This is an automated email from the ASF dual-hosted git repository.
aengineer pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/trunk by this push:
new ffd4e52 HDDS-2073. Make SCMSecurityProtocol message based.
Contributed by Elek, Marton.
ffd4e52 is described below
commit ffd4e527256389d91dd8e4c49ca1681f70a790e2
Author: Anu Engineer <aengin...@apache.org>
AuthorDate: Wed Oct 2 12:19:58 2019 -0700
HDDS-2073. Make SCMSecurityProtocol message based.
Contributed by Elek, Marton.
---
.../SCMSecurityProtocolClientSideTranslatorPB.java | 104 +++++++-----
.../SCMSecurityProtocolServerSideTranslatorPB.java | 132 ---------------
.../src/main/proto/SCMSecurityProtocol.proto | 96 +++++++----
.../SCMSecurityProtocolServerSideTranslatorPB.java | 186 +++++++++++++++++++++
.../hdds/scm/server/SCMSecurityProtocolServer.java | 27 ++-
.../ozone/insight/BaseInsightSubCommand.java | 6 +-
.../insight/scm/ScmProtocolSecurityInsight.java | 71 ++++++++
7 files changed, 401 insertions(+), 221 deletions(-)
diff --git
a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/protocolPB/SCMSecurityProtocolClientSideTranslatorPB.java
b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/protocolPB/SCMSecurityProtocolClientSideTranslatorPB.java
index d7d53a4..efe79a7 100644
---
a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/protocolPB/SCMSecurityProtocolClientSideTranslatorPB.java
+++
b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/protocolPB/SCMSecurityProtocolClientSideTranslatorPB.java
@@ -16,22 +16,29 @@
*/
package org.apache.hadoop.hdds.protocolPB;
-import com.google.protobuf.RpcController;
-import com.google.protobuf.ServiceException;
import java.io.Closeable;
import java.io.IOException;
+import java.util.function.Consumer;
+
+import org.apache.hadoop.hdds.protocol.SCMSecurityProtocol;
import org.apache.hadoop.hdds.protocol.proto.HddsProtos.DatanodeDetailsProto;
import
org.apache.hadoop.hdds.protocol.proto.HddsProtos.OzoneManagerDetailsProto;
+import org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos;
import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetCACertificateRequestProto;
import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetCertResponseProto;
import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetCertificateRequestProto;
-import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetCertificateRequestProto.Builder;
import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetDataNodeCertRequestProto;
-import org.apache.hadoop.hdds.protocol.SCMSecurityProtocol;
+import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMSecurityRequest;
+import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMSecurityRequest.Builder;
+import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMSecurityResponse;
+import org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.Type;
+import org.apache.hadoop.hdds.tracing.TracingUtil;
import org.apache.hadoop.ipc.ProtobufHelper;
import org.apache.hadoop.ipc.ProtocolTranslator;
import org.apache.hadoop.ipc.RPC;
+import com.google.protobuf.RpcController;
+import com.google.protobuf.ServiceException;
import static
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetOMCertRequestProto;
/**
@@ -53,6 +60,28 @@ public class SCMSecurityProtocolClientSideTranslatorPB
implements
}
/**
+ * Helper method to wrap the request and send the message.
+ */
+ private SCMSecurityResponse submitRequest(
+ SCMSecurityProtocolProtos.Type type,
+ Consumer<Builder> builderConsumer) throws IOException {
+ final SCMSecurityResponse response;
+ try {
+
+ Builder builder = SCMSecurityRequest.newBuilder()
+ .setCmdType(type)
+ .setTraceID(TracingUtil.exportCurrentSpan());
+ builderConsumer.accept(builder);
+ SCMSecurityRequest wrapper = builder.build();
+
+ response = rpcProxy.submitRequest(NULL_RPC_CONTROLLER, wrapper);
+ } catch (ServiceException ex) {
+ throw ProtobufHelper.getRemoteException(ex);
+ }
+ return response;
+ }
+
+ /**
* Closes this stream and releases any system resources associated
* with it. If the stream is already closed then invoking this
* method has no effect.
