This is an automated email from the ASF dual-hosted git repository. arp pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/hadoop-ozone.git
The following commit(s) were added to refs/heads/master by this push: new feedc6a Revert "HDDS-1847: Datanode Kerberos principal and keytab config key looks inconsistent" feedc6a is described below commit feedc6a1c2716132d72ef5bdcabc56c2107f0bc8 Author: Arpit Agarwal <aagar...@cloudera.com> AuthorDate: Fri Nov 1 13:18:16 2019 -0700 Revert "HDDS-1847: Datanode Kerberos principal and keytab config key looks inconsistent" This reverts commit 8527a9d9ceb0e1b2ba3bfc8ebc06e7589135f7f3. --- .../hadoop/hdds/protocol/SCMSecurityProtocol.java | 3 +- .../hdds/protocolPB/SCMSecurityProtocolPB.java | 4 +- .../java/org/apache/hadoop/hdds/scm/ScmConfig.java | 41 -------------- .../org/apache/hadoop/hdds/scm/ScmConfigKeys.java | 11 +++- .../scm/protocol/ScmBlockLocationProtocol.java | 4 +- .../protocol/StorageContainerLocationProtocol.java | 4 +- .../scm/protocolPB/ScmBlockLocationProtocolPB.java | 4 +- .../StorageContainerLocationProtocolPB.java | 4 +- .../protocol/StorageContainerDatanodeProtocol.java | 5 +- .../StorageContainerDatanodeProtocolPB.java | 4 +- .../hdds/scm/server/SCMHTTPServerConfig.java | 63 ---------------------- .../hdds/scm/server/SCMSecurityProtocolServer.java | 3 +- .../hdds/scm/server/StorageContainerManager.java | 12 ++--- .../server/StorageContainerManagerHttpServer.java | 9 +--- .../hadoop/ozone/TestSecureOzoneCluster.java | 25 ++++----- 15 files changed, 44 insertions(+), 152 deletions(-) diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/protocol/SCMSecurityProtocol.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/protocol/SCMSecurityProtocol.java index f58374d..4036cb1 100644 --- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/protocol/SCMSecurityProtocol.java +++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/protocol/SCMSecurityProtocol.java @@ -20,7 +20,6 @@ import java.io.IOException; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.hdds.protocol.proto.HddsProtos.DatanodeDetailsProto; import org.apache.hadoop.hdds.protocol.proto.HddsProtos.OzoneManagerDetailsProto; -import org.apache.hadoop.hdds.scm.ScmConfig; import org.apache.hadoop.hdds.scm.ScmConfigKeys; import org.apache.hadoop.security.KerberosInfo; @@ -28,7 +27,7 @@ import org.apache.hadoop.security.KerberosInfo; * The protocol used to perform security related operations with SCM. */ @KerberosInfo( - serverPrincipal = ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_PRINCIPAL_KEY) + serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY) @InterfaceAudience.Private public interface SCMSecurityProtocol { diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/protocolPB/SCMSecurityProtocolPB.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/protocolPB/SCMSecurityProtocolPB.java index 98e4483..41b0332 100644 --- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/protocolPB/SCMSecurityProtocolPB.java +++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/protocolPB/SCMSecurityProtocolPB.java @@ -17,7 +17,7 @@ package org.apache.hadoop.hdds.protocolPB; import org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMSecurityProtocolService; -import org.apache.hadoop.hdds.scm.ScmConfig; +import org.apache.hadoop.hdds.scm.ScmConfigKeys; import org.apache.hadoop.ipc.ProtocolInfo; import org.apache.hadoop.security.KerberosInfo; @@ -28,7 +28,7 @@ import org.apache.hadoop.security.KerberosInfo; @ProtocolInfo(protocolName = "org.apache.hadoop.hdds.protocol.SCMSecurityProtocol", protocolVersion = 1) -@KerberosInfo(serverPrincipal = ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_PRINCIPAL_KEY) +@KerberosInfo(serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY) public interface SCMSecurityProtocolPB extends SCMSecurityProtocolService.BlockingInterface { diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/ScmConfig.