Author: rkanter
Date: Mon Mar 18 20:04:55 2013
New Revision: 1457953
URL: http://svn.apache.org/r1457953
Log:
OOZIE-1268 Configuring Oozie to use SSL doesn't work if addtowar.sh is invoked
directly (rkanter)
Added:
oozie/trunk/distro/src/main/tomcat/ssl-web.xml
Removed:
oozie/trunk/webapp/src/main/webapp/WEB-INF/ssl-web.xml
Modified:
oozie/trunk/distro/pom.xml
oozie/trunk/distro/src/main/bin/addtowar.sh
oozie/trunk/distro/src/main/bin/oozie-setup.sh
oozie/trunk/docs/src/site/twiki/AG_Install.twiki
oozie/trunk/release-log.txt
oozie/trunk/src/main/assemblies/distro.xml
Modified: oozie/trunk/distro/pom.xml
URL:
http://svn.apache.org/viewvc/oozie/trunk/distro/pom.xml?rev=1457953&r1=1457952&r2=1457953&view=diff
==============================================================================
--- oozie/trunk/distro/pom.xml (original)
+++ oozie/trunk/distro/pom.xml Mon Mar 18 20:04:55 2013
@@ -101,6 +101,10 @@
<copy file="src/main/tomcat/server.xml"
toDir="target/tomcat/oozie-server/conf"/>
<copy file="src/main/tomcat/logging.properties"
toDir="target/tomcat/oozie-server/conf"/>
+ <mkdir
dir="target/tomcat/oozie-server/conf/ssl"/>
+ <copy file="src/main/tomcat/server.xml"
toDir="target/tomcat/oozie-server/conf/ssl"/>
+ <copy file="src/main/tomcat/ssl-server.xml"
toDir="target/tomcat/oozie-server/conf/ssl"/>
+ <copy file="src/main/tomcat/ssl-web.xml"
toDir="target/tomcat/oozie-server/conf/ssl"/>
<copy
todir="target/tomcat/oozie-server/webapps/ROOT">
<fileset dir="src/main/tomcat/ROOT"/>
</copy>
Modified: oozie/trunk/distro/src/main/bin/addtowar.sh
URL:
http://svn.apache.org/viewvc/oozie/trunk/distro/src/main/bin/addtowar.sh?rev=1457953&r1=1457952&r2=1457953&view=diff
==============================================================================
--- oozie/trunk/distro/src/main/bin/addtowar.sh (original)
+++ oozie/trunk/distro/src/main/bin/addtowar.sh Mon Mar 18 20:04:55 2013
@@ -132,7 +132,7 @@ function printUsage() {
echo " [-hadoopJarsSNAPSHOT] (if Hadoop jars version on system is
SNAPSHOT)"
echo " [-extjs EXTJS_PATH] (expanded or ZIP)"
echo " [-jars JARS_PATH] (multiple JAR path separated by ':')"
- echo " [-secure]"
+ echo " [-secureWeb WEB_XML_PATH] (path to secure web.xml)"
echo
}
@@ -154,8 +154,8 @@ extjsHome=""
jarsPath=""
inputWar=""
outputWar=""
-secure=false
-secureConfigsDir="${OOZIE_CONFIG}/ssl"
+secureWeb=false
+secureWebPath=""
while [ $# -gt 0 ]
do
@@ -224,9 +224,17 @@ do
exit -1
fi
outputWar=$1
- elif [ "$1" = "-secure" ]; then
+ elif [ "$1" = "-secureWeb" ]; then
shift
- secure=true
+ if [ $# -eq 0 ]; then
+ echo
+ echo "Missing option value, secure web.xml path"
+ echo
+ printUsage
+ exit -1
+ fi
+ secureWebPath=$1
+ secureWeb=true
fi
shift
done
@@ -262,15 +270,11 @@ if [ "${addJars}" = "true" ]; then
done
fi
-if [ "${secure}" = "true" ]; then
- checkFileExists ${secureConfigsDir}/ssl-server.xml
- checkFileExists ${secureConfigsDir}/ssl-web.xml
+if [ "${secureWeb}" = "true" ]; then
+ checkFileExists ${secureWebPath}
echo
echo "Using SSL (HTTPS)"
echo
-else
- checkFileExists ${secureConfigsDir}/server.xml
- checkFileExists ${secureConfigsDir}/web.xml
fi
#Unpacking original war
@@ -347,14 +351,10 @@ if [ "${addJars}" = "true" ]; then
done
fi
-if [ "${secure}" = "true" ]; then
+if [ "${secureWeb}" = "true" ]; then
#Inject the SSL version of web.xml in oozie war
- cp ${secureConfigsDir}/ssl-web.xml ${tmpWarDir}/WEB-INF/web.xml