@@ -87,8 +116,8 @@ public class SCMSecurityProtocolClientSideTranslatorPB
implements
/**
* Get SCM signed certificate for OM.
*
- * @param omDetails - OzoneManager Details.
- * @param certSignReq - Certificate signing request.
+ * @param omDetails - OzoneManager Details.
+ * @param certSignReq - Certificate signing request.
* @return byte[] - SCM signed certificate.
*/
@Override
@@ -100,64 +129,61 @@ public class SCMSecurityProtocolClientSideTranslatorPB
implements
/**
* Get SCM signed certificate for OM.
*
- * @param omDetails - OzoneManager Details.
- * @param certSignReq - Certificate signing request.
+ * @param omDetails - OzoneManager Details.
+ * @param certSignReq - Certificate signing request.
* @return byte[] - SCM signed certificate.
*/
public SCMGetCertResponseProto getOMCertChain(
OzoneManagerDetailsProto omDetails, String certSignReq)
throws IOException {
- SCMGetOMCertRequestProto.Builder builder = SCMGetOMCertRequestProto
+ SCMGetOMCertRequestProto request = SCMGetOMCertRequestProto
.newBuilder()
.setCSR(certSignReq)
- .setOmDetails(omDetails);
- try {
- return rpcProxy.getOMCertificate(NULL_RPC_CONTROLLER, builder.build());
- } catch (ServiceException e) {
- throw ProtobufHelper.getRemoteException(e);
- }
+ .setOmDetails(omDetails)
+ .build();
+ return submitRequest(Type.GetOMCertificate,
+ builder -> builder.setGetOMCertRequest(request))
+ .getGetCertResponseProto();
}
/**
* Get SCM signed certificate with given serial id. Throws exception if
* certificate is not found.
*
- * @param certSerialId - Certificate serial id.
+ * @param certSerialId - Certificate serial id.
* @return string - pem encoded certificate.
*/
@Override
public String getCertificate(String certSerialId) throws IOException {
- Builder builder = SCMGetCertificateRequestProto
+ SCMGetCertificateRequestProto request = SCMGetCertificateRequestProto
.newBuilder()
- .setCertSerialId(certSerialId);
- try {
- return rpcProxy.getCertificate(NULL_RPC_CONTROLLER, builder.build())
- .getX509Certificate();
- } catch (ServiceException e) {
- throw ProtobufHelper.getRemoteException(e);
- }
+ .setCertSerialId(certSerialId)
+ .build();
+ return submitRequest(Type.GetCertificate,
+ builder -> builder.setGetCertificateRequest(request))
+ .getGetCertResponseProto()
+ .getX509Certificate();
}
/**
* Get SCM signed certificate for Datanode.
*
- * @param dnDetails - Datanode Details.
- * @param certSignReq - Certificate signing request.
+ * @param dnDetails - Datanode Details.
+ * @param certSignReq - Certificate signing request.
* @return byte[] - SCM signed certificate.
*/
public SCMGetCertResponseProto getDataNodeCertificateChain(
DatanodeDetailsProto dnDetails, String certSignReq)
throws IOException {
- SCMGetDataNodeCertRequestProto.Builder builder =
+
+ SCMGetDataNodeCertRequestProto request =
SCMGetDataNodeCertRequestProto.newBuilder()
.setCSR(certSignReq)
- .setDatanodeDetails(dnDetails);
- try {
- return rpcProxy.getDataNodeCertificate(NULL_RPC_CONTROLLER,
- builder.build());
- } catch (ServiceException e) {
- throw ProtobufHelper.getRemoteException(e);
- }
+ .setDatanodeDetails(dnDetails)
+ .build();
+ return submitRequest(Type.GetDataNodeCertificate,
+ builder -> builder.setGetDataNodeCertRequest(request))
+ .getGetCertResponseProto();
}
/**
@@ -169,12 +195,10 @@ public class SCMSecurityProtocolClientSideTranslatorPB
implements
public String getCACertificate() throws IOException {
SCMGetCACertificateRequestProto protoIns = SCMGetCACertificateRequestProto
.getDefaultInstance();
- try {
- return rpcProxy.getCACertificate(NULL_RPC_CONTROLLER, protoIns)
- .getX509Certificate();
- } catch (ServiceException e) {
- throw ProtobufHelper.getRemoteException(e);
- }
+ return submitRequest(Type.GetCACertificate,
+ builder -> builder.setGetCACertificateRequest(protoIns))
+ .getGetCertResponseProto().getX509Certificate();
+
}
/**
diff --git
a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/protocolPB/SCMSecurityProtocolServerSideTranslatorPB.java
b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/protocolPB/SCMSecurityProtocolServerSideTranslatorPB.java
deleted file mode 100644
index 2fd5594..0000000
---
a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/protocolPB/SCMSecurityProtocolServerSideTranslatorPB.java
+++ /dev/null
@@ -1,132 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with this
- * work for additional information regarding copyright ownership. The ASF
- * licenses this file to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * <p>
- * http://www.apache.org/licenses/LICENSE-2.0
- * <p>
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations
under
- * the License.