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/ScmConfig.java deleted file mode 100644 index 1318dce..0000000 --- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/ScmConfig.java +++ /dev/null @@ -1,41 +0,0 @@ -package org.apache.hadoop.hdds.scm; - -import org.apache.hadoop.hdds.conf.Config; -import org.apache.hadoop.hdds.conf.ConfigGroup; -import org.apache.hadoop.hdds.conf.ConfigTag; -import org.apache.hadoop.hdds.conf.ConfigType; - -@ConfigGroup(prefix = "hdds.scm") -public class ScmConfig { - private String principal; - private String keytab; - - @Config(key = "kerberos.principal", - type = ConfigType.STRING, - defaultValue = "", - tags = { ConfigTag.SECURITY }, - description = "This Kerberos principal is used by the SCM service." - ) - public void setKerberosPrincipal(String kerberosPrincipal) { this.principal = kerberosPrincipal; } - - @Config(key = "kerberos.keytab.file", - type = ConfigType.STRING, - defaultValue = "", - tags = { ConfigTag.SECURITY }, - description = "The keytab file used by SCM daemon to login as its service principal." - ) - public void setKerberosKeytab(String kerberosKeytab) { this.keytab = kerberosKeytab; } - - public String getKerberosPrincipal() { return this.principal; } - - public String getKerberosKeytab() { return this.keytab; } - - public static class ConfigStrings { - /* required for SCMSecurityProtocol where the KerberosInfo references the old configuration with - * the annotation shown below:- - * @KerberosInfo(serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY) - */ - public static final String HDDS_SCM_KERBEROS_PRINCIPAL_KEY = "hdds.scm.kerberos.principal"; - public static final String HDDS_SCM_KERBEROS_KEYTAB_FILE_KEY = "hdds.scm.kerberos.keytab.file"; - } -} diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/ScmConfigKeys.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/ScmConfigKeys.java index 3c35e56..1617806 100644 --- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/ScmConfigKeys.java +++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/ScmConfigKeys.java @@ -220,7 +220,10 @@ public final class ScmConfigKeys { "ozone.scm.http-address"; public static final String OZONE_SCM_HTTPS_ADDRESS_KEY = "ozone.scm.https-address"; - + public static final String HDDS_SCM_KERBEROS_KEYTAB_FILE_KEY = + "hdds.scm.kerberos.keytab.file"; + public static final String HDDS_SCM_KERBEROS_PRINCIPAL_KEY = + "hdds.scm.kerberos.principal"; public static final String OZONE_SCM_HTTP_BIND_HOST_DEFAULT = "0.0.0.0"; public static final int OZONE_SCM_HTTP_BIND_PORT_DEFAULT = 9876; public static final int OZONE_SCM_HTTPS_BIND_PORT_DEFAULT = 9877; @@ -347,6 +350,12 @@ public final class ScmConfigKeys { public static final String HDDS_SCM_WATCHER_TIMEOUT_DEFAULT = "10m"; + public static final String + HDDS_SCM_HTTP_KERBEROS_PRINCIPAL_KEY = + "hdds.scm.http.kerberos.principal"; + public static final String + HDDS_SCM_HTTP_KERBEROS_KEYTAB_FILE_KEY = + "hdds.scm.http.kerberos.keytab"; // Network topology public static final String OZONE_SCM_NETWORK_TOPOLOGY_SCHEMA_FILE = diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocol/ScmBlockLocationProtocol.