[
https://issues.apache.org/jira/browse/HADOOP-14141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15977510#comment-15977510
]
John Zhuge edited comment on HADOOP-14141 at 4/20/17 9:02 PM:
--------------------------------------------------------------
Committed to branch-2.
Thanks [~eddyxu] for the review!
was (Author: jzhuge):
Thanks [~eddyxu] for the review!
> Store KMS SSL keystore password in catalina.properties
> ------------------------------------------------------
>
> Key: HADOOP-14141
> URL: https://issues.apache.org/jira/browse/HADOOP-14141
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Affects Versions: 2.9.0
> Reporter: John Zhuge
> Assignee: John Zhuge
> Priority: Minor
> Fix For: 2.9.0
>
> Attachments: HADOOP-14141.branch-2.001.patch
>
>
> HADOOP-14083 stores SSL ciphers in catalina.properties. We can do the same
> for SSL keystore password, thus no longer need the current {{sed}} method:
> {noformat}
> # If ssl, the populate the passwords into ssl-server.xml before starting
> tomcat
> if [ ! "${KMS_SSL_KEYSTORE_PASS}" = "" ] || [ ! "${KMS_SSL_TRUSTSTORE_PASS}"
> = "" ]; then
> # Set a KEYSTORE_PASS if not already set
> KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password}
> KMS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_KEYSTORE_PASS")
> KMS_SSL_TRUSTSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_TRUSTSTORE_PASS")
> cat ${CATALINA_BASE}/conf/ssl-server.xml.conf \
> | sed
> 's/"_kms_ssl_keystore_pass_"/'"\"${KMS_SSL_KEYSTORE_PASS_ESCAPED}\""'/g' \
> | sed
> 's/"_kms_ssl_truststore_pass_"/'"\"${KMS_SSL_TRUSTSTORE_PASS_ESCAPED}\""'/g'
> > ${CATALINA_BASE}/conf/ssl-server.xml
> fi
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
