This is an automated email from the ASF dual-hosted git repository.
adoroszlai pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git
The following commit(s) were added to refs/heads/master by this push:
new ebcdc6a1ef HDDS-11810. Secure acceptance test on arm64 fails with
LoginException: Checksum failed (#7498)
ebcdc6a1ef is described below
commit ebcdc6a1ef3726876293ebf71920193b0fbf7335
Author: Doroszlai, Attila <[email protected]>
AuthorDate: Fri Nov 29 05:42:05 2024 +0100
HDDS-11810. Secure acceptance test on arm64 fails with LoginException:
Checksum failed (#7498)
---
.../dist/dev-support/bin/dist-layout-stitching | 3 +-
.../dist/src/main/compose/common/init-kdc.sh | 86 ++++++++++++++++++
.../compose/ozonesecure-ha/docker-compose.yaml | 2 +-
.../compose/ozonesecure-mr/docker-compose.yaml | 2 +-
.../main/compose/ozonesecure/docker-compose.yaml | 2 +-
.../compose/upgrade/compose/ha/docker-compose.yaml | 2 +-
.../dist/src/main/compose/xcompat/new-cluster.yaml | 2 +-
.../dist/src/main/compose/xcompat/old-cluster.yaml | 2 +-
hadoop-ozone/dist/src/main/keytabs/HTTP.keytab | Bin 580 -> 0 bytes
hadoop-ozone/dist/src/main/keytabs/dn.keytab | Bin 576 -> 0 bytes
hadoop-ozone/dist/src/main/keytabs/hadoop.keytab | Bin 146 -> 0 bytes
hadoop-ozone/dist/src/main/keytabs/httpfs.keytab | Bin 616 -> 0 bytes
hadoop-ozone/dist/src/main/keytabs/jhs.keytab | Bin 142 -> 0 bytes
hadoop-ozone/dist/src/main/keytabs/nm.keytab | Bin 138 -> 0 bytes
hadoop-ozone/dist/src/main/keytabs/om.keytab | Bin 576 -> 0 bytes
hadoop-ozone/dist/src/main/keytabs/recon.keytab | Bin 606 -> 0 bytes
hadoop-ozone/dist/src/main/keytabs/rm.keytab | Bin 138 -> 0 bytes
hadoop-ozone/dist/src/main/keytabs/s3g.keytab | Bin 586 -> 0 bytes
hadoop-ozone/dist/src/main/keytabs/scm.keytab | Bin 586 -> 0 bytes
hadoop-ozone/dist/src/main/keytabs/testuser.keytab | Bin 908 -> 0 bytes
.../dist/src/main/keytabs/testuser2.keytab | Bin 920 -> 0 bytes
.../dist/src/main/keytabs/update-keytabs.sh | 98 ---------------------
22 files changed, 93 insertions(+), 106 deletions(-)
diff --git a/hadoop-ozone/dist/dev-support/bin/dist-layout-stitching
b/hadoop-ozone/dist/dev-support/bin/dist-layout-stitching
index 821f534c4a..a902eab5a9 100755
--- a/hadoop-ozone/dist/dev-support/bin/dist-layout-stitching
+++ b/hadoop-ozone/dist/dev-support/bin/dist-layout-stitching
@@ -128,8 +128,7 @@ run cp -p -r "${ROOT}/hadoop-ozone/dist/src/main/smoketest"
.
run cp -p -r "${ROOT}/hadoop-ozone/dist/target/k8s" kubernetes
run cp -p -r "${ROOT}/hadoop-ozone/dist/target/Dockerfile" .
-#Copy pre-generated keytabs
-run cp -p -R "${ROOT}/hadoop-ozone/dist/src/main/keytabs" compose/_keytabs
+run mkdir compose/_keytabs
for file in $(find "${ROOT}" -path '*/target/classes/*.classpath' | sort); do
# We need to add the artifact manually as it's not part the generated
classpath desciptor
diff --git a/hadoop-ozone/dist/src/main/compose/common/init-kdc.sh
b/hadoop-ozone/dist/src/main/compose/common/init-kdc.sh
new file mode 100755
index 0000000000..d5f7fd6d77
--- /dev/null
+++ b/hadoop-ozone/dist/src/main/compose/common/init-kdc.sh
@@ -0,0 +1,86 @@
+#!/usr/bin/env bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -eux -o pipefail
+
+# This script exports keytabs and starts KDC server.
