SLIDER-263 AM no longer persists keystore password
diff --git a/slider-core/src/main/java/org/apache/slider/common/SliderKeys.java b/slider-core/src/main/java/org/apache/slider/common/SliderKeys.java
index 89cc263..f11d200 100644
--- a/slider-core/src/main/java/org/apache/slider/common/SliderKeys.java
+++ b/slider-core/src/main/java/org/apache/slider/common/SliderKeys.java
@@ -174,7 +174,6 @@
String KEY_FILE_NAME = "ca.key";
String KEYSTORE_FILE_NAME = "keystore.p12";
String CRT_PASS_FILE_NAME = "pass.txt";
- String PASSPHRASE = "DEV";
String PASS_LEN = "50";
/**
diff --git a/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java b/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java
index efa1b09..39a2572 100644
--- a/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java
+++ b/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java
@@ -687,14 +687,13 @@
// Start up the WebApp and track the URL for it
certificateManager = new CertificateManager();
- certificateManager.initialize(
- instanceDefinition.getAppConfOperations()
- .getComponent(SliderKeys.COMPONENT_AM));
+ MapOperations component = instanceDefinition.getAppConfOperations()
+ .getComponent(SliderKeys.COMPONENT_AM);
+ certificateManager.initialize(component);
certificateManager.setPassphrase(instanceDefinition.getPassphrase());
- if (instanceDefinition.
- getAppConfOperations().getComponent(SliderKeys.COMPONENT_AM).
- getOptionBool(AgentKeys.KEY_AGENT_TWO_WAY_SSL_ENABLED, false)) {
+ if (component.getOptionBool(
+ AgentKeys.KEY_AGENT_TWO_WAY_SSL_ENABLED, false)) {
uploadServerCertForLocalization(clustername, fs);
}
diff --git a/slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java b/slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java
index 3771962..257f8f9 100644
--- a/slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java
+++ b/slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java
@@ -61,8 +61,8 @@
private String passphrase;
/**
- * Verify that root certificate exists, generate it otherwise.
- */
+ * Verify that root certificate exists, generate it otherwise.
+ */
public void initialize(MapOperations compOperations) {
SecurityUtils.initializeSecurityParameters(compOperations);
diff --git a/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java b/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java
index c7ad8dd..527d4e6 100644
--- a/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java
+++ b/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java
@@ -140,6 +140,11 @@
}
public static void initializeSecurityParameters(MapOperations configMap) {
+ initializeSecurityParameters(configMap, false);
+ }
+
+ public static void initializeSecurityParameters(MapOperations configMap,
+ boolean persistPassword) {
String keyStoreLocation = configMap.getOption(
SliderXmlConfKeys.KEY_KEYSTORE_LOCATION, getDefaultKeystoreLocation());
File secDirFile = new File(keyStoreLocation).getParentFile();
@@ -167,26 +172,28 @@
}
// need to create the password
}
- keystorePass = getKeystorePassword(secDirFile);
+ keystorePass = getKeystorePassword(secDirFile, persistPassword);
securityDir = secDirFile.getAbsolutePath();
}
- private static String getKeystorePassword(File secDirFile) {
+ private static String getKeystorePassword(File secDirFile,
+ boolean persistPassword) {
File passFile = new File(secDirFile, SliderKeys.CRT_PASS_FILE_NAME);
String password = null;
-
if (!passFile.exists()) {
- LOG.info("Generation of file with password");
- try {
- password = RandomStringUtils.randomAlphanumeric(
- Integer.valueOf(SliderKeys.PASS_LEN));
- FileUtils.writeStringToFile(passFile, password);
- passFile.setWritable(true);
- passFile.setReadable(true);
- } catch (IOException e) {
- e.printStackTrace();
- throw new RuntimeException(
- "Error creating certificate password file");
+ LOG.info("Generating keystore password");
+ password = RandomStringUtils.randomAlphanumeric(
+ Integer.valueOf(SliderKeys.PASS_LEN));
+ if (persistPassword) {
+ try {
+ FileUtils.writeStringToFile(passFile, password);
+ passFile.setWritable(true);
+ passFile.setReadable(true);
+ } catch (IOException e) {
+ e.printStackTrace();
+ throw new RuntimeException(