- */
-package org.apache.hadoop.hdds.protocolPB;
-
-import com.google.protobuf.RpcController;
-import com.google.protobuf.ServiceException;
-import java.io.IOException;
-
-import org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos;
-import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetCertResponseProto;
-import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetCertificateRequestProto;
-import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetDataNodeCertRequestProto;
-import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetCertResponseProto.ResponseCode;
-import org.apache.hadoop.hdds.protocol.SCMSecurityProtocol;
-import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetOMCertRequestProto;
-
-/**
- * This class is the server-side translator that forwards requests received on
- * {@link SCMSecurityProtocolPB} to the {@link
- * SCMSecurityProtocol} server implementation.
- */
-public class SCMSecurityProtocolServerSideTranslatorPB implements
- SCMSecurityProtocolPB {
-
- private final SCMSecurityProtocol impl;
-
- public SCMSecurityProtocolServerSideTranslatorPB(SCMSecurityProtocol impl) {
- this.impl = impl;
- }
-
- /**
- * Get SCM signed certificate for DataNode.
- *
- * @param controller
- * @param request
- * @return SCMGetDataNodeCertResponseProto.
- */
- @Override
- public SCMGetCertResponseProto getDataNodeCertificate(
- RpcController controller, SCMGetDataNodeCertRequestProto request)
- throws ServiceException {
- try {
- String certificate = impl
- .getDataNodeCertificate(request.getDatanodeDetails(),
- request.getCSR());
- SCMGetCertResponseProto.Builder builder =
- SCMGetCertResponseProto
- .newBuilder()
- .setResponseCode(ResponseCode.success)
- .setX509Certificate(certificate)
- .setX509CACertificate(impl.getCACertificate());
-
- return builder.build();
- } catch (IOException e) {
- throw new ServiceException(e);
- }
- }
-
- /**
- * Get SCM signed certificate for OzoneManager.
- *
- * @param controller
- * @param request
- * @return SCMGetCertResponseProto.