+
+export_keytab() {
+ kadmin.local -q "ktadd -norandkey -k /etc/security/keytabs/$2.keytab
[email protected]"
+}
+
+rm -f /etc/security/keytabs/*.keytab
+
+export_keytab scm/scm scm
+export_keytab HTTP/scm scm
+export_keytab testuser/scm scm
+export_keytab testuser2/scm scm
+
+export_keytab testuser/dn testuser
+export_keytab testuser/httpfs testuser
+export_keytab testuser/om testuser
+export_keytab testuser/recon testuser
+export_keytab testuser/s3g testuser
+export_keytab testuser/scm testuser
+
+export_keytab testuser2/dn testuser2
+export_keytab testuser2/httpfs testuser2
+export_keytab testuser2/om testuser2
+export_keytab testuser2/recon testuser2
+export_keytab testuser2/s3g testuser2
+export_keytab testuser2/scm testuser2
+
+export_keytab om/om om
+export_keytab HTTP/om om
+export_keytab testuser/om om
+export_keytab testuser2/om om
+
+export_keytab s3g/s3g s3g
+export_keytab HTTP/s3g s3g
+export_keytab testuser/s3g s3g
+export_keytab testuser2/s3g s3g
+
+export_keytab httpfs/httpfs httpfs
+export_keytab HTTP/httpfs httpfs
+export_keytab testuser/httpfs httpfs
+export_keytab testuser2/httpfs httpfs
+
+export_keytab recon/recon recon
+export_keytab HTTP/recon recon
+export_keytab testuser/recon recon
+export_keytab testuser2/recon recon
+
+export_keytab dn/dn dn
+export_keytab HTTP/dn dn
+export_keytab testuser/dn dn
+export_keytab testuser2/dn dn
+
+export_keytab HTTP/scm HTTP
+export_keytab HTTP/s3g HTTP
+export_keytab HTTP/httpfs HTTP
+export_keytab HTTP/ozone HTTP
+
+export_keytab hadoop/rm hadoop
+
+export_keytab rm/rm rm
+export_keytab nm/nm nm
+export_keytab jhs/jhs jhs
+
+chmod 755 /etc/security/keytabs/*.keytab
+chown 1000. /etc/security/keytabs/*.keytab
+
+krb5kdc -n
diff --git
a/hadoop-ozone/dist/src/main/compose/ozonesecure-ha/docker-compose.yaml
b/hadoop-ozone/dist/src/main/compose/ozonesecure-ha/docker-compose.yaml
index 354f718ade..e48d3cb9b0 100644
--- a/hadoop-ozone/dist/src/main/compose/ozonesecure-ha/docker-compose.yaml
+++ b/hadoop-ozone/dist/src/main/compose/ozonesecure-ha/docker-compose.yaml
@@ -22,7 +22,7 @@ services:
volumes:
- ../..:/opt/hadoop
- ../_keytabs:/etc/security/keytabs
- command: ["krb5kdc","-n"]
+ command: ["/opt/hadoop/compose/common/init-kdc.sh"]
networks:
ozone_net:
ipv4_address: 172.25.0.100
diff --git
a/hadoop-ozone/dist/src/main/compose/ozonesecure-mr/docker-compose.yaml
b/hadoop-ozone/dist/src/main/compose/ozonesecure-mr/docker-compose.yaml
index f0b094447d..4db7576bd2 100644
--- a/hadoop-ozone/dist/src/main/compose/ozonesecure-mr/docker-compose.yaml
+++ b/hadoop-ozone/dist/src/main/compose/ozonesecure-mr/docker-compose.yaml
@@ -22,7 +22,7 @@ services:
volumes:
- ../..:/opt/hadoop
- ../_keytabs:/etc/security/keytabs
- command: ["krb5kdc","-n"]
+ command: ["/opt/hadoop/compose/common/init-kdc.sh"]
kms:
image: ${HADOOP_IMAGE}:${HADOOP_VERSION}
dns_search: .
