[13/17] hadoop git commit: HADOOP-13911. Remove TRUSTSTORE_PASSWORD related scripts from KMS. Contributed by John Zhuge.

[xg...@apache.org]

HADOOP-13911. Remove TRUSTSTORE_PASSWORD related scripts from KMS. Contributed by John Zhuge.


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/30f85d7a
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/30f85d7a
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/30f85d7a

Branch: refs/heads/YARN-5734
Commit: 30f85d7a88a110637757cf7a1f4cdc9ed40f59fb
Parents: f678080
Author: Xiao Chen <xi...@apache.org>
Authored: Tue Dec 20 16:02:26 2016 -0800
Committer: Xiao Chen <xi...@apache.org>
Committed: Tue Dec 20 16:02:26 2016 -0800

----------------------------------------------------------------------
 .../hadoop-kms/src/main/conf/kms-env.sh                  |  5 -----
 .../hadoop-kms/src/main/libexec/kms-config.sh            |  5 -----
 hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh    | 11 ++---------
 .../hadoop-kms/src/main/tomcat/ssl-server.xml.conf       |  1 -
 4 files changed, 2 insertions(+), 20 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/30f85d7a/hadoop-common-project/hadoop-kms/src/main/conf/kms-env.sh
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-kms/src/main/conf/kms-env.sh b/hadoop-common-project/hadoop-kms/src/main/conf/kms-env.sh
index 729e63a..e42904d 100644
--- a/hadoop-common-project/hadoop-kms/src/main/conf/kms-env.sh
+++ b/hadoop-common-project/hadoop-kms/src/main/conf/kms-env.sh
@@ -47,11 +47,6 @@
 #
 # export KMS_SSL_KEYSTORE_PASS=password
 
-#
-# The password of the truststore
-#
-# export KMS_SSL_TRUSTSTORE_PASS=
-
 
 ##
 ## Tomcat specific settings

http://git-wip-us.apache.org/repos/asf/hadoop/blob/30f85d7a/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh b/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh
index 927b4af..52dba38 100644
--- a/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh
+++ b/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh
@@ -44,11 +44,6 @@ function hadoop_subproject_init
 
   export HADOOP_CATALINA_SSL_KEYSTORE_FILE="${KMS_SSL_KEYSTORE_FILE:-${HOME}/.keystore}"
 
-  # this is undocumented, but older versions would rip the TRUSTSTORE_PASS out of the
-  # CATALINA_OPTS
-  # shellcheck disable=SC2086
-  export KMS_SSL_TRUSTSTORE_PASS=${KMS_SSL_TRUSTSTORE_PASS:-"$(echo ${CATALINA_OPTS} | grep -o 'trustStorePassword=[^ ]*' | cut -f2 -d= )"}
-
   export CATALINA_BASE="${CATALINA_BASE:-${HADOOP_HOME}/share/hadoop/kms/tomcat}"
   export HADOOP_CATALINA_HOME="${KMS_CATALINA_HOME:-${CATALINA_BASE}}"
 

http://git-wip-us.apache.org/repos/asf/hadoop/blob/30f85d7a/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh b/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh
index 1d3c948..7611f2a 100755
--- a/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh
+++ b/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh
@@ -51,11 +51,7 @@ fi
 # it is used in Tomcat's server.xml configuration file
 #
 
-# Mask the trustStorePassword
-# shellcheck disable=SC2086
-CATALINA_OPTS_DISP="$(echo ${CATALINA_OPTS} | sed -e 's/trustStorePassword=[^ ]*/trustStorePassword=***/')"
-
-hadoop_debug "Using   CATALINA_OPTS:       ${CATALINA_OPTS_DISP}"
+hadoop_debug "Using   CATALINA_OPTS:       ${CATALINA_OPTS}"
 
 # We're using hadoop-common, so set up some stuff it might need:
 hadoop_finalize
@@ -94,14 +90,11 @@ fi
 # if custom, use provided password
 #
 if [[ -f "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" ]]; then
-  if [[ -n "${KMS_SSL_KEYSTORE_PASS+x}" ]] || [[ -n "${KMS_SSL_TRUSTSTORE_PASS}" ]]; then
+  if [[ -n "${KMS_SSL_KEYSTORE_PASS+x}" ]]; then
       export KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password}
       KMS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_xml_escape \
         "$(hadoop_sed_escape "$KMS_SSL_KEYSTORE_PASS")")
-      KMS_SSL_TRUSTSTORE_PASS_ESCAPED=$(hadoop_xml_escape \
-        "$(hadoop_sed_escape "$KMS_SSL_TRUSTSTORE_PASS")")
       sed -e 's/"_kms_ssl_keystore_pass_"/'"\"${KMS_SSL_KEYSTORE_PASS_ESCAPED}\""'/g' \
-          -e 's/"_kms_ssl_truststore_pass_"/'"\"${KMS_SSL_TRUSTSTORE_PASS_ESCAPED}\""'/g' \
         "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" \
         > "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml"
       chmod 700 "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml" >/dev/null 2>&1

http://git-wip-us.apache.org/repos/asf/hadoop/blob/30f85d7a/hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf b/hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf
index 01b429c..272542a 100644
--- a/hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf
+++ b/hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf
@@ -72,7 +72,6 @@
                maxThreads="${kms.max.threads}" scheme="https" secure="true"
                maxHttpHeaderSize="${kms.max.http.header.size}"
                clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2,SSLv2Hello"
-               truststorePass="_kms_ssl_truststore_pass_"
                keystoreFile="${kms.ssl.keystore.file}"
                keystorePass="_kms_ssl_keystore_pass_"/>
 


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org