| #!/bin/bash |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| |
| # resolve links - $0 may be a softlink |
| PRG="${0}" |
| |
| while [ -h "${PRG}" ]; do |
| ls=`ls -ld "${PRG}"` |
| link=`expr "$ls" : '.*-> \(.*\)$'` |
| if expr "$link" : '/.*' > /dev/null; then |
| PRG="$link" |
| else |
| PRG=`dirname "${PRG}"`/"$link" |
| fi |
| done |
| |
| BASEDIR=`dirname ${PRG}` |
| BASEDIR=`cd ${BASEDIR}/..;pwd` |
| |
| |
| function print() { |
| if [ "${KMS_SILENT}" != "true" ]; then |
| echo "$@" |
| fi |
| } |
| |
| # if KMS_HOME is already set warn it will be ignored |
| # |
| if [ "${KMS_HOME}" != "" ]; then |
| echo "WARNING: current setting of KMS_HOME ignored" |
| fi |
| |
| print |
| |
| # setting KMS_HOME to the installation dir, it cannot be changed |
| # |
| export KMS_HOME=${BASEDIR} |
| kms_home=${KMS_HOME} |
| print "Setting KMS_HOME: ${KMS_HOME}" |
| |
| # if the installation has a env file, source it |
| # this is for native packages installations |
| # |
| if [ -e "${KMS_HOME}/bin/kms-env.sh" ]; then |
| print "Sourcing: ${KMS_HOME}/bin/kms-env.sh" |
| source ${KMS_HOME}/bin/kms-env.sh |
| if [ "${KMS_SILENT}" != "true" ]; then |
| grep "^ *export " "${KMS_HOME}/bin/kms-env.sh" | |
| sed 's/ *export/ setting/' |
| fi |
| fi |
| |
| # verify that the sourced env file didn't change KMS_HOME |
| # if so, warn and revert |
| # |
| if [ "${KMS_HOME}" != "${kms_home}" ]; then |
| print "WARN: KMS_HOME resetting to ''${KMS_HOME}'' ignored" |
| export KMS_HOME=${kms_home} |
| print " using KMS_HOME: ${KMS_HOME}" |
| fi |
| |
| if [ "${KMS_CONFIG}" = "" ]; then |
| export KMS_CONFIG=${KMS_HOME}/etc/hadoop |
| print "Setting KMS_CONFIG: ${KMS_CONFIG}" |
| else |
| print "Using KMS_CONFIG: ${KMS_CONFIG}" |
| fi |
| kms_config=${KMS_CONFIG} |
| |
| # if the configuration dir has a env file, source it |
| # |
| if [ -e "${KMS_CONFIG}/kms-env.sh" ]; then |
| print "Sourcing: ${KMS_CONFIG}/kms-env.sh" |
| source ${KMS_CONFIG}/kms-env.sh |
| if [ "${KMS_SILENT}" != "true" ]; then |
| grep "^ *export " "${KMS_CONFIG}/kms-env.sh" | |
| sed 's/ *export/ setting/' |
| fi |
| fi |
| |
| # verify that the sourced env file didn't change KMS_HOME |
| # if so, warn and revert |
| # |
| if [ "${KMS_HOME}" != "${kms_home}" ]; then |
| echo "WARN: KMS_HOME resetting to ''${KMS_HOME}'' ignored" |
| export KMS_HOME=${kms_home} |
| fi |
| |
| # verify that the sourced env file didn't change KMS_CONFIG |
| # if so, warn and revert |
| # |
| if [ "${KMS_CONFIG}" != "${kms_config}" ]; then |
| echo "WARN: KMS_CONFIG resetting to ''${KMS_CONFIG}'' ignored" |
| export KMS_CONFIG=${kms_config} |
| fi |
| |
| if [ "${KMS_LOG}" = "" ]; then |
