[jira] [Updated] (FLUME-3269) Support JSSE keystore/trustore -D system properties

[Peter Turcsanyi (JIRA)]

     [ 
https://issues.apache.org/jira/browse/FLUME-3269?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Peter Turcsanyi updated FLUME-3269:
-----------------------------------
    Status: Patch Available  (was: In Progress)

> Support JSSE keystore/trustore -D system properties
> ---------------------------------------------------
>
>                 Key: FLUME-3269
>                 URL: https://issues.apache.org/jira/browse/FLUME-3269
>             Project: Flume
>          Issue Type: Improvement
>            Reporter: Peter Turcsanyi
>            Assignee: Peter Turcsanyi
>            Priority: Major
>
> Several Flume components support SSL, but they all have their own config 
> parameters for specifying the location and password for keystore and 
> truststore.
> These parameters could be passed as standard JSSE system properties 
> (specified in flume-env.sh):
> {code}
> -Djavax.net.ssl.keyStore=/path/to/keystore
> -Djavax.net.ssl.keyStorePassword=keystore-password
> -Djavax.net.ssl.keyStoreType=keystore-type
> -Djavax.net.ssl.trustStore=/path/to/truststore
> -Djavax.net.ssl.trustStorePassword=truststore-password
> -Djavax.net.ssl.trustStoreType=truststore-type
> {code}
> This would be a more consistent and standard based configuration.
> Specifying passwords in system properties means that the passwords can be 
> seen in the process list. For cases where it is not acceptable, it will also 
> be possible to define the parameters in environment variables.
> {code}
> FLUME_SSL_KEYSTORE_PATH
> FLUME_SSL_KEYSTORE_PASSWORD
> FLUME_SSL_KEYSTORE_TYPE
> FLUME_SSL_TRUSTSTORE_PATH
> FLUME_SSL_TRUSTSTORE_PASSWORD
> FLUME_SSL_TRUSTSTORE_TYPE
> {code}
> The logic of applying the SSL config parameters for an SSL-enabled 
> source/sink:
> - if the agent config defines the SSL parameter for the component, then they 
> will be used (allowing customisation and backward compatibility)
> - if no SSL parameters are defined for the component, but the -D system 
> properties are present, then they will be used
> - if neither the component SSL parameters nor the -D system properties are 
> defined, but the environment variable are present, then they will be used 
> - otherwise config error
> So the priority:
> # component parameters in agent config
> # -D system properties
> # environment variables



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@flume.apache.org
For additional commands, e-mail: issues-h...@flume.apache.org