- checkExec "injecting secure web.xml file into staging"
-else
- #Inject the regular version of web.xml in oozie war
- cp ${secureConfigsDir}/web.xml ${tmpWarDir}/WEB-INF/web.xml
- checkExec "injecting regular web.xml file into staging"
+ cp ${secureWebPath} ${tmpWarDir}/WEB-INF/web.xml
+ checkExec "Injecting secure web.xml file into staging"
fi
#Creating new Oozie WAR
@@ -372,15 +372,5 @@ echo
echo "New Oozie WAR file with added '${components}' at ${outputWar}"
echo
-if [ "${secure}" = "true" ]; then
- #Inject the SSL version of server.xml in oozie-server
- cp ${secureConfigsDir}/ssl-server.xml
${secureConfigsDir}/../../oozie-server/conf/server.xml
- checkExec "injecting secure server.xml file into oozie-server"
-else
- #Inject the regular version of server.xml in oozie-server
- cp ${secureConfigsDir}/server.xml
${secureConfigsDir}/../../oozie-server/conf/server.xml
- checkExec "injecting regular server.xml file into oozie-server"
-fi
-
cleanUp
exit 0
Modified: oozie/trunk/distro/src/main/bin/oozie-setup.sh
URL:
http://svn.apache.org/viewvc/oozie/trunk/distro/src/main/bin/oozie-setup.sh?rev=1457953&r1=1457952&r2=1457953&view=diff
==============================================================================
--- oozie/trunk/distro/src/main/bin/oozie-setup.sh (original)
+++ oozie/trunk/distro/src/main/bin/oozie-setup.sh Mon Mar 18 20:04:55 2013
@@ -73,6 +73,7 @@ inputWar="${OOZIE_HOME}/oozie.war"
outputWar="${CATALINA_BASE}/webapps/oozie.war"
outputWarExpanded="${CATALINA_BASE}/webapps/oozie"
secure=""
+secureConfigsDir="${CATALINA_BASE}/conf/ssl"
while [ $# -gt 0 ]
do
@@ -205,7 +206,13 @@ else
OPTIONS="${OPTIONS} -hadoop ${hadoopVersion} ${hadoopPath}"
fi
if [ "${secure}" != "" ]; then
- OPTIONS="${OPTIONS} -secure"
+ OPTIONS="${OPTIONS} -secureWeb ${secureConfigsDir}/ssl-web.xml"
+ #Use the SSL version of server.xml in oozie-server
+ cp ${secureConfigsDir}/ssl-server.xml ${CATALINA_BASE}/conf/server.xml
+ echo "INFO: Using secure server.xml"
+ else
+ #Use the regular version of server.xml in oozie-server
+ cp ${secureConfigsDir}/server.xml ${CATALINA_BASE}/conf/server.xml
fi
${OOZIE_HOME}/bin/addtowar.sh -inputwar ${inputWar} -outputwar ${outputWar}
${OPTIONS}
Added: oozie/trunk/distro/src/main/tomcat/ssl-web.xml
URL:
http://svn.apache.org/viewvc/oozie/trunk/distro/src/main/tomcat/ssl-web.xml?rev=1457953&view=auto
==============================================================================
--- oozie/trunk/distro/src/main/tomcat/ssl-web.xml (added)
+++ oozie/trunk/distro/src/main/tomcat/ssl-web.xml Mon Mar 18 20:04:55 2013
@@ -0,0 +1,214 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application
2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd";>
+
+<web-app>
+ <display-name>OOZIE</display-name>
+
+ <!-- Listeners -->
+ <listener>
+
<listener-class>org.apache.oozie.servlet.ServicesLoader</listener-class>
+ </listener>
+
+ <!-- Servlets -->
+ <servlet>
+ <servlet-name>versions</servlet-name>
+ <display-name>WS API for Workflow Instances</display-name>
+ <servlet-class>org.apache.oozie.servlet.VersionServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+
+ <servlet>
+ <servlet-name>v0admin</servlet-name>
+ <display-name>Oozie admin</display-name>
+ <servlet-class>org.apache.oozie.servlet.V0AdminServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+
+ <servlet>
+ <servlet-name>v1admin</servlet-name>
+ <display-name>Oozie admin</display-name>
