Kezdőlap Felfedezés Súgó
Regisztráció Bejelentkezés
liuzhangxing
/
hadoop
másolva apache/hadoop
1
0
Másolás 0
Fájlok
Forráskód Böngészése

HADOOP-11344. KMS kms-config.sh sets a default value for the keystore password even in non-ssl setup. Contributed by Arun Suresh.

Andrew Wang 10 éve
szülő
392c3aaea8
commit
3d48ad7eb4
3 módosított fájl, 13 hozzáadás és 3 törlés
Osztott Nézet Diff Statisztika Mutatása
  1. 3 0
      hadoop-common-project/hadoop-common/CHANGES.txt
  2. 7 2
      hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh
  3. 3 1
      hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh

+ 3 - 0
hadoop-common-project/hadoop-common/CHANGES.txt
Fájl Megtekintése 

@@ -487,6 +487,9 @@ Release 2.7.0 - UNRELEASED
 
     HADOOP-11337. KeyAuthorizationKeyProvider access checks need to be done
 
     atomically. (Dian Fu via wang)
 
 
+    HADOOP-11344. KMS kms-config.sh sets a default value for the keystore
 
+    password even in non-ssl setup. (Arun Suresh via wang)
 
+
 
 Release 2.6.0 - 2014-11-18
 
 
   INCOMPATIBLE CHANGES

+ 7 - 2
hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh
Fájl Megtekintése 

@@ -150,9 +150,14 @@ else
 
   print "Using   KMS_SSL_KEYSTORE_FILE:     ${KMS_SSL_KEYSTORE_FILE}"
 
 fi
 
 
+# If KMS_SSL_KEYSTORE_PASS is explicitly set to ""
 
+# then reset to "password". DO NOT set to "password" if
 
+# variable is NOT defined.
 
 if [ "${KMS_SSL_KEYSTORE_PASS}" = "" ]; then
 
-  export KMS_SSL_KEYSTORE_PASS=password
 
-  print "Setting KMS_SSL_KEYSTORE_PASS:     ********"
 
+  if [ -n "${KMS_SSL_KEYSTORE_PASS+1}" ]; then
 
+    export KMS_SSL_KEYSTORE_PASS=password
 
+    print "Setting KMS_SSL_KEYSTORE_PASS:     ********"
 
+  fi
 
 else
 
   KMS_SSL_KEYSTORE_PASS_DISP=`echo ${KMS_SSL_KEYSTORE_PASS} | sed 's/./*/g'`
 
   print "Using   KMS_SSL_KEYSTORE_PASS:     ${KMS_SSL_KEYSTORE_PASS_DISP}"

+ 3 - 1
hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh
Fájl Megtekintése 

@@ -54,7 +54,7 @@ catalina_opts="${catalina_opts} -Dkms.ssl.keystore.file=${KMS_SSL_KEYSTORE_FILE}
 
 print "Adding to CATALINA_OPTS:     ${catalina_opts}"
 
 print "Found KMS_SSL_KEYSTORE_PASS:     `echo ${KMS_SSL_KEYSTORE_PASS} | sed 's/./*/g'`"
 
 
-export CATALINA_OPTS="${CATALINA_OPTS_DISP} ${catalina_opts}"
 
+export CATALINA_OPTS="${CATALINA_OPTS} ${catalina_opts}"
 
 
 # A bug in catalina.sh script does not use CATALINA_OPTS for stopping the server
 
 #
 
@@ -64,6 +64,8 @@ fi
 
 
 # If ssl, the populate the passwords into ssl-server.xml before starting tomcat
 
 if [ ! "${KMS_SSL_KEYSTORE_PASS}" = "" ] || [ ! "${KMS_SSL_TRUSTSTORE_PASS}" = "" ]; then
 
+  # Set a KEYSTORE_PASS if not already set
 
+  KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password}
 
   cat ${CATALINA_BASE}/conf/ssl-server.xml.conf \
 
     | sed 's/_kms_ssl_keystore_pass_/'${KMS_SSL_KEYSTORE_PASS}'/g' \
 
     | sed 's/_kms_ssl_truststore_pass_/'${KMS_SSL_TRUSTSTORE_PASS}'/g' > ${CATALINA_BASE}/conf/ssl-server.xml