[jira] [Commented] (FLUME-3269) Support JSSE keystore/trustore -D system properties

Fri, 05 Oct 2018 04:21:20 -0700 


    [ 
https://issues.apache.org/jira/browse/FLUME-3269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16639680#comment-16639680
 ] 

Hudson commented on FLUME-3269:
-------------------------------

SUCCESS: Integrated in Jenkins build Flume-trunk-hbase-1 #357 (See 
[https://builds.apache.org/job/Flume-trunk-hbase-1/357/])
FLUME-3269: Support JSSE keystore/trustore -D system properties (szaboferee: 
[http://git-wip-us.apache.org/repos/asf/flume/repo?p=flume.git&a=commit&h=c5168c902634e8ea1f25ec578ed0b7055b246d68])
* (add) 
flume-ng-sdk/src/test/java/org/apache/flume/util/AbstractSSLUtilTest.java
* (edit) 
flume-ng-core/src/main/java/org/apache/flume/client/avro/AvroCLIClient.java
* (add) 
flume-ng-sdk/src/test/java/org/apache/flume/util/SSLUtilTruststoreTypeWithDefaultTest.java
* (add) 
flume-ng-sdk/src/test/java/org/apache/flume/util/SSLUtilTruststorePathTest.java
* (add) 
flume-ng-sdk/src/test/java/org/apache/flume/util/SSLUtilTruststoreTypeTest.java
* (edit) flume-ng-doc/sphinx/FlumeUserGuide.rst
* (edit) flume-ng-sdk/src/main/java/org/apache/flume/api/NettyAvroRpcClient.java
* (add) 
flume-ng-sdk/src/test/java/org/apache/flume/util/SSLUtilKeystorePathTest.java
* (edit) flume-ng-core/src/test/java/org/apache/flume/sink/TestAvroSink.java
* (edit) flume-ng-node/src/main/java/org/apache/flume/node/Application.java
* (edit) flume-ng-sdk/src/main/java/org/apache/flume/api/ThriftRpcClient.java
* (add) 
flume-ng-sdk/src/test/java/org/apache/flume/util/SSLUtilKeystoreTypeTest.java
* (edit) flume-ng-core/src/main/java/org/apache/flume/source/ThriftSource.java
* (edit) 
flume-ng-core/src/test/java/org/apache/flume/source/http/TestHTTPSource.java
* (add) 
flume-ng-sdk/src/test/java/org/apache/flume/util/SSLUtilKeystoreTypeWithDefaultTest.java
* (edit) 
flume-ng-core/src/main/java/org/apache/flume/source/http/HTTPSource.java
* (edit) flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java
* (add) flume-ng-sdk/src/main/java/org/apache/flume/util/SSLUtil.java
* (edit) 
flume-ng-sdk/src/test/java/org/apache/flume/api/TestThriftRpcClient.java
* (add) 
flume-ng-sdk/src/test/java/org/apache/flume/util/SSLUtilTruststorePasswordTest.java
* (edit) flume-ng-core/src/test/java/org/apache/flume/sink/TestThriftSink.java
* (edit) flume-ng-core/src/test/java/org/apache/flume/source/TestAvroSource.java
* (add) 
flume-ng-sdk/src/test/java/org/apache/flume/util/SSLUtilKeystorePasswordTest.java
* (edit) 
flume-ng-core/src/test/java/org/apache/flume/source/TestThriftSource.java


> Support JSSE keystore/trustore -D system properties
> ---------------------------------------------------
>
>                 Key: FLUME-3269
>                 URL: https://issues.apache.org/jira/browse/FLUME-3269
>             Project: Flume
>          Issue Type: Improvement
>            Reporter: Peter Turcsanyi
>            Assignee: Peter Turcsanyi
>            Priority: Major
>             Fix For: 1.9.0
>
>
> Several Flume components support SSL, but they all have their own config 
> parameters for specifying the location and password for keystore and 
> truststore.
> These parameters could be passed as standard JSSE system properties 
> (specified in flume-env.sh):
> {code}
> -Djavax.net.ssl.keyStore=/path/to/keystore
> -Djavax.net.ssl.keyStorePassword=keystore-password
> -Djavax.net.ssl.keyStoreType=keystore-type
> -Djavax.net.ssl.trustStore=/path/to/truststore
> -Djavax.net.ssl.trustStorePassword=truststore-password
> -Djavax.net.ssl.trustStoreType=truststore-type
> {code}
> This would be a more consistent and standard based configuration.
> Specifying passwords in system properties means that the passwords can be 
> seen in the process list. For cases where it is not acceptable, it will also 
> be possible to define the parameters in environment variables.
> {code}
> FLUME_SSL_KEYSTORE_PATH
> FLUME_SSL_KEYSTORE_PASSWORD
> FLUME_SSL_KEYSTORE_TYPE
> FLUME_SSL_TRUSTSTORE_PATH
> FLUME_SSL_TRUSTSTORE_PASSWORD
> FLUME_SSL_TRUSTSTORE_TYPE
> {code}
> The logic of applying the SSL config parameters for an SSL-enabled 
> source/sink:
> - if the agent config defines the SSL parameter for the component, then they 
> will be used (allowing customisation and backward compatibility)
> - if no SSL parameters are defined for the component, but the -D system 
> properties are present, then they will be used
> - if neither the component SSL parameters nor the -D system properties are 
> defined, but the environment variable are present, then they will be used 
> - otherwise config error
> So the priority:
> # component parameters in agent config
> # -D system properties
> # environment variables



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to