| export KMS_LOG=${KMS_HOME}/logs |
| print "Setting KMS_LOG: ${KMS_LOG}" |
| else |
| print "Using KMS_LOG: ${KMS_LOG}" |
| fi |
| |
| if [ ! -f ${KMS_LOG} ]; then |
| mkdir -p ${KMS_LOG} |
| fi |
| |
| if [ "${KMS_TEMP}" = "" ]; then |
| export KMS_TEMP=${KMS_HOME}/temp |
| print "Setting KMS_TEMP: ${KMS_TEMP}" |
| else |
| print "Using KMS_TEMP: ${KMS_TEMP}" |
| fi |
| |
| if [ ! -f ${KMS_TEMP} ]; then |
| mkdir -p ${KMS_TEMP} |
| fi |
| |
| if [ "${KMS_HTTP_PORT}" = "" ]; then |
| export KMS_HTTP_PORT=16000 |
| print "Setting KMS_HTTP_PORT: ${KMS_HTTP_PORT}" |
| else |
| print "Using KMS_HTTP_PORT: ${KMS_HTTP_PORT}" |
| fi |
| |
| if [ "${KMS_ADMIN_PORT}" = "" ]; then |
| export KMS_ADMIN_PORT=`expr $KMS_HTTP_PORT + 1` |
| print "Setting KMS_ADMIN_PORT: ${KMS_ADMIN_PORT}" |
| else |
| print "Using KMS_ADMIN_PORT: ${KMS_ADMIN_PORT}" |
| fi |
| |
| if [ "${KMS_PROTOCOL}" = "" ]; then |
| export KMS_PROTOCOL="HTTP/1.1" |
| print "Setting KMS_PROTOCOL: ${KMS_PROTOCOL}" |
| else |
| print "Using KMS_PROTOCOL: ${KMS_PROTOCOL}" |
| fi |
| |
| if [ "${KMS_MAX_THREADS}" = "" ]; then |
| export KMS_MAX_THREADS=1000 |
| print "Setting KMS_MAX_THREADS: ${KMS_MAX_THREADS}" |
| else |
| print "Using KMS_MAX_THREADS: ${KMS_MAX_THREADS}" |
| fi |
| |
| if [ "${KMS_ACCEPT_COUNT}" = "" ]; then |
| export KMS_ACCEPT_COUNT=500 |
| print "Setting KMS_ACCEPT_COUNT: ${KMS_ACCEPT_COUNT}" |
| else |
| print "Using KMS_ACCEPT_COUNT: ${KMS_ACCEPT_COUNT}" |
| fi |
| |
| if [ "${KMS_ACCEPTOR_THREAD_COUNT}" = "" ]; then |
| export KMS_ACCEPTOR_THREAD_COUNT=1 |
| print "Setting KMS_ACCEPTOR_THREAD_COUNT: ${KMS_ACCEPTOR_THREAD_COUNT}" |
| else |
| print "Using KMS_ACCEPTOR_THREAD_COUNT: ${KMS_ACCEPTOR_THREAD_COUNT}" |
| fi |
| |
| if [ "${KMS_MAX_HTTP_HEADER_SIZE}" = "" ]; then |
| export KMS_MAX_HTTP_HEADER_SIZE=65536 |
| print "Setting KMS_MAX_HTTP_HEADER_SIZE: ${KMS_MAX_HTTP_HEADER_SIZE}" |
| else |
| print "Using KMS_MAX_HTTP_HEADER_SIZE: ${KMS_MAX_HTTP_HEADER_SIZE}" |
| fi |
| |
| if [ "${KMS_SSL_CLIENT_AUTH}" = "" ]; then |
| export KMS_SSL_CLIENT_AUTH="false" |
| print "Setting KMS_SSL_CLIENT_AUTH: ${KMS_SSL_CLIENT_AUTH}" |
| else |
| print "Using KMS_SSL_CLIENT_AUTH: ${KMS_SSL_CLIENT_AUTH}" |
| fi |
| |
| if [ "${KMS_SSL_ENABLED_PROTOCOLS}" = "" ]; then |
| export KMS_SSL_ENABLED_PROTOCOLS="TLSv1,TLSv1.1,TLSv1.2,SSLv2Hello" |
| print "Setting KMS_SSL_ENABLED_PROTOCOLS: ${KMS_SSL_ENABLED_PROTOCOLS}" |
| else |
| print "Using KMS_SSL_ENABLED_PROTOCOLS: ${KMS_SSL_ENABLED_PROTOCOLS}" |
| fi |
| |
| if [ "${KMS_SSL_CIPHERS}" = "" ]; then |
| export KMS_SSL_CIPHERS="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" |
