This is an automated email from the ASF dual-hosted git repository.
bharat pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/trunk by this push:
new ec1d453 HDDS-1788. Fix kerberos principal error in Ozone Recon.
(#1201)
ec1d453 is described below
commit ec1d453846ca7446b5372b11372311b65bef8a4b
Author: Vivek Ratnavel Subramanian <[email protected]>
AuthorDate: Sat Aug 3 10:49:07 2019 -0700
HDDS-1788. Fix kerberos principal error in Ozone Recon. (#1201)
---
hadoop-hdds/common/src/main/resources/ozone-default.xml | 6 +++---
.../docker-image/docker-krb5/Dockerfile-krb5 | 2 +-
.../src/main/compose/ozonesecure/docker-compose.yaml | 13 +++++++++++++
.../dist/src/main/compose/ozonesecure/docker-config | 4 ++++
.../ozonesecure/docker-image/docker-krb5/Dockerfile-krb5 | 2 +-
...igurationProvider.java => ConfigurationProvider.java} | 16 ++++++++--------
.../apache/hadoop/ozone/recon/ReconControllerModule.java | 3 ++-
.../java/org/apache/hadoop/ozone/recon/ReconServer.java | 2 +-
.../recon/spi/impl/OzoneManagerServiceProviderImpl.java | 15 ++++++---------
9 files changed, 39 insertions(+), 24 deletions(-)
diff --git a/hadoop-hdds/common/src/main/resources/ozone-default.xml
b/hadoop-hdds/common/src/main/resources/ozone-default.xml
index a88dd82..f4e4ce5 100644
--- a/hadoop-hdds/common/src/main/resources/ozone-default.xml
+++ b/hadoop-hdds/common/src/main/resources/ozone-default.xml
@@ -612,7 +612,7 @@
<description>
The actual address the OM web server will bind to using HTTPS.
If this optional address is set, it overrides only the hostname portion
of
- ozone.om.http-address.
+ ozone.om.https-address.
</description>
</property>
<property>
@@ -1040,7 +1040,7 @@
<description>
The actual address the SCM web server will bind to using HTTPS.
If this optional address is set, it overrides only the hostname portion
of
- ozone.scm.http-address.
+ ozone.scm.https-address.
</description>
</property>
<property>
@@ -1525,7 +1525,7 @@
<value>5m</value>
<tag>OZONE, OM</tag>
<description>Time interval used to store the omMetrics in to a
- file. Background thread perodically stores the OM metrics in to a
+ file. Background thread periodically stores the OM metrics in to a
file. Unit could be defined with postfix (ns,ms,s,m,h,d)
</description>
</property>
diff --git
a/hadoop-ozone/dist/src/main/compose/ozonesecure-mr/docker-image/docker-krb5/Dockerfile-krb5
b/hadoop-ozone/dist/src/main/compose/ozonesecure-mr/docker-image/docker-krb5/Dockerfile-krb5
index 4bd5d53..6c6c816 100644
---
a/hadoop-ozone/dist/src/main/compose/ozonesecure-mr/docker-image/docker-krb5/Dockerfile-krb5
+++
b/hadoop-ozone/dist/src/main/compose/ozonesecure-mr/docker-image/docker-krb5/Dockerfile-krb5
@@ -11,7 +11,7 @@
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License lsfor the specific language governing permissions and
+# See the License for the specific language governing permissions and
# limitations under the License.
diff --git a/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-compose.yaml
b/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-compose.yaml
index 6b1f48c..6f59994 100644
--- a/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-compose.yaml
+++ b/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-compose.yaml
@@ -65,6 +65,19 @@ services:
env_file:
- ./docker-config
command: ["/opt/hadoop/bin/ozone","s3g"]
+ recon:
+ image: apache/ozone-runner:${HADOOP_RUNNER_VERSION}
+ hostname: recon
+ volumes:
+ - ../..:/opt/hadoop
+ ports:
+ - 9888:9888
+ env_file:
+ - ./docker-config
+ environment:
+ WAITFOR: om:9874
+ ENSURE_OM_INITIALIZED: /data/metadata/om/current/VERSION
+ command: ["/opt/hadoop/bin/ozone","recon"]
scm:
image: apache/ozone-runner:${HADOOP_RUNNER_VERSION}
hostname: scm
diff --git a/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-config
b/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-config
index 7e9ed82..ebe1f77 100644
--- a/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-config
+++ b/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-config
@@ -33,6 +33,10 @@
OZONE-SITE.XML_ozone.om.kerberos.principal=om/[email protected]
OZONE-SITE.XML_ozone.om.kerberos.keytab.file=/etc/security/keytabs/om.keytab
OZONE-SITE.XML_ozone.s3g.keytab.file=/etc/security/keytabs/HTTP.keytab
OZONE-SITE.XML_ozone.s3g.authentication.kerberos.principal=HTTP/[email protected]
+OZONE-SITE.XML_ozone.recon.authentication.kerberos.principal=HTTP/[email protected]
+OZONE-SITE.XML_ozone.recon.keytab.file=/etc/security/keytabs/HTTP.keytab
+OZONE-SITE.XML_ozone.recon.db.dir=/data/metadata/recon
+OZONE-SITE.XML_recon.om.snapshot.task.initial.delay=20s
OZONE-SITE.XML_ozone.security.enabled=true
OZONE-SITE.XML_ozone.acl.enabled=true
diff --git
a/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-image/docker-krb5/Dockerfile-krb5
b/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-image/docker-krb5/Dockerfile-krb5
index f44158b..1a6097e 100644
---
a/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-image/docker-krb5/Dockerfile-krb5
+++
b/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-image/docker-krb5/Dockerfile-krb5
@@ -11,7 +11,7 @@
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License lsfor the specific language governing permissions and