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocol/ScmBlockLocationProtocol.java index 0953cde..18045f8 100644 --- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocol/ScmBlockLocationProtocol.java +++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocol/ScmBlockLocationProtocol.java @@ -18,7 +18,7 @@ package org.apache.hadoop.hdds.scm.protocol; import org.apache.hadoop.hdds.protocol.DatanodeDetails; -import org.apache.hadoop.hdds.scm.ScmConfig; +import org.apache.hadoop.hdds.scm.ScmConfigKeys; import org.apache.hadoop.hdds.scm.container.common.helpers.ExcludeList; import org.apache.hadoop.security.KerberosInfo; import org.apache.hadoop.hdds.scm.ScmInfo; @@ -36,7 +36,7 @@ import java.util.List; * ScmBlockLocationProtocol is used by an HDFS node to find the set of nodes * to read/write a block. */ -@KerberosInfo(serverPrincipal = ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_PRINCIPAL_KEY) +@KerberosInfo(serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY) public interface ScmBlockLocationProtocol extends Closeable { @SuppressWarnings("checkstyle:ConstantName") diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocol/StorageContainerLocationProtocol.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocol/StorageContainerLocationProtocol.java index 4d25916..88db820 100644 --- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocol/StorageContainerLocationProtocol.java +++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocol/StorageContainerLocationProtocol.java @@ -17,7 +17,7 @@ package org.apache.hadoop.hdds.scm.protocol; -import org.apache.hadoop.hdds.scm.ScmConfig; +import org.apache.hadoop.hdds.scm.ScmConfigKeys; import org.apache.hadoop.hdds.scm.ScmInfo; import org.apache.hadoop.hdds.scm.container.common.helpers.ContainerWithPipeline; import org.apache.hadoop.hdds.scm.container.ContainerInfo; @@ -35,7 +35,7 @@ import org.apache.hadoop.security.KerberosInfo; * ContainerLocationProtocol is used by an HDFS node to find the set of nodes * that currently host a container. */ -@KerberosInfo(serverPrincipal = ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_PRINCIPAL_KEY) +@KerberosInfo(serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY) public interface StorageContainerLocationProtocol extends Closeable { @SuppressWarnings("checkstyle:ConstantName") diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocolPB/ScmBlockLocationProtocolPB.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocolPB/ScmBlockLocationProtocolPB.java index 32713b7..1ba698b 100644 --- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocolPB/ScmBlockLocationProtocolPB.java +++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocolPB/ScmBlockLocationProtocolPB.java @@ -20,7 +20,7 @@ package org.apache.hadoop.hdds.scm.protocolPB; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.hdds.protocol.proto.ScmBlockLocationProtocolProtos .ScmBlockLocationProtocolService; -import org.apache.hadoop.hdds.scm.ScmConfig; +import org.apache.hadoop.hdds.scm.ScmConfigKeys; import org.apache.hadoop.ipc.ProtocolInfo; import org.apache.hadoop.security.KerberosInfo; @@ -33,7 +33,7 @@ import org.apache.hadoop.security.KerberosInfo; protocolVersion = 1) @InterfaceAudience.Private @KerberosInfo( - serverPrincipal = ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_PRINCIPAL_KEY) + serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY) public interface ScmBlockLocationProtocolPB extends ScmBlockLocationProtocolService.BlockingInterface { } diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocolPB/StorageContainerLocationProtocolPB.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocolPB/StorageContainerLocationProtocolPB.java index c42a1f7..f0af7aa 100644 --- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocolPB/StorageContainerLocationProtocolPB.java +++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocolPB/StorageContainerLocationProtocolPB.java @@ -21,7 +21,7 @@ import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.hdds.protocol.proto .StorageContainerLocationProtocolProtos .StorageContainerLocationProtocolService; -import org.apache.hadoop.hdds.scm.ScmConfig; +import org.apache.hadoop.hdds.scm.ScmConfigKeys; import org.apache.hadoop.ipc.ProtocolInfo; import org.apache.hadoop.security.KerberosInfo; @@ -33,7 +33,7 @@ import