You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by wa...@apache.org on 2014/12/03 04:04:40 UTC
hadoop git commit: HADOOP-11344. KMS kms-config.sh sets a default
value for the keystore password even in non-ssl setup. Contributed by Arun
Suresh.
Repository: hadoop
Updated Branches:
refs/heads/branch-2 d6f3d4893 -> c962eef53
HADOOP-11344. KMS kms-config.sh sets a default value for the keystore password even in non-ssl setup. Contributed by Arun Suresh.
(cherry picked from commit 3d48ad7eb424206dd1528179b35de4cdf51afdf3)
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/c962eef5
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/c962eef5
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/c962eef5
Branch: refs/heads/branch-2
Commit: c962eef533024e176c5962623164e48c365ec458
Parents: d6f3d48
Author: Andrew Wang <wa...@apache.org>
Authored: Tue Dec 2 19:04:20 2014 -0800
Committer: Andrew Wang <wa...@apache.org>
Committed: Tue Dec 2 19:04:33 2014 -0800
----------------------------------------------------------------------
hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++
.../hadoop-kms/src/main/libexec/kms-config.sh | 9 +++++++--
hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh | 4 +++-
3 files changed, 13 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/c962eef5/hadoop-common-project/hadoop-common/CHANGES.txt
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt
index 58bc0ad..1c41002 100644
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@@ -127,6 +127,9 @@ Release 2.7.0 - UNRELEASED
HADOOP-11337. KeyAuthorizationKeyProvider access checks need to be done
atomically. (Dian Fu via wang)
+ HADOOP-11344. KMS kms-config.sh sets a default value for the keystore
+ password even in non-ssl setup. (Arun Suresh via wang)
+
Release 2.6.0 - 2014-11-18
INCOMPATIBLE CHANGES
http://git-wip-us.apache.org/repos/asf/hadoop/blob/c962eef5/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh b/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh
index d36ab4d..3ac929a 100644
--- a/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh
+++ b/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh
@@ -150,9 +150,14 @@ else
print "Using KMS_SSL_KEYSTORE_FILE: ${KMS_SSL_KEYSTORE_FILE}"
fi
+# If KMS_SSL_KEYSTORE_PASS is explicitly set to ""
+# then reset to "password". DO NOT set to "password" if
+# variable is NOT defined.
if [ "${KMS_SSL_KEYSTORE_PASS}" = "" ]; then
- export KMS_SSL_KEYSTORE_PASS=password
- print "Setting KMS_SSL_KEYSTORE_PASS: ********"
+ if [ -n "${KMS_SSL_KEYSTORE_PASS+1}" ]; then
+ export KMS_SSL_KEYSTORE_PASS=password
+ print "Setting KMS_SSL_KEYSTORE_PASS: ********"
+ fi
else
KMS_SSL_KEYSTORE_PASS_DISP=`echo ${KMS_SSL_KEYSTORE_PASS} | sed 's/./*/g'`
print "Using KMS_SSL_KEYSTORE_PASS: ${KMS_SSL_KEYSTORE_PASS_DISP}"
http://git-wip-us.apache.org/repos/asf/hadoop/blob/c962eef5/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh b/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh
index 1e40e10..24a1f54 100644
--- a/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh
+++ b/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh
@@ -54,7 +54,7 @@ catalina_opts="${catalina_opts} -Dkms.ssl.keystore.file=${KMS_SSL_KEYSTORE_FILE}
print "Adding to CATALINA_OPTS: ${catalina_opts}"
print "Found KMS_SSL_KEYSTORE_PASS: `echo ${KMS_SSL_KEYSTORE_PASS} | sed 's/./*/g'`"
-export CATALINA_OPTS="${CATALINA_OPTS_DISP} ${catalina_opts}"
+export CATALINA_OPTS="${CATALINA_OPTS} ${catalina_opts}"
# A bug in catalina.sh script does not use CATALINA_OPTS for stopping the server
#
@@ -64,6 +64,8 @@ fi
# If ssl, the populate the passwords into ssl-server.xml before starting tomcat
if [ ! "${KMS_SSL_KEYSTORE_PASS}" = "" ] || [ ! "${KMS_SSL_TRUSTSTORE_PASS}" = "" ]; then
+ # Set a KEYSTORE_PASS if not already set
+ KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password}
cat ${CATALINA_BASE}/conf/ssl-server.xml.conf \
| sed 's/_kms_ssl_keystore_pass_/'${KMS_SSL_KEYSTORE_PASS}'/g' \
| sed 's/_kms_ssl_truststore_pass_/'${KMS_SSL_TRUSTSTORE_PASS}'/g' > ${CATALINA_BASE}/conf/ssl-server.xml