Home Explore Help
Register Sign In
apache
/
hadoop
mirror of https://github.com/apache/hadoop.git
2
0
Fork 1
Files Issues 0 Wiki
Browse Source

HADOOP-13911. Remove TRUSTSTORE_PASSWORD related scripts from KMS. Contributed by John Zhuge.

Xiao Chen 8 years ago
parent
f678080dbd
commit
30f85d7a88
4 changed files with 2 additions and 20 deletions
Unified View Show Diff Stats
  1. 0 5
      hadoop-common-project/hadoop-kms/src/main/conf/kms-env.sh
  2. 0 5
      hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh
  3. 2 9
      hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh
  4. 0 1
      hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf

+ 0 - 5
hadoop-common-project/hadoop-kms/src/main/conf/kms-env.sh
View File 

@@ -47,11 +47,6 @@
 
 #
 
 #
 
 # export KMS_SSL_KEYSTORE_PASS=password
 
 # export KMS_SSL_KEYSTORE_PASS=password
 
 
 
-#
 
-# The password of the truststore
 
-#
 
-# export KMS_SSL_TRUSTSTORE_PASS=
 
-
 
 
 
 ##
 
 ##
 
 ## Tomcat specific settings
 
 ## Tomcat specific settings

+ 0 - 5
hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh
View File 

@@ -44,11 +44,6 @@ function hadoop_subproject_init
 
 
 
   export HADOOP_CATALINA_SSL_KEYSTORE_FILE="${KMS_SSL_KEYSTORE_FILE:-${HOME}/.keystore}"
 
   export HADOOP_CATALINA_SSL_KEYSTORE_FILE="${KMS_SSL_KEYSTORE_FILE:-${HOME}/.keystore}"
 
 
 
-  # this is undocumented, but older versions would rip the TRUSTSTORE_PASS out of the
 
-  # CATALINA_OPTS
 
-  # shellcheck disable=SC2086
 
-  export KMS_SSL_TRUSTSTORE_PASS=${KMS_SSL_TRUSTSTORE_PASS:-"$(echo ${CATALINA_OPTS} | grep -o 'trustStorePassword=[^ ]*' | cut -f2 -d= )"}
 
-
 
   export CATALINA_BASE="${CATALINA_BASE:-${HADOOP_HOME}/share/hadoop/kms/tomcat}"
 
   export CATALINA_BASE="${CATALINA_BASE:-${HADOOP_HOME}/share/hadoop/kms/tomcat}"
 
   export HADOOP_CATALINA_HOME="${KMS_CATALINA_HOME:-${CATALINA_BASE}}"
 
   export HADOOP_CATALINA_HOME="${KMS_CATALINA_HOME:-${CATALINA_BASE}}"

+ 2 - 9
hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh
View File 

@@ -51,11 +51,7 @@ fi
 
 # it is used in Tomcat's server.xml configuration file
 
 # it is used in Tomcat's server.xml configuration file
 
 #
 
 #
 
 
 
-# Mask the trustStorePassword
 
-# shellcheck disable=SC2086
 
-CATALINA_OPTS_DISP="$(echo ${CATALINA_OPTS} | sed -e 's/trustStorePassword=[^ ]*/trustStorePassword=***/')"
 
-
 
-hadoop_debug "Using   CATALINA_OPTS:       ${CATALINA_OPTS_DISP}"
 
+hadoop_debug "Using   CATALINA_OPTS:       ${CATALINA_OPTS}"
 
 
 
 # We're using hadoop-common, so set up some stuff it might need:
 
 # We're using hadoop-common, so set up some stuff it might need:
 
 hadoop_finalize
 
 hadoop_finalize
 
@@ -94,14 +90,11 @@ fi
 
 # if custom, use provided password
 
 # if custom, use provided password
 
 #
 
 #
 
 if [[ -f "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" ]]; then
 
 if [[ -f "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" ]]; then
 
-  if [[ -n "${KMS_SSL_KEYSTORE_PASS+x}" ]] || [[ -n "${KMS_SSL_TRUSTSTORE_PASS}" ]]; then
 
+  if [[ -n "${KMS_SSL_KEYSTORE_PASS+x}" ]]; then
 
       export KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password}
 
       export KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password}
 
       KMS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_xml_escape \
 
       KMS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_xml_escape \
 
         "$(hadoop_sed_escape "$KMS_SSL_KEYSTORE_PASS")")
 
         "$(hadoop_sed_escape "$KMS_SSL_KEYSTORE_PASS")")
 
-      KMS_SSL_TRUSTSTORE_PASS_ESCAPED=$(hadoop_xml_escape \
 
-        "$(hadoop_sed_escape "$KMS_SSL_TRUSTSTORE_PASS")")
 
       sed -e 's/"_kms_ssl_keystore_pass_"/'"\"${KMS_SSL_KEYSTORE_PASS_ESCAPED}\""'/g' \
 
       sed -e 's/"_kms_ssl_keystore_pass_"/'"\"${KMS_SSL_KEYSTORE_PASS_ESCAPED}\""'/g' \
 
-          -e 's/"_kms_ssl_truststore_pass_"/'"\"${KMS_SSL_TRUSTSTORE_PASS_ESCAPED}\""'/g' \
 
         "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" \
 
         "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" \
 
         > "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml"
 
         > "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml"
 
       chmod 700 "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml" >/dev/null 2>&1
 
       chmod 700 "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml" >/dev/null 2>&1

+ 0 - 1
hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf
View File 

@@ -72,7 +72,6 @@
 
                maxThreads="${kms.max.threads}" scheme="https" secure="true"
 
                maxThreads="${kms.max.threads}" scheme="https" secure="true"
 
                maxHttpHeaderSize="${kms.max.http.header.size}"
 
                maxHttpHeaderSize="${kms.max.http.header.size}"
 
                clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2,SSLv2Hello"
 
                clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2,SSLv2Hello"
 
-               truststorePass="_kms_ssl_truststore_pass_"
 
                keystoreFile="${kms.ssl.keystore.file}"
 
                keystoreFile="${kms.ssl.keystore.file}"
 
                keystorePass="_kms_ssl_keystore_pass_"/>
 
                keystorePass="_kms_ssl_keystore_pass_"/>