- */
- @Override
- public SCMGetCertResponseProto getOMCertificate(
- RpcController controller, SCMGetOMCertRequestProto request)
- throws ServiceException {
- try {
- String certificate = impl
- .getOMCertificate(request.getOmDetails(),
- request.getCSR());
- SCMGetCertResponseProto.Builder builder =
- SCMGetCertResponseProto
- .newBuilder()
- .setResponseCode(ResponseCode.success)
- .setX509Certificate(certificate)
- .setX509CACertificate(impl.getCACertificate());
- return builder.build();
- } catch (IOException e) {
- throw new ServiceException(e);
- }
- }
-
- @Override
- public SCMGetCertResponseProto getCertificate(RpcController controller,
- SCMGetCertificateRequestProto request) throws ServiceException {
- try {
- String certificate = impl.getCertificate(request.getCertSerialId());
- SCMGetCertResponseProto.Builder builder =
- SCMGetCertResponseProto
- .newBuilder()
- .setResponseCode(ResponseCode.success)
- .setX509Certificate(certificate);
- return builder.build();
- } catch (IOException e) {
- throw new ServiceException(e);
- }
- }
-
- @Override
- public SCMGetCertResponseProto getCACertificate(RpcController controller,
- SCMSecurityProtocolProtos.SCMGetCACertificateRequestProto request)
- throws ServiceException {
- try {
- String certificate = impl.getCACertificate();
- SCMGetCertResponseProto.Builder builder =
- SCMGetCertResponseProto
- .newBuilder()
- .setResponseCode(ResponseCode.success)
- .setX509Certificate(certificate);
- return builder.build();
- } catch (IOException e) {
- throw new ServiceException(e);
- }
- }
-}
\ No newline at end of file
diff --git a/hadoop-hdds/common/src/main/proto/SCMSecurityProtocol.proto
b/hadoop-hdds/common/src/main/proto/SCMSecurityProtocol.proto
index 5b6dd27..72e0e9f 100644
--- a/hadoop-hdds/common/src/main/proto/SCMSecurityProtocol.proto
+++ b/hadoop-hdds/common/src/main/proto/SCMSecurityProtocol.proto
@@ -30,17 +30,61 @@ option java_generic_services = true;
option java_generate_equals_and_hash = true;
-package hadoop.hdds;
+package hadoop.hdds.security;
import "hdds.proto";
/**
+All commands is send as request and all response come back via
+Response class. If adding new functions please follow this protocol, since
+our tracing and visibility tools depend on this pattern.
+*/
+message SCMSecurityRequest {
+ required Type cmdType = 1; // Type of the command
+
+ optional string traceID = 2;
+
+ optional SCMGetDataNodeCertRequestProto getDataNodeCertRequest = 3;
+ optional SCMGetOMCertRequestProto getOMCertRequest = 4;
+ optional SCMGetCertificateRequestProto getCertificateRequest = 5;
+ optional SCMGetCACertificateRequestProto getCACertificateRequest = 6;
+
+}
+
+message SCMSecurityResponse {
+ required Type cmdType = 1; // Type of the command
+
+ // A string that identifies this command, we generate Trace ID in Ozone
+ // frontend and this allows us to trace that command all over ozone.
+ optional string traceID = 2;
+
+ optional bool success = 3 [default = true];
+
+ optional string message = 4;
+
+ required Status status = 5;
+
+ optional SCMGetCertResponseProto getCertResponseProto = 6;
+
+}
+
+enum Type {
+ GetDataNodeCertificate = 1;
+ GetOMCertificate = 2;
+ GetCertificate = 3;
+ GetCACertificate = 4;
+}
+
+enum Status {
+ OK = 1;
+}
+/**
* This message is send by data node to prove its identity and get an SCM
* signed certificate.
*/
message SCMGetDataNodeCertRequestProto {
- required DatanodeDetailsProto datanodeDetails = 1;
- required string CSR = 2;
+ required DatanodeDetailsProto datanodeDetails = 1;
+ required string CSR = 2;
}
/**
@@ -48,15 +92,15 @@ message SCMGetDataNodeCertRequestProto {
* signed certificate.
*/
message SCMGetOMCertRequestProto {
- required OzoneManagerDetailsProto omDetails = 1;
- required string CSR = 2;
+ required OzoneManagerDetailsProto omDetails = 1;
+ required string CSR = 2;
}
/**
* Proto request to get a certificate with given serial id.
*/
message SCMGetCertificateRequestProto {
- required string certSerialId = 1;
+ required string certSerialId = 1;
}
/**
@@ -69,39 +113,17 @@ message SCMGetCACertificateRequestProto {
* Returns a certificate signed by SCM.
*/
message SCMGetCertResponseProto {
- enum ResponseCode {
- success = 1;
- authenticationFailed = 2;
- invalidCSR = 3;
- }
- required ResponseCode responseCode = 1;
- required string x509Certificate = 2; // Base64 encoded X509 certificate.
- optional string x509CACertificate = 3; // Base64 encoded CA X509 certificate.
+ enum ResponseCode {
+ success = 1;
+ authenticationFailed = 2;
+ invalidCSR = 3;
+ }
+ required ResponseCode responseCode = 1;
+ required string x509Certificate = 2; // Base64 encoded X509 certificate.