| KMS_SSL_CIPHERS+=",TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" |
| KMS_SSL_CIPHERS+=",TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" |
| KMS_SSL_CIPHERS+=",TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" |
| KMS_SSL_CIPHERS+=",TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" |
| KMS_SSL_CIPHERS+=",TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" |
| KMS_SSL_CIPHERS+=",TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" |
| KMS_SSL_CIPHERS+=",TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" |
| KMS_SSL_CIPHERS+=",TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" |
| KMS_SSL_CIPHERS+=",TLS_RSA_WITH_AES_256_CBC_SHA256" |
| KMS_SSL_CIPHERS+=",TLS_RSA_WITH_AES_256_CBC_SHA" |
| KMS_SSL_CIPHERS+=",TLS_RSA_WITH_AES_128_CBC_SHA256" |
| KMS_SSL_CIPHERS+=",TLS_RSA_WITH_AES_128_CBC_SHA" |
| KMS_SSL_CIPHERS+=",TLS_RSA_WITH_3DES_EDE_CBC_SHA" |
| print "Setting KMS_SSL_CIPHERS: ${KMS_SSL_CIPHERS}" |
| else |
| print "Using KMS_SSL_CIPHERS: ${KMS_SSL_CIPHERS}" |
| fi |
| |
| if [ "${KMS_SSL_KEYSTORE_FILE}" = "" ]; then |
| export KMS_SSL_KEYSTORE_FILE=${HOME}/.keystore |
| print "Setting KMS_SSL_KEYSTORE_FILE: ${KMS_SSL_KEYSTORE_FILE}" |
| else |
| print "Using KMS_SSL_KEYSTORE_FILE: ${KMS_SSL_KEYSTORE_FILE}" |
| fi |
| |
| # If KMS_SSL_KEYSTORE_PASS is explicitly set to "" |
| # then reset to "password". DO NOT set to "password" if |
| # variable is NOT defined. |
| if [ "${KMS_SSL_KEYSTORE_PASS}" = "" ]; then |
| if [ -n "${KMS_SSL_KEYSTORE_PASS+1}" ]; then |
| export KMS_SSL_KEYSTORE_PASS=password |
| print "Setting KMS_SSL_KEYSTORE_PASS: ********" |
| fi |
| else |
| KMS_SSL_KEYSTORE_PASS_DISP=`echo ${KMS_SSL_KEYSTORE_PASS} | sed 's/./*/g'` |
| print "Using KMS_SSL_KEYSTORE_PASS: ${KMS_SSL_KEYSTORE_PASS_DISP}" |
| fi |
| |
| if [ "${CATALINA_BASE}" = "" ]; then |
| export CATALINA_BASE=${KMS_HOME}/share/hadoop/kms/tomcat |
| print "Setting CATALINA_BASE: ${CATALINA_BASE}" |
| else |
| print "Using CATALINA_BASE: ${CATALINA_BASE}" |
| fi |
| |
| if [ "${KMS_CATALINA_HOME}" = "" ]; then |
| export KMS_CATALINA_HOME=${CATALINA_BASE} |
| print "Setting KMS_CATALINA_HOME: ${KMS_CATALINA_HOME}" |
| else |
| print "Using KMS_CATALINA_HOME: ${KMS_CATALINA_HOME}" |
| fi |
| |
| if [ "${CATALINA_OUT}" = "" ]; then |
| export CATALINA_OUT=${KMS_LOG}/kms-catalina.out |
| print "Setting CATALINA_OUT: ${CATALINA_OUT}" |
| else |
| print "Using CATALINA_OUT: ${CATALINA_OUT}" |
| fi |
| |
| if [ "${CATALINA_PID}" = "" ]; then |
| export CATALINA_PID=/tmp/kms.pid |
| print "Setting CATALINA_PID: ${CATALINA_PID}" |
| else |
| print "Using CATALINA_PID: ${CATALINA_PID}" |
| fi |
| |
| print |