+ <servlet-class>org.apache.oozie.servlet.V1AdminServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+
+ <servlet>
+ <servlet-name>callback</servlet-name>
+ <display-name>Callback Notification</display-name>
+ <servlet-class>org.apache.oozie.servlet.CallbackServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+
+ <servlet>
+ <servlet-name>v0jobs</servlet-name>
+ <display-name>WS API for Workflow Jobs</display-name>
+ <servlet-class>org.apache.oozie.servlet.V0JobsServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+
+ <servlet>
+ <servlet-name>v1jobs</servlet-name>
+ <display-name>WS API for Workflow Jobs</display-name>
+ <servlet-class>org.apache.oozie.servlet.V1JobsServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+
+ <servlet>
+ <servlet-name>v0job</servlet-name>
+ <display-name>WS API for a specific Workflow Job</display-name>
+ <servlet-class>org.apache.oozie.servlet.V0JobServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+
+ <servlet>
+ <servlet-name>v1job</servlet-name>
+ <display-name>WS API for a specific Workflow Job</display-name>
+ <servlet-class>org.apache.oozie.servlet.V1JobServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+
+ <servlet>
+ <servlet-name>sla-event</servlet-name>
+ <display-name>WS API for specific SLA Events</display-name>
+ <servlet-class>org.apache.oozie.servlet.SLAServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+
+ <!-- servlet-mapping -->
+ <servlet-mapping>
+ <servlet-name>versions</servlet-name>
+ <url-pattern>/versions</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name>v0admin</servlet-name>
+ <url-pattern>/v0/admin/*</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name>v1admin</servlet-name>
+ <url-pattern>/v1/admin/*</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name>callback</servlet-name>
+ <url-pattern>/callback/*</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name>v0jobs</servlet-name>
+ <url-pattern>/v0/jobs</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name>v1jobs</servlet-name>
+ <url-pattern>/v1/jobs</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name>v0job</servlet-name>
+ <url-pattern>/v0/job/*</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name>v1job</servlet-name>
+ <url-pattern>/v1/job/*</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name>sla-event</servlet-name>
+ <url-pattern>/v1/sla/*</url-pattern>
+ </servlet-mapping>
+
+ <!-- welcome-file -->
+ <welcome-file-list>
+ <welcome-file>index.html</welcome-file>
+ </welcome-file-list>
+
+ <filter>
+ <filter-name>hostnameFilter</filter-name>
+ <filter-class>org.apache.oozie.servlet.HostnameFilter</filter-class>
+ </filter>
+
+ <filter>
+ <filter-name>authenticationfilter</filter-name>
+ <filter-class>org.apache.oozie.servlet.AuthFilter</filter-class>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>hostnameFilter</filter-name>
+ <url-pattern>*</url-pattern>
+ </filter-mapping>
+
+ <filter-mapping>
+ <filter-name>authenticationfilter</filter-name>
+ <url-pattern>/versions/*</url-pattern>
+ </filter-mapping>
+
+ <filter-mapping>
+ <filter-name>authenticationfilter</filter-name>
+ <url-pattern>/v0/*</url-pattern>
+ </filter-mapping>
+
+ <filter-mapping>
+ <filter-name>authenticationfilter</filter-name>
+ <url-pattern>/v1/*</url-pattern>
+ </filter-mapping>
+
+ <filter-mapping>
+ <filter-name>authenticationfilter</filter-name>
+ <url-pattern>/index.html</url-pattern>
+ </filter-mapping>