+ optional string x509CACertificate = 3; // Base64 encoded CA X509
certificate.
}
service SCMSecurityProtocolService {
- /**
- * Get SCM signed certificate for DataNode.
- */
- rpc getDataNodeCertificate (SCMGetDataNodeCertRequestProto) returns
- (SCMGetCertResponseProto);
-
- /**
- * Get SCM signed certificate for DataNode.
- */
- rpc getOMCertificate (SCMGetOMCertRequestProto) returns
- (SCMGetCertResponseProto);
-
- /**
- * Get SCM signed certificate for DataNode.
- */
- rpc getCertificate (SCMGetCertificateRequestProto) returns
- (SCMGetCertResponseProto);
-
- /**
- * Get SCM signed certificate for DataNode.
- */
- rpc getCACertificate (SCMGetCACertificateRequestProto) returns
- (SCMGetCertResponseProto);
+ rpc submitRequest (SCMSecurityRequest) returns (SCMSecurityResponse);
}
diff --git
a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/protocol/SCMSecurityProtocolServerSideTranslatorPB.java
b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/protocol/SCMSecurityProtocolServerSideTranslatorPB.java
new file mode 100644
index 0000000..2d14fa6
--- /dev/null
+++
b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/protocol/SCMSecurityProtocolServerSideTranslatorPB.java
@@ -0,0 +1,186 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
under
+ * the License.
+ */
+package org.apache.hadoop.hdds.scm.protocol;
+
+import com.google.protobuf.RpcController;
+import com.google.protobuf.ServiceException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+
+import org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos;
+import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetCertResponseProto;
+import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetCertificateRequestProto;
+import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetDataNodeCertRequestProto;
+import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetCertResponseProto.ResponseCode;
+import org.apache.hadoop.hdds.protocol.SCMSecurityProtocol;
+import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetOMCertRequestProto;
+import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMSecurityRequest;
+import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMSecurityResponse;
+import org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.Status;
+import org.apache.hadoop.hdds.protocolPB.SCMSecurityProtocolPB;
+import org.apache.hadoop.hdds.server.OzoneProtocolMessageDispatcher;
+import org.apache.hadoop.ozone.protocolPB.ProtocolMessageMetrics;
+
+/**
+ * This class is the server-side translator that forwards requests received on
+ * {@link SCMSecurityProtocolPB} to the {@link
+ * SCMSecurityProtocol} server implementation.
+ */
+public class SCMSecurityProtocolServerSideTranslatorPB
+ implements SCMSecurityProtocolPB {
+
+ private static final Logger LOG =
+ LoggerFactory.getLogger(SCMSecurityProtocolServerSideTranslatorPB.class);
+
+ private final SCMSecurityProtocol impl;
+
+ private OzoneProtocolMessageDispatcher<SCMSecurityRequest,
+ SCMSecurityResponse>
+ dispatcher;
+
+ public SCMSecurityProtocolServerSideTranslatorPB(SCMSecurityProtocol impl,
+ ProtocolMessageMetrics messageMetrics) {
+ this.impl = impl;
+ this.dispatcher =
+ new OzoneProtocolMessageDispatcher<>("ScmSecurityProtocol",
+ messageMetrics, LOG);
+ }
+
+ @Override
+ public SCMSecurityResponse submitRequest(RpcController controller,
+ SCMSecurityRequest request) throws ServiceException {
+ return dispatcher.processRequest(request, this::processRequest,
+ request.getCmdType(), request.getTraceID());
+ }
+
+ public SCMSecurityResponse processRequest(SCMSecurityRequest request)
+ throws ServiceException {
+ try {
+ switch (request.getCmdType()) {
+ case GetCertificate:
+ return SCMSecurityResponse.newBuilder()
+ .setCmdType(request.getCmdType())
+ .setStatus(Status.OK)
+ .setGetCertResponseProto(
+ getCertificate(request.getGetCertificateRequest()))
+ .build();
+ case GetCACertificate:
+ return SCMSecurityResponse.newBuilder()
+ .setCmdType(request.getCmdType())
+ .setStatus(Status.OK)
+ .setGetCertResponseProto(
+ getCACertificate(request.getGetCACertificateRequest()))
+ .build();
+ case GetOMCertificate:
+ return SCMSecurityResponse.newBuilder()
+ .setCmdType(request.getCmdType())
+ .setStatus(Status.OK)
+ .setGetCertResponseProto(
+ getOMCertificate(request.getGetOMCertRequest()))
+ .build();
+ case GetDataNodeCertificate:
+ return SCMSecurityResponse.newBuilder()
+ .setCmdType(request.getCmdType())
+ .setStatus(Status.OK)
+ .setGetCertResponseProto(
+ getDataNodeCertificate(request.getGetDataNodeCertRequest()))
+ .build();
+ default:
+ throw new IllegalArgumentException(
+ "Unknown request type: " + request.getCmdType());
+ }
+ } catch (IOException e) {
+ throw new ServiceException(e);
+ }
+ }
+
+ /**
+ * Get SCM signed certificate for DataNode.
