[
https://issues.apache.org/jira/browse/FLUME-3269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16639561#comment-16639561
]
ASF subversion and git services commented on FLUME-3269:
--------------------------------------------------------
Commit c5168c902634e8ea1f25ec578ed0b7055b246d68 in flume's branch
refs/heads/trunk from [~turcsanyip]
[ https://git-wip-us.apache.org/repos/asf?p=flume.git;h=c5168c9 ]
FLUME-3269: Support JSSE keystore/trustore -D system properties
It makes possible to specify global/common SSL keystore parameters (path,
password and type) at Flume agent (process) level for all sources/sinks.
In this way, it is not necessary to define (=copy) the SSL config for each
component in the agent config.
The global SSL parameters can be specified through the standard -D JSSE
system properties or in environment variables.
Component level configuration is still possible.
Priority:
1. component parameters in agent config
2. -D system properties
2. environment variables
This closes #228
Reviewers: Ferenc Szabo, Tristan Stevens, Endre Major
(Peter Turcsanyi via Ferenc Szabo)
> Support JSSE keystore/trustore -D system properties
> ---------------------------------------------------
>
> Key: FLUME-3269
> URL: https://issues.apache.org/jira/browse/FLUME-3269
> Project: Flume
> Issue Type: Improvement
> Reporter: Peter Turcsanyi
> Assignee: Peter Turcsanyi
> Priority: Major
>
> Several Flume components support SSL, but they all have their own config
> parameters for specifying the location and password for keystore and
> truststore.
> These parameters could be passed as standard JSSE system properties
> (specified in flume-env.sh):
> {code}
> -Djavax.net.ssl.keyStore=/path/to/keystore
> -Djavax.net.ssl.keyStorePassword=keystore-password
> -Djavax.net.ssl.keyStoreType=keystore-type
> -Djavax.net.ssl.trustStore=/path/to/truststore
> -Djavax.net.ssl.trustStorePassword=truststore-password
> -Djavax.net.ssl.trustStoreType=truststore-type
> {code}
> This would be a more consistent and standard based configuration.
> Specifying passwords in system properties means that the passwords can be
> seen in the process list. For cases where it is not acceptable, it will also
> be possible to define the parameters in environment variables.
> {code}
> FLUME_SSL_KEYSTORE_PATH
> FLUME_SSL_KEYSTORE_PASSWORD
> FLUME_SSL_KEYSTORE_TYPE
> FLUME_SSL_TRUSTSTORE_PATH
> FLUME_SSL_TRUSTSTORE_PASSWORD
> FLUME_SSL_TRUSTSTORE_TYPE
> {code}
> The logic of applying the SSL config parameters for an SSL-enabled
> source/sink:
> - if the agent config defines the SSL parameter for the component, then they
> will be used (allowing customisation and backward compatibility)
> - if no SSL parameters are defined for the component, but the -D system
> properties are present, then they will be used
> - if neither the component SSL parameters nor the -D system properties are
> defined, but the environment variable are present, then they will be used
> - otherwise config error
> So the priority:
> # component parameters in agent config
> # -D system properties
> # environment variables
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