+# See the License for the specific language governing permissions and
# limitations under the License.
diff --git
a/hadoop-ozone/ozone-recon/src/main/java/org/apache/hadoop/ozone/recon/OzoneConfigurationProvider.java
b/hadoop-ozone/ozone-recon/src/main/java/org/apache/hadoop/ozone/recon/ConfigurationProvider.java
similarity index 76%
rename from
hadoop-ozone/ozone-recon/src/main/java/org/apache/hadoop/ozone/recon/OzoneConfigurationProvider.java
rename to
hadoop-ozone/ozone-recon/src/main/java/org/apache/hadoop/ozone/recon/ConfigurationProvider.java
index 3c8dae0..5b01958 100644
---
a/hadoop-ozone/ozone-recon/src/main/java/org/apache/hadoop/ozone/recon/OzoneConfigurationProvider.java
+++
b/hadoop-ozone/ozone-recon/src/main/java/org/apache/hadoop/ozone/recon/ConfigurationProvider.java
@@ -17,9 +17,9 @@
*/
package org.apache.hadoop.ozone.recon;
-import org.apache.hadoop.hdds.conf.OzoneConfiguration;
-
import com.google.inject.Provider;
+import org.apache.hadoop.conf.Configuration;
+
/**
* Ozone Configuration Provider.
@@ -27,17 +27,17 @@ import com.google.inject.Provider;
* As the OzoneConfiguration is created by the CLI application here we inject
* it via a singleton instance to the Jax-RS/CDI instances.
*/
-public class OzoneConfigurationProvider implements
- Provider<OzoneConfiguration> {
+public class ConfigurationProvider implements
+ Provider<Configuration> {
- private static OzoneConfiguration configuration;
+ private static Configuration configuration;
- static void setConfiguration(OzoneConfiguration conf) {
- OzoneConfigurationProvider.configuration = conf;
+ static void setConfiguration(Configuration conf) {
+ ConfigurationProvider.configuration = conf;
}
@Override
- public OzoneConfiguration get() {
+ public Configuration get() {
return configuration;
}
}
diff --git
a/hadoop-ozone/ozone-recon/src/main/java/org/apache/hadoop/ozone/recon/ReconControllerModule.java
b/hadoop-ozone/ozone-recon/src/main/java/org/apache/hadoop/ozone/recon/ReconControllerModule.java
index 3473a62..e7c20f0 100644
---
a/hadoop-ozone/ozone-recon/src/main/java/org/apache/hadoop/ozone/recon/ReconControllerModule.java
+++
b/hadoop-ozone/ozone-recon/src/main/java/org/apache/hadoop/ozone/recon/ReconControllerModule.java
@@ -29,6 +29,7 @@ import static
org.apache.hadoop.ozone.recon.ReconServerConfigKeys.OZONE_RECON_SQ
import static
org.apache.hadoop.ozone.recon.ReconServerConfigKeys.OZONE_RECON_SQL_MAX_IDLE_CONNECTION_AGE;
import static
org.apache.hadoop.ozone.recon.ReconServerConfigKeys.OZONE_RECON_SQL_MAX_IDLE_CONNECTION_TEST_STMT;
+import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.ozone.recon.persistence.DataSourceConfiguration;
import org.apache.hadoop.ozone.recon.persistence.JooqPersistenceModule;
@@ -53,7 +54,7 @@ import com.google.inject.Singleton;
public class ReconControllerModule extends AbstractModule {
@Override
protected void configure() {
-
bind(OzoneConfiguration.class).toProvider(OzoneConfigurationProvider.class);
+ bind(Configuration.class).toProvider(ConfigurationProvider.class);
bind(ReconHttpServer.class).in(Singleton.class);
bind(DBStore.class)
.toProvider(ReconContainerDBProvider.class).in(Singleton.class);
diff --git
a/hadoop-ozone/ozone-recon/src/main/java/org/apache/hadoop/ozone/recon/ReconServer.java
