This is an automated email from the ASF dual-hosted git repository. bharat pushed a commit to branch HDDS-5501 in repository https://gitbox.apache.org/repos/asf/ozone.git
commit 13a0ac02568f94c443cc36c225b6c59f2fe84e2d Author: Bharat Viswanadham <[email protected]> AuthorDate: Wed Jul 28 12:19:19 2021 +0530 fix docker tests and integration tests --- .../common/src/main/resources/ozone-default.xml | 17 +++++++++++ .../java/org/apache/hadoop/ozone/s3/Gateway.java | 34 ++++++++++++---------- 2 files changed, 35 insertions(+), 16 deletions(-) diff --git a/hadoop-hdds/common/src/main/resources/ozone-default.xml b/hadoop-hdds/common/src/main/resources/ozone-default.xml index 7c75b63..0e8f1c8 100644 --- a/hadoop-hdds/common/src/main/resources/ozone-default.xml +++ b/hadoop-hdds/common/src/main/resources/ozone-default.xml @@ -2807,4 +2807,21 @@ will not be allocated a pipeline or container replica. </description> </property> + + <property> + <name>ozone.s3g.kerberos.keytab.file</name> + <value>/etc/security/keytabs/s3g.keytab</value> + <tag>OZONE, SECURITY, KERBEROS, S3GATEWAY</tag> + <description> The keytab file used by OzoneManager daemon to login as its + service principal. The principal name is configured with + ozone.om.kerberos.principal. + </description> + </property> + <property> + <name>ozone.s3g.kerberos.principal</name> + <value>s3g/_HOST@REALM</value> + <tag>OZONE, SECURITY, KERBEROS, S3GATEWAY</tag> + <description>The S3Gateway service principal. + Ex: s3g/[email protected]</description> + </property> </configuration> diff --git a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/Gateway.java b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/Gateway.java index 7590802..6b6cad4 100644 --- a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/Gateway.java +++ b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/Gateway.java @@ -24,6 +24,7 @@ import org.apache.hadoop.hdds.cli.GenericCli; import org.apache.hadoop.hdds.cli.HddsVersionProvider; import org.apache.hadoop.hdds.conf.OzoneConfiguration; import org.apache.hadoop.hdds.tracing.TracingUtil; +import org.apache.hadoop.ozone.OzoneSecurityUtil; import org.apache.hadoop.ozone.util.OzoneVersionInfo; import org.apache.hadoop.ozone.util.ShutdownHookManager; @@ -92,24 +93,25 @@ public class Gateway extends GenericCli { private static void loginS3GUser(OzoneConfiguration conf) throws IOException, AuthenticationException { - - if (SecurityUtil.getAuthenticationMethod(conf).equals( - UserGroupInformation.AuthenticationMethod.KERBEROS)) { - if (LOG.isDebugEnabled()) { - LOG.debug("Ozone security is enabled. Attempting login for S3G user. " - + "Principal: {}, keytab: {}", - conf.get(OZONE_S3G_KERBEROS_PRINCIPAL_KEY), - conf.get(OZONE_S3G_KERBEROS_KEYTAB_FILE_KEY)); + if (OzoneSecurityUtil.isSecurityEnabled(conf)) { + if (SecurityUtil.getAuthenticationMethod(conf).equals( + UserGroupInformation.AuthenticationMethod.KERBEROS)) { + if (LOG.isDebugEnabled()) { + LOG.debug("Ozone security is enabled. Attempting login for S3G user. " + + "Principal: {}, keytab: {}", + conf.get(OZONE_S3G_KERBEROS_PRINCIPAL_KEY), + conf.get(OZONE_S3G_KERBEROS_KEYTAB_FILE_KEY)); + } + + SecurityUtil.login(conf, OZONE_S3G_KERBEROS_KEYTAB_FILE_KEY, + OZONE_S3G_KERBEROS_PRINCIPAL_KEY); + } else { + throw new AuthenticationException(SecurityUtil.getAuthenticationMethod( + conf) + " authentication method not supported. S3 user login " + + "failed."); } - - SecurityUtil.login(conf, OZONE_S3G_KERBEROS_KEYTAB_FILE_KEY, - OZONE_S3G_KERBEROS_PRINCIPAL_KEY); - } else { - throw new AuthenticationException(SecurityUtil.getAuthenticationMethod( - conf) + " authentication method not supported. S3 user login " - + "failed."); + LOG.info("S3Gateway login successful."); } - LOG.info("S3Gateway login successful."); } } --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
