John Zhuge created HDFS-11490: --------------------------------- Summary: Store KMS SSL keystore password in catalina.properties Key: HDFS-11490 URL: https://issues.apache.org/jira/browse/HDFS-11490 Project: Hadoop HDFS Issue Type: Improvement Components: kms Affects Versions: 2.9.0 Reporter: John Zhuge Assignee: John Zhuge Priority: Minor
HADOOP-14083 stores SSL ciphers in catalina.properties. We can do the same for SSL keystore password, thus no longer need the current {{sed}} method: {noformat} # If ssl, the populate the passwords into ssl-server.xml before starting tomcat if [ ! "${KMS_SSL_KEYSTORE_PASS}" = "" ] || [ ! "${KMS_SSL_TRUSTSTORE_PASS}" = "" ]; then # Set a KEYSTORE_PASS if not already set KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password} KMS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_KEYSTORE_PASS") KMS_SSL_TRUSTSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_TRUSTSTORE_PASS") cat ${CATALINA_BASE}/conf/ssl-server.xml.conf \ | sed 's/"_kms_ssl_keystore_pass_"/'"\"${KMS_SSL_KEYSTORE_PASS_ESCAPED}\""'/g' \ | sed 's/"_kms_ssl_truststore_pass_"/'"\"${KMS_SSL_TRUSTSTORE_PASS_ESCAPED}\""'/g' > ${CATALINA_BASE}/conf/ssl-server.xml fi {noformat} -- This message was sent by Atlassian JIRA (v6.3.15#6346) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org