Repository: oozie Updated Branches: refs/heads/branch-4.3 c811b731f -> cec2db552
OOZIE-3171 Revert OOZIE-2771 commit on branch-4.3 (satishsaley) Project: http://git-wip-us.apache.org/repos/asf/oozie/repo Commit: http://git-wip-us.apache.org/repos/asf/oozie/commit/cec2db55 Tree: http://git-wip-us.apache.org/repos/asf/oozie/tree/cec2db55 Diff: http://git-wip-us.apache.org/repos/asf/oozie/diff/cec2db55 Branch: refs/heads/branch-4.3 Commit: cec2db5529e1ef8d10512e40f2d36ae6dfdca78f Parents: c811b73 Author: Satish Subhashrao Saley <[email protected]> Authored: Sat Jan 27 08:07:18 2018 -0800 Committer: Satish Subhashrao Saley <[email protected]> Committed: Sat Jan 27 08:07:18 2018 -0800 ---------------------------------------------------------------------- release-log.txt | 2 +- .../oozie/server/SSLServerConnectorFactory.java | 167 ------------------- 2 files changed, 1 insertion(+), 168 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/oozie/blob/cec2db55/release-log.txt ---------------------------------------------------------------------- diff --git a/release-log.txt b/release-log.txt index 2ebc296..6405baf 100644 --- a/release-log.txt +++ b/release-log.txt @@ -1,5 +1,6 @@ -- Oozie 4.3.1 release +OOZIE-3171 Revert OOZIE-2771 commit on branch-4.3 (satishsaley) OOZIE-2533 Oozie Web UI gives Error 500 with Java 8u91 (asasvari via satishsaley) OOZIE-3167 Upgrade tomcat version on Oozie 4.3 branch (satishsaley) OOZIE-3161 Spark job failing because of servlet-api-2.5 jar (satishsaley) @@ -33,7 +34,6 @@ OOZIE-2786 Pass Oozie workflow ID and settings to Spark application configuratio OOZIE-2790 log4j configuration is not passed to spark executors (satishsaley) OOZIE-2787 Oozie distributes application jar twice making the spark job fail (satishsaley) OOZIE-2777 Config-default.xml longer than 64k results in java.io.UTFDataFormatException (gezapeti via harsh) -OOZIE-2771 Allow retrieving keystore and truststore passwords from Hadoop Credential Provider (asasvari via abhishekbafna) OOZIE-2748 NPE in LauncherMapper.printArgs() (pbacsko via rkanter) OOZIE-2654 Zookeeper dependent services should not depend on Connectionstate to be valid before cleaning up (venkatnrangan via abhishekbafna) OOZIE-2690 OOZIE NPE while executing kill() (abhishekbafna via jaydeepvishwakarma) http://git-wip-us.apache.org/repos/asf/oozie/blob/cec2db55/server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java ---------------------------------------------------------------------- diff --git a/server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java b/server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java deleted file mode 100644 index a7253d7..0000000 --- a/server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java +++ /dev/null @@ -1,167 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.oozie.server; - - -import com.google.common.base.Preconditions; -import com.google.inject.Inject; -import org.apache.hadoop.conf.Configuration; -import org.apache.oozie.service.ConfigurationService; -import org.eclipse.jetty.http.HttpVersion; -import org.eclipse.jetty.server.HttpConfiguration; -import org.eclipse.jetty.server.HttpConnectionFactory; -import org.eclipse.jetty.server.SecureRequestCustomizer; -import org.eclipse.jetty.server.Server; -import org.eclipse.jetty.server.ServerConnector; -import org.eclipse.jetty.server.SslConnectionFactory; -import org.eclipse.jetty.util.ssl.SslContextFactory; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.util.Arrays; - -/** - * Factory that is used to configure SSL settings for the Oozie server. - */ -class SSLServerConnectorFactory { - private static final Logger LOG = LoggerFactory.getLogger(SSLServerConnectorFactory.class); - public static final String OOZIE_HTTPS_TRUSTSTORE_FILE = "oozie.https.truststore.file"; - public static final String OOZIE_HTTPS_TRUSTSTORE_PASS = "oozie.https.truststore.pass"; - public static final String OOZIE_HTTPS_KEYSTORE_PASS = "oozie.https.keystore.pass"; - public static final String OOZIE_HTTPS_KEYSTORE_FILE = "oozie.https.keystore.file"; - public static final String OOZIE_HTTPS_EXCLUDE_PROTOCOLS = "oozie.https.exclude.protocols"; - public static final String OOZIE_HTTPS_INCLUDE_PROTOCOLS = "oozie.https.include.protocols"; - public static final String OOZIE_HTTPS_INCLUDE_CIPHER_SUITES = "oozie.https.include.cipher.suites"; - public static final String OOZIE_HTTPS_EXCLUDE_CIPHER_SUITES = "oozie.https.exclude.cipher.suites"; - - private SslContextFactory sslContextFactory; - private Configuration conf; - - @Inject - public SSLServerConnectorFactory(final SslContextFactory sslContextFactory) { - this.sslContextFactory = Preconditions.checkNotNull(sslContextFactory, "sslContextFactory is null"); - } - - /** - * Construct a ServerConnector object with SSL settings - * - * @param oozieHttpsPort Oozie HTTPS port - * @param conf Oozie configuration - * @param server jetty Server which the connector is attached to - * - * @return ServerConnector - */ - public ServerConnector createSecureServerConnector(int oozieHttpsPort, Configuration conf, Server server) { - this.conf = Preconditions.checkNotNull(conf, "conf is null"); - Preconditions.checkNotNull(server, "server is null"); - Preconditions.checkState(oozieHttpsPort >= 1 && oozieHttpsPort <= 65535, - String.format("Invalid port number specified: \'%d\'. It should be between 1 and 65535.", oozieHttpsPort)); - - setIncludeProtocols(); - setExcludeProtocols(); - - setIncludeCipherSuites(); - setExludeCipherSuites(); - - setTrustStorePath(); - setTrustStorePass(); - - setKeyStoreFile(); - setKeystorePass(); - - HttpConfiguration httpsConfiguration = getHttpsConfiguration(); - ServerConnector secureServerConnector = new ServerConnector(server, - new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), - new HttpConnectionFactory(httpsConfiguration)); - - secureServerConnector.setPort(oozieHttpsPort); - - LOG.info(String.format("Secure server connector created, listenning on port %d", oozieHttpsPort)); - return secureServerConnector; - } - - private void setExludeCipherSuites() { - String excludeCipherList = conf.get(OOZIE_HTTPS_EXCLUDE_CIPHER_SUITES); - String[] excludeCipherSuites = excludeCipherList.split(","); - sslContextFactory.setExcludeCipherSuites(excludeCipherSuites); - - LOG.info(String.format("SSL context - excluding cipher suites: %s", Arrays.toString(excludeCipherSuites))); - } - - private void setIncludeCipherSuites() { - String includeCipherList = conf.get(OOZIE_HTTPS_INCLUDE_CIPHER_SUITES); - if (includeCipherList == null || includeCipherList.isEmpty()) { - return; - } - - String[] includeCipherSuites = includeCipherList.split(","); - sslContextFactory.setIncludeCipherSuites(includeCipherSuites); - - LOG.info(String.format("SSL context - including cipher suites: %s", Arrays.toString(includeCipherSuites))); - } - - private void setIncludeProtocols() { - String enabledProtocolsList = conf.get(OOZIE_HTTPS_INCLUDE_PROTOCOLS); - String[] enabledProtocols = enabledProtocolsList.split(","); - sslContextFactory.setIncludeProtocols(enabledProtocols); - - LOG.info(String.format("SSL context - including protocols: %s", Arrays.toString(enabledProtocols))); - } - - private void setExcludeProtocols() { - String excludedProtocolsList = conf.get(OOZIE_HTTPS_EXCLUDE_PROTOCOLS); - if (excludedProtocolsList == null || excludedProtocolsList.isEmpty()) { - return; - } - String[] excludedProtocols = excludedProtocolsList.split(","); - sslContextFactory.setExcludeProtocols(excludedProtocols); - LOG.info(String.format("SSL context - excluding protocols: %s", Arrays.toString(excludedProtocols))); - } - - private void setTrustStorePath() { - String trustStorePath = conf.get(OOZIE_HTTPS_TRUSTSTORE_FILE); - Preconditions.checkNotNull(trustStorePath, "trustStorePath is null"); - sslContextFactory.setTrustStorePath(trustStorePath); - } - - private void setTrustStorePass() { - String trustStorePass = ConfigurationService.getPassword(conf, OOZIE_HTTPS_TRUSTSTORE_PASS).trim(); - Preconditions.checkNotNull(trustStorePass, "setTrustStorePass is null"); - sslContextFactory.setTrustStorePassword(trustStorePass); - } - - private void setKeystorePass() { - String keystorePass = ConfigurationService.getPassword(conf, OOZIE_HTTPS_KEYSTORE_PASS).trim(); - Preconditions.checkNotNull(keystorePass, "keystorePass is null"); - sslContextFactory.setKeyManagerPassword(keystorePass); - } - - private void setKeyStoreFile() { - String keystoreFile = conf.get(OOZIE_HTTPS_KEYSTORE_FILE); - Preconditions.checkNotNull(keystoreFile, "keystoreFile is null"); - sslContextFactory.setKeyStorePath(keystoreFile); - } - - private HttpConfiguration getHttpsConfiguration() { - HttpConfiguration https = new HttpConfigurationWrapper(conf).getDefaultHttpConfiguration(); - https.setSecureScheme("https"); - https.addCustomizer(new SecureRequestCustomizer()); - return https; - } -}