+ *
+ * @param request
+ * @return SCMGetDataNodeCertResponseProto.
+ */
+
+ public SCMGetCertResponseProto getDataNodeCertificate(
+ SCMGetDataNodeCertRequestProto request)
+ throws IOException {
+
+ String certificate = impl
+ .getDataNodeCertificate(request.getDatanodeDetails(),
+ request.getCSR());
+ SCMGetCertResponseProto.Builder builder =
+ SCMGetCertResponseProto
+ .newBuilder()
+ .setResponseCode(ResponseCode.success)
+ .setX509Certificate(certificate)
+ .setX509CACertificate(impl.getCACertificate());
+
+ return builder.build();
+
+ }
+
+ /**
+ * Get SCM signed certificate for OzoneManager.
+ *
+ * @param request
+ * @return SCMGetCertResponseProto.
+ */
+ public SCMGetCertResponseProto getOMCertificate(
+ SCMGetOMCertRequestProto request) throws IOException {
+ String certificate = impl
+ .getOMCertificate(request.getOmDetails(),
+ request.getCSR());
+ SCMGetCertResponseProto.Builder builder =
+ SCMGetCertResponseProto
+ .newBuilder()
+ .setResponseCode(ResponseCode.success)
+ .setX509Certificate(certificate)
+ .setX509CACertificate(impl.getCACertificate());
+ return builder.build();
+
+ }
+
+ public SCMGetCertResponseProto getCertificate(
+ SCMGetCertificateRequestProto request) throws IOException {
+
+ String certificate = impl.getCertificate(request.getCertSerialId());
+ SCMGetCertResponseProto.Builder builder =
+ SCMGetCertResponseProto
+ .newBuilder()
+ .setResponseCode(ResponseCode.success)
+ .setX509Certificate(certificate);
+ return builder.build();
+
+ }
+
+ public SCMGetCertResponseProto getCACertificate(
+ SCMSecurityProtocolProtos.SCMGetCACertificateRequestProto request)
+ throws IOException {
+
+ String certificate = impl.getCACertificate();
+ SCMGetCertResponseProto.Builder builder =
+ SCMGetCertResponseProto
+ .newBuilder()
+ .setResponseCode(ResponseCode.success)
+ .setX509Certificate(certificate);
+ return builder.build();
+
+ }
+
+}
\ No newline at end of file
diff --git
a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMSecurityProtocolServer.java
b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMSecurityProtocolServer.java
index 05a1e04..c4b4efd 100644
---
a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMSecurityProtocolServer.java
+++
b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMSecurityProtocolServer.java
@@ -5,9 +5,9 @@
* licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ * <p>
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ * <p>
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
@@ -17,6 +17,7 @@
package org.apache.hadoop.hdds.scm.server;
import com.google.protobuf.BlockingService;
+
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.cert.CertificateException;
@@ -32,7 +33,7 @@ import
org.apache.hadoop.hdds.protocol.proto.HddsProtos.DatanodeDetailsProto;
import
org.apache.hadoop.hdds.protocol.proto.HddsProtos.OzoneManagerDetailsProto;
import org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos;
