LIVY-329. Fix two SSL issues. (#308) - Livy server url is exposed as http URL even https is enabled, so we should handle this. - Livy server SSL keystore password and key password currently set to same configurations, which should be separated.
Project: http://git-wip-us.apache.org/repos/asf/incubator-livy/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-livy/commit/2ff8f5c6 Tree: http://git-wip-us.apache.org/repos/asf/incubator-livy/tree/2ff8f5c6 Diff: http://git-wip-us.apache.org/repos/asf/incubator-livy/diff/2ff8f5c6 Branch: refs/heads/master Commit: 2ff8f5c69f8d7ea05f445b8240945afe910c1ab5 Parents: fbccb69 Author: Saisai Shao <sai.sai.s...@gmail.com> Authored: Tue Mar 14 03:52:02 2017 +0800 Committer: Alex Man <alex-the-...@users.noreply.github.com> Committed: Mon Mar 13 12:52:02 2017 -0700 ---------------------------------------------------------------------- conf/livy.conf.template | 3 +++ server/src/main/scala/com/cloudera/livy/LivyConf.scala | 4 ++++ .../main/scala/com/cloudera/livy/server/LivyServer.scala | 2 +- .../main/scala/com/cloudera/livy/server/WebServer.scala | 11 +++-------- 4 files changed, 11 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-livy/blob/2ff8f5c6/conf/livy.conf.template ---------------------------------------------------------------------- diff --git a/conf/livy.conf.template b/conf/livy.conf.template index c23aab2..8c5fe03 100644 --- a/conf/livy.conf.template +++ b/conf/livy.conf.template @@ -3,6 +3,9 @@ # Specify the keystore password. # livy.keystore.password = +# +# Specify the key password. +# livy.key-password = # What host address to start the server on. By default, Livy will bind to all network interfaces. # livy.server.host = 0.0.0.0 http://git-wip-us.apache.org/repos/asf/incubator-livy/blob/2ff8f5c6/server/src/main/scala/com/cloudera/livy/LivyConf.scala ---------------------------------------------------------------------- diff --git a/server/src/main/scala/com/cloudera/livy/LivyConf.scala b/server/src/main/scala/com/cloudera/livy/LivyConf.scala index 6562b03..1db1b8f 100644 --- a/server/src/main/scala/com/cloudera/livy/LivyConf.scala +++ b/server/src/main/scala/com/cloudera/livy/LivyConf.scala @@ -66,6 +66,10 @@ object LivyConf { val ACCESS_CONTROL_ENABLED = Entry("livy.server.access_control.enabled", false) val ACCESS_CONTROL_USERS = Entry("livy.server.access_control.users", null) + val SSL_KEYSTORE = Entry("livy.keystore", null) + val SSL_KEYSTORE_PASSWORD = Entry("livy.keystore.password", null) + val SSL_KEY_PASSWORD = Entry("livy.key-password", null) + val AUTH_TYPE = Entry("livy.server.auth.type", null) val AUTH_KERBEROS_PRINCIPAL = Entry("livy.server.auth.kerberos.principal", null) val AUTH_KERBEROS_KEYTAB = Entry("livy.server.auth.kerberos.keytab", null) http://git-wip-us.apache.org/repos/asf/incubator-livy/blob/2ff8f5c6/server/src/main/scala/com/cloudera/livy/server/LivyServer.scala ---------------------------------------------------------------------- diff --git a/server/src/main/scala/com/cloudera/livy/server/LivyServer.scala b/server/src/main/scala/com/cloudera/livy/server/LivyServer.scala index a88f013..0499d48 100644 --- a/server/src/main/scala/com/cloudera/livy/server/LivyServer.scala +++ b/server/src/main/scala/com/cloudera/livy/server/LivyServer.scala @@ -231,7 +231,7 @@ class LivyServer extends Logging { } }) - _serverUrl = Some(s"http://${server.host}:${server.port}") + _serverUrl = Some(s"${server.protocol}://${server.host}:${server.port}") sys.props("livy.server.serverUrl") = _serverUrl.get } http://git-wip-us.apache.org/repos/asf/incubator-livy/blob/2ff8f5c6/server/src/main/scala/com/cloudera/livy/server/WebServer.scala ---------------------------------------------------------------------- diff --git a/server/src/main/scala/com/cloudera/livy/server/WebServer.scala b/server/src/main/scala/com/cloudera/livy/server/WebServer.scala index a07b05f..8f21180 100644 --- a/server/src/main/scala/com/cloudera/livy/server/WebServer.scala +++ b/server/src/main/scala/com/cloudera/livy/server/WebServer.scala @@ -28,18 +28,13 @@ import org.eclipse.jetty.util.ssl.SslContextFactory import com.cloudera.livy.{LivyConf, Logging} -object WebServer { - val KeystoreKey = "livy.keystore" - val KeystorePasswordKey = "livy.keystore.password" -} - class WebServer(livyConf: LivyConf, var host: String, var port: Int) extends Logging { val server = new Server() server.setStopTimeout(1000) server.setStopAtShutdown(true) - val (connector, protocol) = Option(livyConf.get(WebServer.KeystoreKey)) match { + val (connector, protocol) = Option(livyConf.get(LivyConf.SSL_KEYSTORE)) match { case None => (new ServerConnector(server), "http") @@ -49,9 +44,9 @@ class WebServer(livyConf: LivyConf, var host: String, var port: Int) extends Log val sslContextFactory = new SslContextFactory() sslContextFactory.setKeyStorePath(keystore) - Option(livyConf.get(WebServer.KeystorePasswordKey)) + Option(livyConf.get(LivyConf.SSL_KEYSTORE_PASSWORD)) .foreach(sslContextFactory.setKeyStorePassword) - Option(livyConf.get(WebServer.KeystorePasswordKey)) + Option(livyConf.get(LivyConf.SSL_KEY_PASSWORD)) .foreach(sslContextFactory.setKeyManagerPassword) (new ServerConnector(server,