[ https://issues.apache.org/jira/browse/FLINK-5091?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15715491#comment-15715491 ]
ASF GitHub Bot commented on FLINK-5091: --------------------------------------- Github user mxm commented on a diff in the pull request: https://github.com/apache/flink/pull/2915#discussion_r90664938 --- Diff: flink-runtime/src/main/java/org/apache/flink/runtime/clusterframework/overlays/SSLStoreOverlay.java --- @@ -0,0 +1,124 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.flink.runtime.clusterframework.overlays; + +import org.apache.flink.configuration.ConfigConstants; +import org.apache.flink.configuration.Configuration; +import org.apache.flink.core.fs.Path; +import org.apache.flink.runtime.clusterframework.ContainerSpecification; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.annotation.Nullable; +import java.io.File; +import java.io.IOException; + + +/** + * Overlays an SSL keystore/truststore into a container. + * + * The following files are placed into the container: + * - keystore.jks + * - truststore.jks + * + * The following Flink configuration entries are set: + * - security.ssl.keystore + * - security.ssl.truststore + */ +public class SSLStoreOverlay extends AbstractContainerOverlay { + + private static final Logger LOG = LoggerFactory.getLogger(SSLStoreOverlay.class); + + static final Path TARGET_KEYSTORE_PATH = new Path("keystore.jks"); + static final Path TARGET_TRUSTSTORE_PATH = new Path("truststore.jks"); + + final Path keystore; + final Path truststore; + + public SSLStoreOverlay(@Nullable File keystoreFile, @Nullable File truststoreFile) { + this.keystore = keystoreFile != null ? new Path(keystoreFile.toURI()) : null; + this.truststore = truststoreFile != null ? new Path(truststoreFile.toURI()) : null; + } + + @Override + public void configure(ContainerSpecification container) throws IOException { + if(keystore != null) { + container.getArtifacts().add(ContainerSpecification.Artifact.newBuilder() + .setSource(keystore) + .setDest(TARGET_KEYSTORE_PATH) + .setCachable(false) + .build()); + container.getDynamicConfiguration().setString(ConfigConstants.SECURITY_SSL_KEYSTORE, TARGET_KEYSTORE_PATH.getPath()); + } + if(truststore != null) { + container.getArtifacts().add(ContainerSpecification.Artifact.newBuilder() + .setSource(truststore) + .setDest(TARGET_TRUSTSTORE_PATH) + .setCachable(false) + .build()); + container.getDynamicConfiguration().setString(ConfigConstants.SECURITY_SSL_TRUSTSTORE, TARGET_TRUSTSTORE_PATH.getPath()); + } + } + + public static Builder newBuilder() { + return new Builder(); + } + + /** + * A builder for the {@link Krb5ConfOverlay}. + */ + public static class Builder { + + File keystorePath; + + File truststorePath; + + /** + * Configures the overlay using the current environment (and global configuration). + * + * The following Flink configuration settings are used to source the keystore and truststore: + * - security.ssl.keystore + * - security.ssl.truststore + */ --- End diff -- indention is off here > Formalize the AppMaster environment for docker compability > ---------------------------------------------------------- > > Key: FLINK-5091 > URL: https://issues.apache.org/jira/browse/FLINK-5091 > Project: Flink > Issue Type: Sub-task > Components: Cluster Management, Mesos > Reporter: Eron Wright > Assignee: Eron Wright > Fix For: 1.2.0 > > > For scenarios where the AppMaster is launched from a docker image, it would > be ideal to use the installed Flink rather than rely on a special file layout > in the sandbox directory. > This is related to DCOS integration, which (in 1.2) will launch the AppMaster > via Marathon (as a top-level DCOS service). The existing code assumed that > only the dispatcher (coming in 1.3) would launch the AppMaster. -- This message was sent by Atlassian JIRA (v6.3.4#6332)