import org.apache.hadoop.hdds.protocolPB.SCMSecurityProtocolPB;
-import
org.apache.hadoop.hdds.protocolPB.SCMSecurityProtocolServerSideTranslatorPB;
+import
org.apache.hadoop.hdds.scm.protocol.SCMSecurityProtocolServerSideTranslatorPB;
import org.apache.hadoop.hdds.scm.HddsServerUtil;
import org.apache.hadoop.hdds.scm.ScmConfigKeys;
import org.apache.hadoop.hdds.protocol.SCMSecurityProtocol;
@@ -41,7 +42,9 @@ import
org.apache.hadoop.hdds.security.x509.certificate.authority.CertificateSer
import org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec;
import org.apache.hadoop.ipc.ProtobufRpcEngine;
import org.apache.hadoop.ipc.RPC;
+import org.apache.hadoop.ozone.protocolPB.ProtocolMessageMetrics;
import org.apache.hadoop.security.KerberosInfo;
+
import org.bouncycastle.cert.X509CertificateHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -62,6 +65,7 @@ public class SCMSecurityProtocolServer implements
SCMSecurityProtocol {
private final CertificateServer certificateServer;
private final RPC.Server rpcServer;
private final InetSocketAddress rpcAddress;
+ private final ProtocolMessageMetrics metrics;
SCMSecurityProtocolServer(OzoneConfiguration conf,
CertificateServer certificateServer) throws IOException {
@@ -76,10 +80,13 @@ public class SCMSecurityProtocolServer implements
SCMSecurityProtocol {
// SCM security service RPC service.
RPC.setProtocolEngine(conf, SCMSecurityProtocolPB.class,
ProtobufRpcEngine.class);
+ metrics = new ProtocolMessageMetrics("ScmSecurityProtocol",
+ "SCM Security protocol metrics",
+ SCMSecurityProtocolProtos.Type.values());
BlockingService secureProtoPbService =
SCMSecurityProtocolProtos.SCMSecurityProtocolService
.newReflectiveBlockingService(
- new SCMSecurityProtocolServerSideTranslatorPB(this));
+ new SCMSecurityProtocolServerSideTranslatorPB(this, metrics));
this.rpcServer =
StorageContainerManager.startRpcServer(
conf,
@@ -96,8 +103,8 @@ public class SCMSecurityProtocolServer implements
SCMSecurityProtocol {
/**
* Get SCM signed certificate for DataNode.
*
- * @param dnDetails - DataNode Details.
- * @param certSignReq - Certificate signing request.
+ * @param dnDetails - DataNode Details.
+ * @param certSignReq - Certificate signing request.
* @return String - SCM signed pem encoded certificate.
*/
@Override
@@ -122,8 +129,8 @@ public class SCMSecurityProtocolServer implements
SCMSecurityProtocol {
/**
* Get SCM signed certificate for OM.
*
- * @param omDetails - OzoneManager Details.
- * @param certSignReq - Certificate signing request.
+ * @param omDetails - OzoneManager Details.
+ * @param certSignReq - Certificate signing request.
* @return String - SCM signed pem encoded certificate.
*/
@Override
@@ -147,7 +154,7 @@ public class SCMSecurityProtocolServer implements
SCMSecurityProtocol {
/**
* Get SCM signed certificate with given serial id.
*
- * @param certSerialId - Certificate serial id.
+ * @param certSerialId - Certificate serial id.
* @return string - pem encoded SCM signed certificate.
