Philip Zeyliger has posted comments on this change. ( http://gerrit.cloudera.org:8080/10418 )
Change subject: IMPALA-7035: Configure jceks.key.serialFilter for KMS. ...................................................................... Patch Set 1: (1 comment) http://gerrit.cloudera.org:8080/#/c/10418/1/testdata/cluster/node_templates/cdh6/etc/init.d/kms File testdata/cluster/node_templates/cdh6/etc/init.d/kms: http://gerrit.cloudera.org:8080/#/c/10418/1/testdata/cluster/node_templates/cdh6/etc/init.d/kms@32 PS1, Line 32: -Djceks.key.serialFilter=org.apache.hadoop.crypto.key.JavaKeyStoreProvider*" > I assume older JVMs ignore this? Extra Java system properties are definitely kosher. I started out with including everything, but I realized that, as far as I can tell, KMS only uses its own key, which makes sense. This is scoped to one daemon. The upstream Hadoop proposal currently has the long list, but I don't think it's necessary, so decided to shorten it. There are also quoting problems with "!*" and inner classes ($Foo). To be honest, I didn't test all the possible variants, but this one seems to work consistently. -- To view, visit http://gerrit.cloudera.org:8080/10418 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I2d21c9cce3b91e8fd8b2b4f1cda75e3958c977d5 Gerrit-Change-Number: 10418 Gerrit-PatchSet: 1 Gerrit-Owner: Philip Zeyliger <[email protected]> Gerrit-Reviewer: Joe McDonnell <[email protected]> Gerrit-Reviewer: Philip Zeyliger <[email protected]> Gerrit-Comment-Date: Wed, 16 May 2018 18:26:56 +0000 Gerrit-HasComments: Yes