b/hadoop-ozone/ozone-recon/src/main/java/org/apache/hadoop/ozone/recon/ReconServer.java
index d813622..39c82d0 100644
---
a/hadoop-ozone/ozone-recon/src/main/java/org/apache/hadoop/ozone/recon/ReconServer.java
+++
b/hadoop-ozone/ozone-recon/src/main/java/org/apache/hadoop/ozone/recon/ReconServer.java
@@ -64,7 +64,7 @@ public class ReconServer extends GenericCli {
@Override
public Void call() throws Exception {
OzoneConfiguration ozoneConfiguration = createOzoneConfiguration();
- OzoneConfigurationProvider.setConfiguration(ozoneConfiguration);
+ ConfigurationProvider.setConfiguration(ozoneConfiguration);
injector = Guice.createInjector(new
ReconControllerModule(), new ReconRestServletModule() {
diff --git
a/hadoop-ozone/ozone-recon/src/main/java/org/apache/hadoop/ozone/recon/spi/impl/OzoneManagerServiceProviderImpl.java
b/hadoop-ozone/ozone-recon/src/main/java/org/apache/hadoop/ozone/recon/spi/impl/OzoneManagerServiceProviderImpl.java
index b552fac..389be1b 100644
---
a/hadoop-ozone/ozone-recon/src/main/java/org/apache/hadoop/ozone/recon/spi/impl/OzoneManagerServiceProviderImpl.java
+++
b/hadoop-ozone/ozone-recon/src/main/java/org/apache/hadoop/ozone/recon/spi/impl/OzoneManagerServiceProviderImpl.java
@@ -18,7 +18,6 @@
package org.apache.hadoop.ozone.recon.spi.impl;
-import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_SECURITY_ENABLED_KEY;
import static
org.apache.hadoop.ozone.OzoneConsts.OZONE_DB_CHECKPOINT_REQUEST_FLUSH;
import static
org.apache.hadoop.ozone.OzoneConsts.OZONE_OM_DB_CHECKPOINT_HTTP_ENDPOINT;
import static
org.apache.hadoop.ozone.recon.ReconConstants.RECON_OM_SNAPSHOT_DB;
@@ -45,7 +44,9 @@ import javax.inject.Inject;
import javax.inject.Singleton;
import org.apache.commons.io.FileUtils;
-import org.apache.hadoop.hdds.conf.OzoneConfiguration;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hdfs.DFSUtil;
+import org.apache.hadoop.http.HttpConfig;
import org.apache.hadoop.ozone.om.OMConfigKeys;
import org.apache.hadoop.ozone.om.OMMetadataManager;
import org.apache.hadoop.ozone.recon.recovery.ReconOMMetadataManager;
@@ -75,13 +76,10 @@ public class OzoneManagerServiceProviderImpl
private String omDBSnapshotUrl;
@Inject
- private OzoneConfiguration configuration;
-
- @Inject
private ReconOMMetadataManager omMetadataManager;
@Inject
- public OzoneManagerServiceProviderImpl(OzoneConfiguration configuration) {
+ public OzoneManagerServiceProviderImpl(Configuration configuration) {
String ozoneManagerHttpAddress = configuration.get(OMConfigKeys
.OZONE_OM_HTTP_ADDRESS_KEY);
@@ -92,8 +90,7 @@ public class OzoneManagerServiceProviderImpl
omSnapshotDBParentDir = getReconDbDir(configuration,
OZONE_RECON_OM_SNAPSHOT_DB_DIR);
- boolean ozoneSecurityEnabled = configuration.getBoolean(
- OZONE_SECURITY_ENABLED_KEY, false);
+ HttpConfig.Policy policy = DFSUtil.getHttpPolicy(configuration);
int socketTimeout = (int) configuration.getTimeDuration(
RECON_OM_SOCKET_TIMEOUT, RECON_OM_SOCKET_TIMEOUT_DEFAULT,
@@ -118,7 +115,7 @@ public class OzoneManagerServiceProviderImpl
omDBSnapshotUrl = "http://"; + ozoneManagerHttpAddress +
OZONE_OM_DB_CHECKPOINT_HTTP_ENDPOINT;
- if (ozoneSecurityEnabled) {
+ if (policy.isHttpsEnabled()) {
omDBSnapshotUrl = "https://"; + ozoneManagerHttpsAddress +
OZONE_OM_DB_CHECKPOINT_HTTP_ENDPOINT;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
