Repository: hadoop Updated Branches: refs/heads/trunk f678080db -> 30f85d7a8
HADOOP-13911. Remove TRUSTSTORE_PASSWORD related scripts from KMS. Contributed by John Zhuge. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/30f85d7a Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/30f85d7a Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/30f85d7a Branch: refs/heads/trunk Commit: 30f85d7a88a110637757cf7a1f4cdc9ed40f59fb Parents: f678080 Author: Xiao Chen <[email protected]> Authored: Tue Dec 20 16:02:26 2016 -0800 Committer: Xiao Chen <[email protected]> Committed: Tue Dec 20 16:02:26 2016 -0800 ---------------------------------------------------------------------- .../hadoop-kms/src/main/conf/kms-env.sh | 5 ----- .../hadoop-kms/src/main/libexec/kms-config.sh | 5 ----- hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh | 11 ++--------- .../hadoop-kms/src/main/tomcat/ssl-server.xml.conf | 1 - 4 files changed, 2 insertions(+), 20 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/30f85d7a/hadoop-common-project/hadoop-kms/src/main/conf/kms-env.sh ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/main/conf/kms-env.sh b/hadoop-common-project/hadoop-kms/src/main/conf/kms-env.sh index 729e63a..e42904d 100644 --- a/hadoop-common-project/hadoop-kms/src/main/conf/kms-env.sh +++ b/hadoop-common-project/hadoop-kms/src/main/conf/kms-env.sh @@ -47,11 +47,6 @@ # # export KMS_SSL_KEYSTORE_PASS=password -# -# The password of the truststore -# -# export KMS_SSL_TRUSTSTORE_PASS= - ## ## Tomcat specific settings http://git-wip-us.apache.org/repos/asf/hadoop/blob/30f85d7a/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh b/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh index 927b4af..52dba38 100644 --- a/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh +++ b/hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh @@ -44,11 +44,6 @@ function hadoop_subproject_init export HADOOP_CATALINA_SSL_KEYSTORE_FILE="${KMS_SSL_KEYSTORE_FILE:-${HOME}/.keystore}" - # this is undocumented, but older versions would rip the TRUSTSTORE_PASS out of the - # CATALINA_OPTS - # shellcheck disable=SC2086 - export KMS_SSL_TRUSTSTORE_PASS=${KMS_SSL_TRUSTSTORE_PASS:-"$(echo ${CATALINA_OPTS} | grep -o 'trustStorePassword=[^ ]*' | cut -f2 -d= )"} - export CATALINA_BASE="${CATALINA_BASE:-${HADOOP_HOME}/share/hadoop/kms/tomcat}" export HADOOP_CATALINA_HOME="${KMS_CATALINA_HOME:-${CATALINA_BASE}}" http://git-wip-us.apache.org/repos/asf/hadoop/blob/30f85d7a/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh b/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh index 1d3c948..7611f2a 100755 --- a/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh +++ b/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh @@ -51,11 +51,7 @@ fi # it is used in Tomcat's server.xml configuration file # -# Mask the trustStorePassword -# shellcheck disable=SC2086 -CATALINA_OPTS_DISP="$(echo ${CATALINA_OPTS} | sed -e 's/trustStorePassword=[^ ]*/trustStorePassword=***/')" - -hadoop_debug "Using CATALINA_OPTS: ${CATALINA_OPTS_DISP}" +hadoop_debug "Using CATALINA_OPTS: ${CATALINA_OPTS}" # We're using hadoop-common, so set up some stuff it might need: hadoop_finalize @@ -94,14 +90,11 @@ fi # if custom, use provided password # if [[ -f "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" ]]; then - if [[ -n "${KMS_SSL_KEYSTORE_PASS+x}" ]] || [[ -n "${KMS_SSL_TRUSTSTORE_PASS}" ]]; then + if [[ -n "${KMS_SSL_KEYSTORE_PASS+x}" ]]; then export KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password} KMS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_xml_escape \ "$(hadoop_sed_escape "$KMS_SSL_KEYSTORE_PASS")") - KMS_SSL_TRUSTSTORE_PASS_ESCAPED=$(hadoop_xml_escape \ - "$(hadoop_sed_escape "$KMS_SSL_TRUSTSTORE_PASS")") sed -e 's/"_kms_ssl_keystore_pass_"/'"\"${KMS_SSL_KEYSTORE_PASS_ESCAPED}\""'/g' \ - -e 's/"_kms_ssl_truststore_pass_"/'"\"${KMS_SSL_TRUSTSTORE_PASS_ESCAPED}\""'/g' \ "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" \ > "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml" chmod 700 "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml" >/dev/null 2>&1 http://git-wip-us.apache.org/repos/asf/hadoop/blob/30f85d7a/hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf b/hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf index 01b429c..272542a 100644 --- a/hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf +++ b/hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf @@ -72,7 +72,6 @@ maxThreads="${kms.max.threads}" scheme="https" secure="true" maxHttpHeaderSize="${kms.max.http.header.size}" clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2,SSLv2Hello" - truststorePass="_kms_ssl_truststore_pass_" keystoreFile="${kms.ssl.keystore.file}" keystorePass="_kms_ssl_keystore_pass_"/> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
