You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by xg...@apache.org on 2016/12/21 22:42:37 UTC
[13/17] hadoop git commit: HADOOP-13911. Remove TRUSTSTORE_PASSWORD
related scripts from KMS. Contributed by John Zhuge.
HADOOP-13911. Remove TRUSTSTORE_PASSWORD related scripts from KMS. Contributed by John Zhuge.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/30f85d7a
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/30f85d7a
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/30f85d7a
Branch: refs/heads/YARN-5734
Commit: 30f85d7a88a110637757cf7a1f4cdc9ed40f59fb
Parents: f678080
Author: Xiao Chen <xi...@apache.org>
Authored: Tue Dec 20 16:02:26 2016 -0800
Committer: Xiao Chen <xi...@apache.org>
Committed: Tue Dec 20 16:02:26 2016 -0800
----------------------------------------------------------------------
.../hadoop-kms/src/main/conf/kms-env.sh | 5 -----
.../hadoop-kms/src/main/libexec/kms-config.sh | 5 -----
hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh | 11 ++---------
.../hadoop-kms/src/main/tomcat/ssl-server.xml.conf | 1 -
4 files changed, 2 insertions(+), 20 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/30f85d7a/hadoop-common-project/hadoop-kms/src/main/conf/kms-env.sh
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-kms/src/main/conf/kms-env.sh b/hadoop-common-project/hadoop-kms/src/main/conf/kms-env.sh
index 729e63a..e42904d 100644
--- a/hadoop-common-project/hadoop-kms/src/main/conf/kms-env.sh
+++ b/hadoop-common-project/hadoop-kms/src/main/conf/kms-env.sh
@@ -47,11 +47,6 @@
#
# export KMS_SSL_KEYSTORE_PASS=password
-#
-# The password of the truststore
-#
-# export KMS_SSL_TRUSTSTORE_PASS=
-
##
## Tomcat specific settings
http://git-wip-us.apache.org/repos/asf/hadoop/blob/30f85d7a/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh b/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh
index 927b4af..52dba38 100644
--- a/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh
+++ b/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh
@@ -44,11 +44,6 @@ function hadoop_subproject_init
export HADOOP_CATALINA_SSL_KEYSTORE_FILE="${KMS_SSL_KEYSTORE_FILE:-${HOME}/.keystore}"
- # this is undocumented, but older versions would rip the TRUSTSTORE_PASS out of the
- # CATALINA_OPTS
- # shellcheck disable=SC2086
- export KMS_SSL_TRUSTSTORE_PASS=${KMS_SSL_TRUSTSTORE_PASS:-"$(echo ${CATALINA_OPTS} | grep -o 'trustStorePassword=[^ ]*' | cut -f2 -d= )"}
-
export CATALINA_BASE="${CATALINA_BASE:-${HADOOP_HOME}/share/hadoop/kms/tomcat}"
export HADOOP_CATALINA_HOME="${KMS_CATALINA_HOME:-${CATALINA_BASE}}"
http://git-wip-us.apache.org/repos/asf/hadoop/blob/30f85d7a/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh b/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh
index 1d3c948..7611f2a 100755
--- a/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh
+++ b/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh
@@ -51,11 +51,7 @@ fi
# it is used in Tomcat's server.xml configuration file
#
-# Mask the trustStorePassword
-# shellcheck disable=SC2086
-CATALINA_OPTS_DISP="$(echo ${CATALINA_OPTS} | sed -e 's/trustStorePassword=[^ ]*/trustStorePassword=***/')"
-
-hadoop_debug "Using CATALINA_OPTS: ${CATALINA_OPTS_DISP}"
+hadoop_debug "Using CATALINA_OPTS: ${CATALINA_OPTS}"
# We're using hadoop-common, so set up some stuff it might need:
hadoop_finalize
@@ -94,14 +90,11 @@ fi
# if custom, use provided password
#
if [[ -f "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" ]]; then
- if [[ -n "${KMS_SSL_KEYSTORE_PASS+x}" ]] || [[ -n "${KMS_SSL_TRUSTSTORE_PASS}" ]]; then
+ if [[ -n "${KMS_SSL_KEYSTORE_PASS+x}" ]]; then
export KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password}
KMS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_xml_escape \
"$(hadoop_sed_escape "$KMS_SSL_KEYSTORE_PASS")")
- KMS_SSL_TRUSTSTORE_PASS_ESCAPED=$(hadoop_xml_escape \
- "$(hadoop_sed_escape "$KMS_SSL_TRUSTSTORE_PASS")")
sed -e 's/"_kms_ssl_keystore_pass_"/'"\"${KMS_SSL_KEYSTORE_PASS_ESCAPED}\""'/g' \
- -e 's/"_kms_ssl_truststore_pass_"/'"\"${KMS_SSL_TRUSTSTORE_PASS_ESCAPED}\""'/g' \
"${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" \
> "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml"
chmod 700 "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml" >/dev/null 2>&1
http://git-wip-us.apache.org/repos/asf/hadoop/blob/30f85d7a/hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf b/hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf
index 01b429c..272542a 100644
--- a/hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf
+++ b/hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf
@@ -72,7 +72,6 @@
maxThreads="${kms.max.threads}" scheme="https" secure="true"
maxHttpHeaderSize="${kms.max.http.header.size}"
clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2,SSLv2Hello"
- truststorePass="_kms_ssl_truststore_pass_"
keystoreFile="${kms.ssl.keystore.file}"
keystorePass="_kms_ssl_keystore_pass_"/>
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org