*/
@Override
@@ -196,12 +203,14 @@ public class SCMSecurityProtocolServer implements
SCMSecurityProtocol {
public void start() {
LOGGER.info(StorageContainerManager.buildRpcServerStartMessage("Starting"
+ " RPC server for SCMSecurityProtocolServer.", getRpcAddress()));
+ metrics.register();
getRpcServer().start();
}
public void stop() {
try {
LOGGER.info("Stopping the SCMSecurityProtocolServer.");
+ metrics.unregister();
getRpcServer().stop();
} catch (Exception ex) {
LOGGER.error("SCMSecurityProtocolServer stop failed.", ex);
diff --git
a/hadoop-ozone/insight/src/main/java/org/apache/hadoop/ozone/insight/BaseInsightSubCommand.java
b/hadoop-ozone/insight/src/main/java/org/apache/hadoop/ozone/insight/BaseInsightSubCommand.java
index 9a6b010..a9f4b94 100644
---
a/hadoop-ozone/insight/src/main/java/org/apache/hadoop/ozone/insight/BaseInsightSubCommand.java
+++
b/hadoop-ozone/insight/src/main/java/org/apache/hadoop/ozone/insight/BaseInsightSubCommand.java
@@ -31,7 +31,7 @@ import org.apache.hadoop.ozone.insight.scm.EventQueueInsight;
import org.apache.hadoop.ozone.insight.scm.NodeManagerInsight;
import org.apache.hadoop.ozone.insight.scm.ReplicaManagerInsight;
import org.apache.hadoop.ozone.insight.scm.ScmProtocolBlockLocationInsight;
-import org.apache.hadoop.ozone.insight.scm.ScmProtocolDatanodeInsight;
+import org.apache.hadoop.ozone.insight.scm.ScmProtocolSecurityInsight;
import org.apache.hadoop.ozone.om.OMConfigKeys;
import picocli.CommandLine;
@@ -89,8 +89,8 @@ public class BaseInsightSubCommand {
insights.put("scm.event-queue", new EventQueueInsight());
insights.put("scm.protocol.block-location",
new ScmProtocolBlockLocationInsight());
- insights.put("scm.protocol.datanode",
- new ScmProtocolDatanodeInsight());
+ insights.put("scm.protocol.security",
+ new ScmProtocolSecurityInsight());
insights.put("om.key-manager", new KeyManagerInsight());
insights.put("om.protocol.client", new OmProtocolInsight());
diff --git
a/hadoop-ozone/insight/src/main/java/org/apache/hadoop/ozone/insight/scm/ScmProtocolSecurityInsight.java
b/hadoop-ozone/insight/src/main/java/org/apache/hadoop/ozone/insight/scm/ScmProtocolSecurityInsight.java
new file mode 100644
index 0000000..734da34
--- /dev/null
+++
b/hadoop-ozone/insight/src/main/java/org/apache/hadoop/ozone/insight/scm/ScmProtocolSecurityInsight.java
@@ -0,0 +1,71 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.ozone.insight.scm;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos;
+import
org.apache.hadoop.hdds.scm.protocol.SCMSecurityProtocolServerSideTranslatorPB;
+import org.apache.hadoop.hdds.scm.server.SCMSecurityProtocolServer;
+import org.apache.hadoop.ozone.insight.BaseInsightPoint;
+import org.apache.hadoop.ozone.insight.Component.Type;
+import org.apache.hadoop.ozone.insight.LoggerSource;
+import org.apache.hadoop.ozone.insight.MetricGroupDisplay;
+
+/**
+ * Insight metric to check the SCM block location protocol behaviour.
+ */
+public class ScmProtocolSecurityInsight extends BaseInsightPoint {
+
+ @Override
+ public List<LoggerSource> getRelatedLoggers(boolean verbose) {
+ List<LoggerSource> loggers = new ArrayList<>();
+ loggers.add(
+ new LoggerSource(Type.SCM,
+ SCMSecurityProtocolServerSideTranslatorPB.class,
+ defaultLevel(verbose)));
+ new LoggerSource(Type.SCM,
+ SCMSecurityProtocolServer.class,
+ defaultLevel(verbose));
+ return loggers;
+ }
+
+ @Override
+ public List<MetricGroupDisplay> getMetrics() {
+ List<MetricGroupDisplay> metrics = new ArrayList<>();
+
+ Map<String, String> filter = new HashMap<>();
+ filter.put("servername", "SCMSecurityProtocolService");
+
+ addRpcMetrics(metrics, Type.SCM, filter);
+
+ addProtocolMessageMetrics(metrics, "scm_security_protocol",
+ Type.SCM, SCMSecurityProtocolProtos.Type.values());
+
+ return metrics;
+ }
+
+ @Override
+ public String getDescription() {
+ return "SCM Block location protocol endpoint";
+ }
+
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-commits-h...@hadoop.apache.org
