John Zhuge created HDFS-11490:
---------------------------------
Summary: Store KMS SSL keystore password in catalina.properties
Key: HDFS-11490
URL: https://issues.apache.org/jira/browse/HDFS-11490
Project: Hadoop HDFS
Issue Type: Improvement
Components: kms
Affects Versions: 2.9.0
Reporter: John Zhuge
Assignee: John Zhuge
Priority: Minor
HADOOP-14083 stores SSL ciphers in catalina.properties. We can do the same for
SSL keystore password, thus no longer need the current {{sed}} method:
{noformat}
# If ssl, the populate the passwords into ssl-server.xml before starting tomcat
if [ ! "${KMS_SSL_KEYSTORE_PASS}" = "" ] || [ ! "${KMS_SSL_TRUSTSTORE_PASS}" =
"" ]; then
# Set a KEYSTORE_PASS if not already set
KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password}
KMS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_KEYSTORE_PASS")
KMS_SSL_TRUSTSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_TRUSTSTORE_PASS")
cat ${CATALINA_BASE}/conf/ssl-server.xml.conf \
| sed
's/"_kms_ssl_keystore_pass_"/'"\"${KMS_SSL_KEYSTORE_PASS_ESCAPED}\""'/g' \
| sed
's/"_kms_ssl_truststore_pass_"/'"\"${KMS_SSL_TRUSTSTORE_PASS_ESCAPED}\""'/g' >
${CATALINA_BASE}/conf/ssl-server.xml
fi
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
