
- <listener>
- <listener-class>org.apache.hadoop.crypto.key.kms.server.KMSWebApp</listener-class>
- </listener>
-
- <servlet>
- <servlet-name>webservices-driver</servlet-name>
- <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
- <init-param>
- <param-name>com.sun.jersey.config.property.packages</param-name>
- <param-value>org.apache.hadoop.crypto.key.kms.server</param-value>
- </init-param>
- <load-on-startup>1</load-on-startup>
- </servlet>
-
-<!-- <servlet>
- <servlet-name>RangerKMSStartUp</servlet-name>
- <servlet-class>org.apache.ranger.kms.biz.RangerKMSStartUp</servlet-class>
- <load-on-startup>2</load-on-startup>
- </servlet> -->
-
- <servlet>
- <servlet-name>jmx-servlet</servlet-name>
- <servlet-class>org.apache.hadoop.crypto.key.kms.server.KMSJMXServlet</servlet-class>
- </servlet>
-
- <servlet-mapping>
- <servlet-name>webservices-driver</servlet-name>
- <url-pattern>/*</url-pattern>
- </servlet-mapping>
-
- <servlet-mapping>
- <servlet-name>jmx-servlet</servlet-name>
- <url-pattern>/jmx</url-pattern>
- </servlet-mapping>
-
- <filter>
- <filter-name>authFilter</filter-name>
- <filter-class>org.apache.hadoop.crypto.key.kms.server.KMSAuthenticationFilter</filter-class>
- </filter>
-
- <filter>
- <filter-name>MDCFilter</filter-name>
- <filter-class>org.apache.hadoop.crypto.key.kms.server.KMSMDCFilter</filter-class>
- </filter>
-
- <filter-mapping>
- <filter-name>authFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
- <filter-mapping>
- <filter-name>MDCFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
-</web-app>
diff --git a/kms/src/main/resources/log4j-kmsaudit.properties b/kms/src/main/resources/log4j-kmsaudit.properties
deleted file mode 100644
index 0747f1e..0000000
--- a/kms/src/main/resources/log4j-kmsaudit.properties
+++ /dev/null
@@ -1,28 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-log4j.rootLogger=INFO, kms-audit
-
-# LOG Appender
-log4j.appender.kms-audit=org.apache.log4j.ConsoleAppender
-log4j.appender.kms-audit.Target=System.err
-log4j.appender.kms-audit.layout=org.apache.log4j.PatternLayout
-log4j.appender.kms-audit.layout.ConversionPattern=%m
-
-# disable default logging in KMSAudit class
-log4j.logger.org.apache.hadoop.crypto.key.kms.server.KMSAudit=OFF
diff --git a/kms/src/main/resources/META-INF/context.xml b/kms/src/main/webapp/META-INF/context.xml
similarity index 100%
rename from kms/src/main/resources/META-INF/context.xml
rename to kms/src/main/webapp/META-INF/context.xml