+ "Error creating certificate password file");
+ }
}
} else {
LOG.info("Reading password from existing file");
diff --git a/slider-core/src/test/groovy/org/apache/slider/providers/agent/TestAgentAMManagementWS.groovy b/slider-core/src/test/groovy/org/apache/slider/providers/agent/TestAgentAMManagementWS.groovy
index a6c351d..7434c4e 100644
--- a/slider-core/src/test/groovy/org/apache/slider/providers/agent/TestAgentAMManagementWS.groovy
+++ b/slider-core/src/test/groovy/org/apache/slider/providers/agent/TestAgentAMManagementWS.groovy
@@ -23,6 +23,7 @@
import groovy.transform.CompileStatic
import groovy.util.logging.Slf4j
import org.apache.hadoop.fs.Path
+import org.apache.hadoop.yarn.conf.YarnConfiguration
import org.apache.hadoop.yarn.exceptions.YarnException
import org.apache.slider.api.StatusKeys
import org.apache.slider.client.SliderClient
@@ -57,6 +58,7 @@
@CompileStatic
@Slf4j
class TestAgentAMManagementWS extends AgentTestBase {
+ private static String password;
public static final String AGENT_URI = "ws/v1/slider/agents/";
final static Logger logger = LoggerFactory.getLogger(TestAgentAMManagementWS.class)
@@ -91,11 +93,11 @@
super.setup()
MapOperations compOperations = new MapOperations();
compOperations.put(SliderXmlConfKeys.KEY_KEYSTORE_LOCATION, "/tmp/work/security/keystore.p12");
- SecurityUtils.initializeSecurityParameters(compOperations);
+ SecurityUtils.initializeSecurityParameters(compOperations, true);
CertificateManager certificateManager = new CertificateManager();
certificateManager.initialize(compOperations);
String keystoreFile = SecurityUtils.getSecurityDir() + File.separator + SliderKeys.KEYSTORE_FILE_NAME;
- String password = SecurityUtils.getKeystorePass();
+ password = SecurityUtils.getKeystorePass();
System.setProperty("javax.net.ssl.trustStore", keystoreFile);
System.setProperty("javax.net.ssl.trustStorePassword", password);
System.setProperty("javax.net.ssl.trustStoreType", "PKCS12");
@@ -184,9 +186,11 @@
InstanceBuilder builder)
throws IOException, SliderException, LockAcquireFailedException {
AggregateConf conf = builder.getInstanceDescription()
- conf.getAppConfOperations().getComponent("slider-appmaster").put(
+ MapOperations component = conf.getAppConfOperations().getComponent("slider-appmaster")
+ component.put(
"ssl.server.keystore.location",
"/tmp/work/security/keystore.p12")
+ component.put("ssl.server.keystore.password", password)
super.persistInstanceDefinition(overwrite, appconfdir, builder)
}
@@ -196,10 +200,12 @@
AggregateConf instanceDefinition,
boolean debugAM)
throws YarnException, IOException {
- instanceDefinition.getAppConfOperations().getComponent("slider-appmaster").put(
+ MapOperations component = instanceDefinition.getAppConfOperations().getComponent("slider-appmaster")
+ component.put(
"ssl.server.keystore.location",
"/tmp/work/security/keystore.p12")
- return super.launchApplication(clustername, clusterDirectory, instanceDefinition, debugAM)
+ component.put("ssl.server.keystore.password", password)
+ return super.launchApplication(clustername, clusterDirectory, instanceDefinition, debugAM)
}
}
diff --git a/slider-core/src/test/java/org/apache/slider/server/appmaster/web/rest/agent/TestAMAgentWebServices.java b/slider-core/src/test/java/org/apache/slider/server/appmaster/web/rest/agent/TestAMAgentWebServices.java
index daa47fa..faec5d8 100644
--- a/slider-core/src/test/java/org/apache/slider/server/appmaster/web/rest/agent/TestAMAgentWebServices.java
+++ b/slider-core/src/test/java/org/apache/slider/server/appmaster/web/rest/agent/TestAMAgentWebServices.java
@@ -80,10 +80,10 @@
}
});
- SecurityUtils.initializeSecurityParameters(new MapOperations());
- MapOperations compOperations = new MapOperations();
+ MapOperations configMap = new MapOperations();
+ SecurityUtils.initializeSecurityParameters(configMap, true);
CertificateManager certificateManager = new CertificateManager();
- certificateManager.initialize(compOperations);
+ certificateManager.initialize(configMap);
String keystoreFile = SecurityUtils.getSecurityDir() + File.separator + SliderKeys.KEYSTORE_FILE_NAME;
String password = SecurityUtils.getKeystorePass();
System.setProperty("javax.net.ssl.trustStore", keystoreFile);