diff --git a/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-compose.yaml
b/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-compose.yaml
index f0b4aee1b3..f3e372964b 100644
--- a/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-compose.yaml
+++ b/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-compose.yaml
@@ -22,7 +22,7 @@ services:
volumes:
- ../..:/opt/hadoop
- ../_keytabs:/etc/security/keytabs
- command: ["krb5kdc","-n"]
+ command: ["/opt/hadoop/compose/common/init-kdc.sh"]
kms:
image: ${HADOOP_IMAGE}:${HADOOP_VERSION}
hostname: kms
diff --git
a/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/docker-compose.yaml
b/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/docker-compose.yaml
index 86ebcc0c2b..8235f21374 100644
--- a/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/docker-compose.yaml
+++ b/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/docker-compose.yaml
@@ -67,7 +67,7 @@ x-volumes:
services:
kdc:
- command: ["krb5kdc","-n"]
+ command: ["/opt/hadoop/compose/common/init-kdc.sh"]
hostname: kdc
image: ${OZONE_TESTKRB5_IMAGE}
networks:
diff --git a/hadoop-ozone/dist/src/main/compose/xcompat/new-cluster.yaml
b/hadoop-ozone/dist/src/main/compose/xcompat/new-cluster.yaml
index 0f7105b8cc..275338d7e7 100644
--- a/hadoop-ozone/dist/src/main/compose/xcompat/new-cluster.yaml
+++ b/hadoop-ozone/dist/src/main/compose/xcompat/new-cluster.yaml
@@ -34,7 +34,7 @@ services:
volumes:
- ../..:/opt/hadoop
- ../_keytabs:/etc/security/keytabs
- command: [ "krb5kdc","-n" ]
+ command: ["/opt/hadoop/compose/common/init-kdc.sh"]
kms:
image: ${HADOOP_IMAGE}:${HADOOP_VERSION}
hostname: kms
diff --git a/hadoop-ozone/dist/src/main/compose/xcompat/old-cluster.yaml
b/hadoop-ozone/dist/src/main/compose/xcompat/old-cluster.yaml
index fceb8e6eb3..e3df1b3dda 100644
--- a/hadoop-ozone/dist/src/main/compose/xcompat/old-cluster.yaml
+++ b/hadoop-ozone/dist/src/main/compose/xcompat/old-cluster.yaml
@@ -34,7 +34,7 @@ services:
volumes:
- ../..:/opt/ozone
- ../_keytabs:/etc/security/keytabs
- command: [ "krb5kdc","-n" ]
+ command: ["/opt/ozone/compose/common/init-kdc.sh"]
kms:
image: ${HADOOP_IMAGE}:${HADOOP_VERSION}
hostname: kms
diff --git a/hadoop-ozone/dist/src/main/keytabs/HTTP.keytab
b/hadoop-ozone/dist/src/main/keytabs/HTTP.keytab
deleted file mode 100755
index d1715a7506..0000000000
Binary files a/hadoop-ozone/dist/src/main/keytabs/HTTP.keytab and /dev/null
differ
diff --git a/hadoop-ozone/dist/src/main/keytabs/dn.keytab
b/hadoop-ozone/dist/src/main/keytabs/dn.keytab
deleted file mode 100755
index 4b5c8c252e..0000000000
Binary files a/hadoop-ozone/dist/src/main/keytabs/dn.keytab and /dev/null differ
diff --git a/hadoop-ozone/dist/src/main/keytabs/hadoop.keytab
b/hadoop-ozone/dist/src/main/keytabs/hadoop.keytab
deleted file mode 100755
index ae3cd11e70..0000000000
Binary files a/hadoop-ozone/dist/src/main/keytabs/hadoop.keytab and /dev/null
differ
diff --git a/hadoop-ozone/dist/src/main/keytabs/httpfs.keytab
b/hadoop-ozone/dist/src/main/keytabs/httpfs.keytab
deleted file mode 100755
index e5eec5375c..0000000000
Binary files a/hadoop-ozone/dist/src/main/keytabs/httpfs.keytab and /dev/null
differ
diff --git a/hadoop-ozone/dist/src/main/keytabs/jhs.keytab
b/hadoop-ozone/dist/src/main/keytabs/jhs.keytab
deleted file mode 100755
index d7cd324ec5..0000000000
Binary files a/hadoop-ozone/dist/src/main/keytabs/jhs.keytab and /dev/null
differ
diff --git a/hadoop-ozone/dist/src/main/keytabs/nm.keytab
b/hadoop-ozone/dist/src/main/keytabs/nm.keytab
deleted file mode 100755
index 7b73f49a05..0000000000
Binary files a/hadoop-ozone/dist/src/main/keytabs/nm.keytab and /dev/null differ
diff --git a/hadoop-ozone/dist/src/main/keytabs/om.keytab
b/hadoop-ozone/dist/src/main/keytabs/om.keytab
deleted file mode 100755
index f6ef6fcbbc..0000000000
Binary files a/hadoop-ozone/dist/src/main/keytabs/om.keytab and /dev/null differ
diff --git a/hadoop-ozone/dist/src/main/keytabs/recon.keytab
b/hadoop-ozone/dist/src/main/keytabs/recon.keytab
deleted file mode 100755
index 7d0bd3cc3a..0000000000
