HADOOP-11344. KMS kms-config.sh sets a default value for the keystore password even in non-ssl setup. Contributed by Arun Suresh.
(cherry picked from commit 3d48ad7eb4
)
This commit is contained in:
parent
d6f3d4893d
commit
c962eef533
|
@ -127,6 +127,9 @@ Release 2.7.0 - UNRELEASED
|
||||||
HADOOP-11337. KeyAuthorizationKeyProvider access checks need to be done
|
HADOOP-11337. KeyAuthorizationKeyProvider access checks need to be done
|
||||||
atomically. (Dian Fu via wang)
|
atomically. (Dian Fu via wang)
|
||||||
|
|
||||||
|
HADOOP-11344. KMS kms-config.sh sets a default value for the keystore
|
||||||
|
password even in non-ssl setup. (Arun Suresh via wang)
|
||||||
|
|
||||||
Release 2.6.0 - 2014-11-18
|
Release 2.6.0 - 2014-11-18
|
||||||
|
|
||||||
INCOMPATIBLE CHANGES
|
INCOMPATIBLE CHANGES
|
||||||
|
|
|
@ -150,9 +150,14 @@ else
|
||||||
print "Using KMS_SSL_KEYSTORE_FILE: ${KMS_SSL_KEYSTORE_FILE}"
|
print "Using KMS_SSL_KEYSTORE_FILE: ${KMS_SSL_KEYSTORE_FILE}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# If KMS_SSL_KEYSTORE_PASS is explicitly set to ""
|
||||||
|
# then reset to "password". DO NOT set to "password" if
|
||||||
|
# variable is NOT defined.
|
||||||
if [ "${KMS_SSL_KEYSTORE_PASS}" = "" ]; then
|
if [ "${KMS_SSL_KEYSTORE_PASS}" = "" ]; then
|
||||||
|
if [ -n "${KMS_SSL_KEYSTORE_PASS+1}" ]; then
|
||||||
export KMS_SSL_KEYSTORE_PASS=password
|
export KMS_SSL_KEYSTORE_PASS=password
|
||||||
print "Setting KMS_SSL_KEYSTORE_PASS: ********"
|
print "Setting KMS_SSL_KEYSTORE_PASS: ********"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
KMS_SSL_KEYSTORE_PASS_DISP=`echo ${KMS_SSL_KEYSTORE_PASS} | sed 's/./*/g'`
|
KMS_SSL_KEYSTORE_PASS_DISP=`echo ${KMS_SSL_KEYSTORE_PASS} | sed 's/./*/g'`
|
||||||
print "Using KMS_SSL_KEYSTORE_PASS: ${KMS_SSL_KEYSTORE_PASS_DISP}"
|
print "Using KMS_SSL_KEYSTORE_PASS: ${KMS_SSL_KEYSTORE_PASS_DISP}"
|
||||||
|
|
|
@ -54,7 +54,7 @@ catalina_opts="${catalina_opts} -Dkms.ssl.keystore.file=${KMS_SSL_KEYSTORE_FILE}
|
||||||
print "Adding to CATALINA_OPTS: ${catalina_opts}"
|
print "Adding to CATALINA_OPTS: ${catalina_opts}"
|
||||||
print "Found KMS_SSL_KEYSTORE_PASS: `echo ${KMS_SSL_KEYSTORE_PASS} | sed 's/./*/g'`"
|
print "Found KMS_SSL_KEYSTORE_PASS: `echo ${KMS_SSL_KEYSTORE_PASS} | sed 's/./*/g'`"
|
||||||
|
|
||||||
export CATALINA_OPTS="${CATALINA_OPTS_DISP} ${catalina_opts}"
|
export CATALINA_OPTS="${CATALINA_OPTS} ${catalina_opts}"
|
||||||
|
|
||||||
# A bug in catalina.sh script does not use CATALINA_OPTS for stopping the server
|
# A bug in catalina.sh script does not use CATALINA_OPTS for stopping the server
|
||||||
#
|
#
|
||||||
|
@ -64,6 +64,8 @@ fi
|
||||||
|
|
||||||
# If ssl, the populate the passwords into ssl-server.xml before starting tomcat
|
# If ssl, the populate the passwords into ssl-server.xml before starting tomcat
|
||||||
if [ ! "${KMS_SSL_KEYSTORE_PASS}" = "" ] || [ ! "${KMS_SSL_TRUSTSTORE_PASS}" = "" ]; then
|
if [ ! "${KMS_SSL_KEYSTORE_PASS}" = "" ] || [ ! "${KMS_SSL_TRUSTSTORE_PASS}" = "" ]; then
|
||||||
|
# Set a KEYSTORE_PASS if not already set
|
||||||
|
KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password}
|
||||||
cat ${CATALINA_BASE}/conf/ssl-server.xml.conf \
|
cat ${CATALINA_BASE}/conf/ssl-server.xml.conf \
|
||||||
| sed 's/_kms_ssl_keystore_pass_/'${KMS_SSL_KEYSTORE_PASS}'/g' \
|
| sed 's/_kms_ssl_keystore_pass_/'${KMS_SSL_KEYSTORE_PASS}'/g' \
|
||||||
| sed 's/_kms_ssl_truststore_pass_/'${KMS_SSL_TRUSTSTORE_PASS}'/g' > ${CATALINA_BASE}/conf/ssl-server.xml
|
| sed 's/_kms_ssl_truststore_pass_/'${KMS_SSL_TRUSTSTORE_PASS}'/g' > ${CATALINA_BASE}/conf/ssl-server.xml
|
||||||
|
|
Loading…
Reference in New Issue