Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HADOOP-11344. KMS kms-config.sh sets a default value for the keystore password even in non-ssl setup. Contributed by Arun Suresh.

This commit is contained in:
Andrew Wang 2014-12-02 19:04:20 -08:00
parent 392c3aaea8
commit 3d48ad7eb4
3 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hadoop-common-project/hadoop-common/CHANGES.txt
View File

@ -487,6 +487,9 @@ Release 2.7.0 - UNRELEASED
HADOOP-11337. KeyAuthorizationKeyProvider access checks need to be done
atomically. (Dian Fu via wang)
HADOOP-11344. KMS kms-config.sh sets a default value for the keystore
password even in non-ssl setup. (Arun Suresh via wang)
Release 2.6.0 - 2014-11-18
INCOMPATIBLE CHANGES

9
hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh
View File

@ -150,9 +150,14 @@ else
print "Using KMS_SSL_KEYSTORE_FILE: ${KMS_SSL_KEYSTORE_FILE}"
fi
# If KMS_SSL_KEYSTORE_PASS is explicitly set to ""
# then reset to "password". DO NOT set to "password" if
# variable is NOT defined.
if [ "${KMS_SSL_KEYSTORE_PASS}" = "" ]; then
export KMS_SSL_KEYSTORE_PASS=password
print "Setting KMS_SSL_KEYSTORE_PASS: ********"
if [ -n "${KMS_SSL_KEYSTORE_PASS+1}" ]; then
export KMS_SSL_KEYSTORE_PASS=password
print "Setting KMS_SSL_KEYSTORE_PASS: ********"
fi
else
KMS_SSL_KEYSTORE_PASS_DISP=`echo ${KMS_SSL_KEYSTORE_PASS} | sed 's/./*/g'`
print "Using KMS_SSL_KEYSTORE_PASS: ${KMS_SSL_KEYSTORE_PASS_DISP}"

4
hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh
View File

@ -54,7 +54,7 @@ catalina_opts="${catalina_opts} -Dkms.ssl.keystore.file=${KMS_SSL_KEYSTORE_FILE}
print "Adding to CATALINA_OPTS: ${catalina_opts}"
print "Found KMS_SSL_KEYSTORE_PASS: `echo ${KMS_SSL_KEYSTORE_PASS} | sed 's/./*/g'`"
export CATALINA_OPTS="${CATALINA_OPTS_DISP} ${catalina_opts}"
export CATALINA_OPTS="${CATALINA_OPTS} ${catalina_opts}"
# A bug in catalina.sh script does not use CATALINA_OPTS for stopping the server
#
@ -64,6 +64,8 @@ fi
# If ssl, the populate the passwords into ssl-server.xml before starting tomcat
if [ ! "${KMS_SSL_KEYSTORE_PASS}" = "" ] || [ ! "${KMS_SSL_TRUSTSTORE_PASS}" = "" ]; then
# Set a KEYSTORE_PASS if not already set
KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password}
cat ${CATALINA_BASE}/conf/ssl-server.xml.conf \
| sed 's/_kms_ssl_keystore_pass_/'${KMS_SSL_KEYSTORE_PASS}'/g' \
| sed 's/_kms_ssl_truststore_pass_/'${KMS_SSL_TRUSTSTORE_PASS}'/g' > ${CATALINA_BASE}/conf/ssl-server.xml