Binary files a/hadoop-ozone/dist/src/main/keytabs/recon.keytab and /dev/null
differ
diff --git a/hadoop-ozone/dist/src/main/keytabs/rm.keytab
b/hadoop-ozone/dist/src/main/keytabs/rm.keytab
deleted file mode 100755
index 546b4a476d..0000000000
Binary files a/hadoop-ozone/dist/src/main/keytabs/rm.keytab and /dev/null differ
diff --git a/hadoop-ozone/dist/src/main/keytabs/s3g.keytab
b/hadoop-ozone/dist/src/main/keytabs/s3g.keytab
deleted file mode 100755
index 1361eecee6..0000000000
Binary files a/hadoop-ozone/dist/src/main/keytabs/s3g.keytab and /dev/null
differ
diff --git a/hadoop-ozone/dist/src/main/keytabs/scm.keytab
b/hadoop-ozone/dist/src/main/keytabs/scm.keytab
deleted file mode 100755
index 531f97a1b7..0000000000
Binary files a/hadoop-ozone/dist/src/main/keytabs/scm.keytab and /dev/null
differ
diff --git a/hadoop-ozone/dist/src/main/keytabs/testuser.keytab
b/hadoop-ozone/dist/src/main/keytabs/testuser.keytab
deleted file mode 100755
index c373cf5019..0000000000
Binary files a/hadoop-ozone/dist/src/main/keytabs/testuser.keytab and /dev/null
differ
diff --git a/hadoop-ozone/dist/src/main/keytabs/testuser2.keytab
b/hadoop-ozone/dist/src/main/keytabs/testuser2.keytab
deleted file mode 100755
index da5d6a99e5..0000000000
Binary files a/hadoop-ozone/dist/src/main/keytabs/testuser2.keytab and
/dev/null differ
diff --git a/hadoop-ozone/dist/src/main/keytabs/update-keytabs.sh
b/hadoop-ozone/dist/src/main/keytabs/update-keytabs.sh
deleted file mode 100755
index 5094a6bf85..0000000000
--- a/hadoop-ozone/dist/src/main/keytabs/update-keytabs.sh
+++ /dev/null
@@ -1,98 +0,0 @@
-#!/usr/bin/env bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-SCRIPT_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )
-set -ex
-
-export_keytab() {
- kadmin.local -q "ktadd -norandkey -k /etc/security/keytabs/$2.keytab
[email protected]"
-}
-
-#this section supposed to be executed inside a docker image which already
-#has these credentials
-#
-# the rest of the code executes this part inside a container
-#
-if [ "$1" == "internal" ]; then
- rm /etc/security/keytabs/*.keytab
-
- export_keytab scm/scm scm
- export_keytab HTTP/scm scm
- export_keytab testuser/scm scm
- export_keytab testuser2/scm scm
-
- export_keytab testuser/dn testuser
- export_keytab testuser/httpfs testuser
- export_keytab testuser/om testuser
- export_keytab testuser/recon testuser
- export_keytab testuser/s3g testuser
- export_keytab testuser/scm testuser
-
- export_keytab testuser2/dn testuser2
- export_keytab testuser2/httpfs testuser2
- export_keytab testuser2/om testuser2
- export_keytab testuser2/recon testuser2
- export_keytab testuser2/s3g testuser2
- export_keytab testuser2/scm testuser2
-
- export_keytab om/om om
- export_keytab HTTP/om om
- export_keytab testuser/om om
- export_keytab testuser2/om om
-
- export_keytab s3g/s3g s3g
- export_keytab HTTP/s3g s3g
- export_keytab testuser/s3g s3g
- export_keytab testuser2/s3g s3g
-
- export_keytab httpfs/httpfs httpfs
- export_keytab HTTP/httpfs httpfs
- export_keytab testuser/httpfs httpfs
- export_keytab testuser2/httpfs httpfs
-
- export_keytab recon/recon recon
- export_keytab HTTP/recon recon
- export_keytab testuser/recon recon
- export_keytab testuser2/recon recon
-
- export_keytab dn/dn dn
- export_keytab HTTP/dn dn
- export_keytab testuser/dn dn
- export_keytab testuser2/dn dn
-
- export_keytab HTTP/scm HTTP
- export_keytab HTTP/s3g HTTP
- export_keytab HTTP/httpfs HTTP
- export_keytab HTTP/ozone HTTP
-
- export_keytab hadoop/rm hadoop
-
- export_keytab rm/rm rm
- export_keytab nm/nm nm
- export_keytab jhs/jhs jhs
-
-
-
- chmod 755 /etc/security/keytabs/*.keytab
- chown 1000. /etc/security/keytabs/*.keytab
- exit 0
-fi
-
-TESTKRB5_IMAGE=$(mvn -f "$SCRIPT_DIR"/../../../pom.xml help:evaluate
-Dexpression=docker.ozone-testkr5b.image -q -DforceStdout -Dscan=false)
-
-docker run -it --entrypoint=/etc/security/keytabs/update-keytabs.sh -v
"$SCRIPT_DIR":/etc/security/keytabs $TESTKRB5_IMAGE internal
-
-
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