+
+ <filter-mapping>
+ <filter-name>authenticationfilter</filter-name>
+ <url-pattern>*.js</url-pattern>
+ </filter-mapping>
+
+ <filter-mapping>
+ <filter-name>authenticationfilter</filter-name>
+ <url-pattern>/ext-2.2/*</url-pattern>
+ </filter-mapping>
+
+ <filter-mapping>
+ <filter-name>authenticationfilter</filter-name>
+ <url-pattern>/docs/*</url-pattern>
+ </filter-mapping>
+
+ <!-- Require SSL (HTTPS) for everything except callbacks -->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Callback</web-resource-name>
+ <url-pattern>/callback/*</url-pattern>
+ </web-resource-collection>
+ <user-data-constraint>
+ <transport-guarantee>NONE</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Oozie Resources</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+</web-app>
Modified: oozie/trunk/docs/src/site/twiki/AG_Install.twiki
URL:
http://svn.apache.org/viewvc/oozie/trunk/docs/src/site/twiki/AG_Install.twiki?rev=1457953&r1=1457952&r2=1457953&view=diff
==============================================================================
--- oozie/trunk/docs/src/site/twiki/AG_Install.twiki (original)
+++ oozie/trunk/docs/src/site/twiki/AG_Install.twiki Mon Mar 18 20:04:55 2013
@@ -105,6 +105,7 @@ The =addtowar.sh= script options are:
[-hadoop HADOOP_VERSION HADOOP_PATH]
[-extjs EXTJS_PATH]
[-jars JARS_PATH] (multiple JAR path separated by ':')
+ [-secureWeb WEB_XML_PATH] (path to secure web.xml)
</verbatim>
The original =oozie.war= file is in the Oozie server installation directory.
Modified: oozie/trunk/release-log.txt
URL:
http://svn.apache.org/viewvc/oozie/trunk/release-log.txt?rev=1457953&r1=1457952&r2=1457953&view=diff
==============================================================================
--- oozie/trunk/release-log.txt (original)
+++ oozie/trunk/release-log.txt Mon Mar 18 20:04:55 2013
@@ -73,6 +73,7 @@ OOZIE-944 Implement Workflow Generator U
-- Oozie 3.3.2 (unreleased)
+OOZIE-1268 Configuring Oozie to use SSL doesn't work if addtowar.sh is invoked
directly (rkanter)
OOZIE-1208 Oozie web-console when displaying Coord Job Log for an action gives
Format Error (rohini via mona)
OOZIE-1233 Add ability to configure Oozie to use HTTPS (SSL) (rkanter)
OOZIE-1242 Dryrun option for workflows mentions version 3.4 when it should be
3.3.2 (rkanter)
Modified: oozie/trunk/src/main/assemblies/distro.xml
URL:
http://svn.apache.org/viewvc/oozie/trunk/src/main/assemblies/distro.xml?rev=1457953&r1=1457952&r2=1457953&view=diff
==============================================================================
--- oozie/trunk/src/main/assemblies/distro.xml (original)
+++ oozie/trunk/src/main/assemblies/distro.xml Mon Mar 18 20:04:55 2013
@@ -165,23 +165,5 @@
<outputDirectory>/</outputDirectory>
<fileMode>0444</fileMode>
</file>
- <!-- Oozie SSL (HTTPS) server.xml -->
- <file>
-
<source>${basedir}/../distro/src/main/tomcat/ssl-server.xml</source>
- <outputDirectory>/conf/ssl</outputDirectory>
- </file>
- <file>
- <source>${basedir}/../distro/src/main/tomcat/server.xml</source>
- <outputDirectory>/conf/ssl</outputDirectory>
- </file>
- <!-- Oozie SSL (HTTPS) web.xml -->
- <file>
-
<source>${basedir}/../webapp/src/main/webapp/WEB-INF/ssl-web.xml</source>
- <outputDirectory>/conf/ssl</outputDirectory>
- </file>
- <file>
-
<source>${basedir}/../webapp/src/main/webapp/WEB-INF/web.xml</source>
- <outputDirectory>/conf/ssl</outputDirectory>
- </file>
</files>
</assembly>