org.apache.hadoop.security.KerberosInfo; "org.apache.hadoop.hdds.scm.protocol.StorageContainerLocationProtocol", protocolVersion = 1) @KerberosInfo( - serverPrincipal = ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_PRINCIPAL_KEY) + serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY) @InterfaceAudience.Private public interface StorageContainerLocationProtocolPB extends StorageContainerLocationProtocolService.BlockingInterface { diff --git a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/protocol/StorageContainerDatanodeProtocol.java b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/protocol/StorageContainerDatanodeProtocol.java index 3e0450f..61bdb27 100644 --- a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/protocol/StorageContainerDatanodeProtocol.java +++ b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/protocol/StorageContainerDatanodeProtocol.java @@ -36,8 +36,7 @@ import org.apache.hadoop.hdds.protocol.proto .StorageContainerDatanodeProtocolProtos.SCMVersionResponseProto; import java.io.IOException; - -import org.apache.hadoop.hdds.scm.ScmConfig; +import org.apache.hadoop.hdds.scm.ScmConfigKeys; import org.apache.hadoop.security.KerberosInfo; /** @@ -45,7 +44,7 @@ import org.apache.hadoop.security.KerberosInfo; * Protoc file that defines this protocol. */ @KerberosInfo( - serverPrincipal = ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_PRINCIPAL_KEY) + serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY) @InterfaceAudience.Private public interface StorageContainerDatanodeProtocol { diff --git a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/protocolPB/StorageContainerDatanodeProtocolPB.java b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/protocolPB/StorageContainerDatanodeProtocolPB.java index 680f393..9006e91 100644 --- a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/protocolPB/StorageContainerDatanodeProtocolPB.java +++ b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/protocolPB/StorageContainerDatanodeProtocolPB.java @@ -19,7 +19,7 @@ package org.apache.hadoop.ozone.protocolPB; import org.apache.hadoop.hdds.protocol.proto .StorageContainerDatanodeProtocolProtos .StorageContainerDatanodeProtocolService; -import org.apache.hadoop.hdds.scm.ScmConfig; +import org.apache.hadoop.hdds.scm.ScmConfigKeys; import org.apache.hadoop.hdfs.DFSConfigKeys; import org.apache.hadoop.ipc.ProtocolInfo; import org.apache.hadoop.security.KerberosInfo; @@ -33,7 +33,7 @@ import org.apache.hadoop.security.KerberosInfo; "org.apache.hadoop.ozone.protocol.StorageContainerDatanodeProtocol", protocolVersion = 1) @KerberosInfo( - serverPrincipal = ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_PRINCIPAL_KEY, + serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY, clientPrincipal = DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY) public interface StorageContainerDatanodeProtocolPB extends StorageContainerDatanodeProtocolService.BlockingInterface { diff --git a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMHTTPServerConfig.java b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMHTTPServerConfig.java deleted file mode 100644 index 7561bc9..0000000 --- a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMHTTPServerConfig.java +++ /dev/null @@ -1,63 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license - * agreements. See the NOTICE file distributed with this work for additional - * information regarding - * copyright ownership. The ASF licenses this file to you under the Apache - * License, Version 2.0 (the - * "License"); you may not use this file except in compliance with the - * License. You may obtain a - * copy of the License at - * - * <p>http://www.apache.org/licenses/LICENSE-2.0 - * - * <p>Unless required by applicable law or agreed to in writing, software - * distributed under the - * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR - * CONDITIONS OF ANY KIND, either - * express or implied. See the License for the specific language governing - * permissions and - * limitations under the License. - */ -package org.apache.hadoop.hdds.scm.server; - -import org.apache.hadoop.hdds.conf.Config; -import org.apache.hadoop.hdds.conf.ConfigGroup; -import org.apache.hadoop.hdds.conf.ConfigTag; -import org.apache.hadoop.hdds.conf.ConfigType; - -@ConfigGroup(prefix = "hdds.scm.http") -public class SCMHTTPServerConfig { - - private String principal; - private String keytab; - - @Config(key = "kerberos.principal", - type = ConfigType.STRING, - defaultValue = "", - tags = { ConfigTag.SECURITY }, - description = "This Kerberos principal is used when communicating to " + - "the HTTP server of SCM.The protocol used is SPNEGO." - ) - public void setKerberosPrincipal(String kerberosPrincipal) { this.principal = kerberosPrincipal; } - - @Config(key = "kerberos.keytab", - type = ConfigType.STRING, - defaultValue = "", - tags = { ConfigTag.SECURITY }, - description = "The keytab file used by SCM http server to login as its service principal." - ) - public void setKerberosKeytab(String kerberosKeytab) { this.keytab = kerberosKeytab; } - - public String getKerberosPrincipal() { return this.principal; } - - public String getKerberosKeytab() { return this.keytab; } - public static class ConfigStrings { - /* required for SCMSecurityProtocol where the KerberosInfo references the old configuration with - * the annotation shown below:- - * @KerberosInfo(serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY) - */ - public static final String HDDS_SCM_HTTP_KERBEROS_PRINCIPAL_KEY = "hdds.scm.http.kerberos.principal"; - public static final String HDDS_SCM_HTTP_KERBEROS_KEYTAB_FILE_KEY = "hdds.scm.http.kerberos.keytab"; - } -} diff --git a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMSecurityProtocolServer.java b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMSecurityProtocolServer.java index 86fd468..c4b4efd 100644 --- a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMSecurityProtocolServer.java +++ b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMSecurityProtocolServer.java @@ -35,7 +35,6 @@ import org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos; import org.apache.hadoop.hdds.protocolPB.SCMSecurityProtocolPB; import org.apache.hadoop.hdds.scm.protocol.SCMSecurityProtocolServerSideTranslatorPB; import org.apache.hadoop.hdds.scm.HddsServerUtil; -import org.apache.hadoop.hdds.scm.ScmConfig; import org.apache.hadoop.hdds.scm.ScmConfigKeys; import org.apache.hadoop.hdds.protocol.SCMSecurityProtocol; import org.apache.hadoop.hdds.security.x509.SecurityConfig; @@ -56,7 +55,7 @@ import static org.apache.hadoop.hdds.security.x509.certificate.authority.Certifi * The protocol used to perform security related operations with SCM. */ @KerberosInfo( - serverPrincipal = ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_PRINCIPAL_KEY) + serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY) @InterfaceAudience.Private public class SCMSecurityProtocolServer implements SCMSecurityProtocol { diff --git a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java index 48faeaf..7a375fc 100644 --- a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java +++ b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java @@ -36,7 +36,6 @@ import org.apache.hadoop.hdds.protocol.proto.HddsProtos; import org.apache.hadoop.hdds.protocol.proto.HddsProtos.NodeState; import org.apache.hadoop.hdds.ratis.RatisHelper; import org.apache.hadoop.hdds.scm.HddsServerUtil; -import org.apache.hadoop.hdds.scm.ScmConfig; import org.apache.hadoop.hdds.scm.ScmConfigKeys; import org.apache.hadoop.hdds.scm.block.BlockManager; import org.apache.hadoop.hdds.scm.block.BlockManagerImpl; @@ -116,6 +115,8 @@ import java.util.Map; import java.util.concurrent.ConcurrentMap; import java.util.concurrent.TimeUnit; +import static org.apache.hadoop.hdds.scm.ScmConfigKeys.HDDS_SCM_KERBEROS_KEYTAB_FILE_KEY; +import static org.apache.hadoop.hdds.scm.ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY; import static org.apache.hadoop.hdds.scm.ScmConfigKeys.HDDS_SCM_WATCHER_TIMEOUT_DEFAULT; /** @@ -493,11 +494,10 @@ public final class StorageContainerManager extends ServiceRuntimeInfoImpl private void loginAsSCMUser(Configuration conf) throws IOException, AuthenticationException { if (LOG.isDebugEnabled()) { - ScmConfig scmConfig = configuration.getObject(ScmConfig.class); LOG.debug("Ozone security is enabled. Attempting login for SCM user. " + "Principal: {}, keytab: {}", - scmConfig.getKerberosPrincipal(), - scmConfig.getKerberosKeytab()); + conf.get(HDDS_SCM_KERBEROS_PRINCIPAL_KEY), + conf.get(HDDS_SCM_KERBEROS_KEYTAB_FILE_KEY)); } if (SecurityUtil.getAuthenticationMethod(conf).equals( @@ -505,8 +505,8 @@ public final class StorageContainerManager extends ServiceRuntimeInfoImpl UserGroupInformation.setConfiguration(conf); InetSocketAddress socAddr = HddsServerUtil .getScmBlockClientBindAddress(conf); - SecurityUtil.login(conf, ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_KEYTAB_FILE_KEY, - ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName()); + SecurityUtil.login(conf, HDDS_SCM_KERBEROS_KEYTAB_FILE_KEY, + HDDS_SCM_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName()); } else { throw new AuthenticationException(SecurityUtil.getAuthenticationMethod( conf) + " authentication method not support. " diff --git a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManagerHttpServer.java b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManagerHttpServer.java index 5b6e808..dce2a45 100644 --- a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManagerHttpServer.java +++ b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManagerHttpServer.java @@ -18,7 +18,6 @@ package org.apache.hadoop.hdds.scm.server; import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.hdds.conf.OzoneConfiguration; import org.apache.hadoop.hdds.scm.ScmConfigKeys; import org.apache.hadoop.hdds.server.BaseHttpServer; @@ -29,13 +28,9 @@ import java.io.IOException; */ public class StorageContainerManagerHttpServer extends BaseHttpServer { - OzoneConfiguration ozoneConfiguration; - SCMHTTPServerConfig httpServerConfig; public StorageContainerManagerHttpServer(Configuration conf) throws IOException { super(conf, "scm"); - ozoneConfiguration = new OzoneConfiguration(conf); - httpServerConfig = ozoneConfiguration.getObject(SCMHTTPServerConfig.class); } @Override protected String getHttpAddressKey() { @@ -67,11 +62,11 @@ public class StorageContainerManagerHttpServer extends BaseHttpServer { } @Override protected String getKeytabFile() { - return httpServerConfig.getKerberosKeytab(); + return ScmConfigKeys.HDDS_SCM_HTTP_KERBEROS_KEYTAB_FILE_KEY; } @Override protected String getSpnegoPrincipal() { - return httpServerConfig.getKerberosPrincipal(); + return ScmConfigKeys.HDDS_SCM_HTTP_KERBEROS_PRINCIPAL_KEY; } @Override protected String getEnabledKey() { diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestSecureOzoneCluster.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestSecureOzoneCluster.java index 1b59b01..b38a7cb 100644 --- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestSecureOzoneCluster.java +++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestSecureOzoneCluster.java @@ -36,11 +36,9 @@ import org.apache.hadoop.hdds.HddsConfigKeys; import org.apache.hadoop.hdds.conf.OzoneConfiguration; import org.apache.hadoop.hdds.protocol.SCMSecurityProtocol; import org.apache.hadoop.hdds.scm.HddsTestUtils; -import org.apache.hadoop.hdds.scm.ScmConfig; import org.apache.hadoop.hdds.scm.ScmConfigKeys; import org.apache.hadoop.hdds.scm.ScmInfo; import org.apache.hadoop.hdds.scm.client.HddsClientUtils; -import org.apache.hadoop.hdds.scm.server.SCMHTTPServerConfig; import org.apache.hadoop.hdds.scm.server.SCMStorageConfig; import org.apache.hadoop.hdds.scm.server.StorageContainerManager; import org.apache.hadoop.hdds.security.x509.SecurityConfig; @@ -207,12 +205,11 @@ public final class TestSecureOzoneCluster { private void createCredentialsInKDC(Configuration configuration, MiniKdc kdc) throws Exception { - OzoneConfiguration ozoneConfiguration = new OzoneConfiguration(configuration); - SCMHTTPServerConfig httpServerConfig = ozoneConfiguration.getObject(SCMHTTPServerConfig.class); createPrincipal(scmKeytab, - httpServerConfig.getKerberosPrincipal()); + configuration.get(ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY)); createPrincipal(spnegoKeytab, - httpServerConfig.getKerberosKeytab()); + configuration.get(ScmConfigKeys + .HDDS_SCM_HTTP_KERBEROS_PRINCIPAL_KEY)); createPrincipal(testUserKeytab, testUserPrincipal); createPrincipal(omKeyTab, configuration.get(OMConfigKeys.OZONE_OM_KERBEROS_PRINCIPAL_KEY)); @@ -236,8 +233,6 @@ public final class TestSecureOzoneCluster { } private void setSecureConfig(Configuration configuration) throws IOException { - SCMHTTPServerConfig httpServerConfig = conf.getObject(SCMHTTPServerConfig.class); - ScmConfig scmConfig = conf.getObject(ScmConfig.class); configuration.setBoolean(OZONE_SECURITY_ENABLED_KEY, true); host = InetAddress.getLocalHost().getCanonicalHostName() .toLowerCase(); @@ -249,9 +244,9 @@ public final class TestSecureOzoneCluster { "kerberos"); configuration.set(OZONE_ADMINISTRATORS, curUser); - configuration.set(ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_PRINCIPAL_KEY, + configuration.set(ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY, "scm/" + host + "@" + realm); - configuration.set(SCMHTTPServerConfig.ConfigStrings.HDDS_SCM_HTTP_KERBEROS_PRINCIPAL_KEY, + configuration.set(ScmConfigKeys.HDDS_SCM_HTTP_KERBEROS_PRINCIPAL_KEY, "HTTP_SCM/" + host + "@" + realm); configuration.set(OMConfigKeys.OZONE_OM_KERBEROS_PRINCIPAL_KEY, @@ -265,10 +260,10 @@ public final class TestSecureOzoneCluster { testUserKeytab = new File(workDir, "testuser.keytab"); testUserPrincipal = "test@" + realm; - configuration.set(ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_KEYTAB_FILE_KEY, + configuration.set(ScmConfigKeys.HDDS_SCM_KERBEROS_KEYTAB_FILE_KEY, scmKeytab.getAbsolutePath()); configuration.set( - SCMHTTPServerConfig.ConfigStrings.HDDS_SCM_HTTP_KERBEROS_KEYTAB_FILE_KEY, + ScmConfigKeys.HDDS_SCM_HTTP_KERBEROS_KEYTAB_FILE_KEY, spnegoKeytab.getAbsolutePath()); configuration.set(OMConfigKeys.OZONE_OM_KERBEROS_KEYTAB_FILE_KEY, omKeyTab.getAbsolutePath()); @@ -352,7 +347,7 @@ public final class TestSecureOzoneCluster { @Test public void testSecureScmStartupFailure() throws Exception { initSCM(); - conf.set(ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_KEYTAB_FILE_KEY, ""); + conf.set(ScmConfigKeys.HDDS_SCM_KERBEROS_KEYTAB_FILE_KEY, ""); conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); @@ -362,9 +357,9 @@ public final class TestSecureOzoneCluster { StorageContainerManager.createSCM(conf); }); - conf.set(ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_PRINCIPAL_KEY, + conf.set(ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY, "scm/_h...@example.com"); - conf.set(ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_KEYTAB_FILE_KEY, + conf.set(ScmConfigKeys.HDDS_SCM_KERBEROS_KEYTAB_FILE_KEY, "/etc/security/keytabs/scm.keytab"); testCommonKerberosFailures( --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-commits-h...@hadoop.apache.org