[
https://issues.apache.org/jira/browse/HDDS-1901?focusedWorklogId=289151&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-289151
]
ASF GitHub Bot logged work on HDDS-1901:
----------------------------------------
Author: ASF GitHub Bot
Created on: 05/Aug/19 19:21
Start Date: 05/Aug/19 19:21
Worklog Time Spent: 10m
Work Description: hadoop-yetus commented on issue #1228: HDDS-1901. Fix
Ozone HTTP WebConsole Authentication. Contributed by X…
URL: https://github.com/apache/hadoop/pull/1228#issuecomment-518364636
:broken_heart: **-1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| 0 | reexec | 42 | Docker mode activated. |
||| _ Prechecks _ |
| +1 | dupname | 0 | No case conflicting files found. |
| 0 | shelldocs | 0 | Shelldocs was not available. |
| +1 | @author | 0 | The patch does not contain any @author tags. |
| -1 | test4tests | 0 | The patch doesn't appear to include any new or
modified tests. Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch. |
||| _ trunk Compile Tests _ |
| 0 | mvndep | 88 | Maven dependency ordering for branch |
| +1 | mvninstall | 584 | trunk passed |
| +1 | compile | 373 | trunk passed |
| +1 | checkstyle | 80 | trunk passed |
| +1 | mvnsite | 0 | trunk passed |
| +1 | shadedclient | 778 | branch has no errors when building and testing
our client artifacts. |
| +1 | javadoc | 169 | trunk passed |
| 0 | spotbugs | 424 | Used deprecated FindBugs config; considering
switching to SpotBugs. |
| +1 | findbugs | 618 | trunk passed |
||| _ Patch Compile Tests _ |
| 0 | mvndep | 36 | Maven dependency ordering for patch |
| +1 | mvninstall | 561 | the patch passed |
| +1 | compile | 369 | the patch passed |
| +1 | javac | 369 | the patch passed |
| +1 | checkstyle | 84 | the patch passed |
| +1 | mvnsite | 0 | the patch passed |
| +1 | shellcheck | 0 | There were no new shellcheck issues. |
| +1 | whitespace | 0 | The patch has no whitespace issues. |
| +1 | xml | 2 | The patch has no ill-formed XML file. |
| +1 | shadedclient | 635 | patch has no errors when building and testing
our client artifacts. |
| +1 | javadoc | 158 | the patch passed |
| +1 | findbugs | 643 | the patch passed |
||| _ Other Tests _ |
| +1 | unit | 287 | hadoop-hdds in the patch passed. |
| -1 | unit | 1794 | hadoop-ozone in the patch failed. |
| +1 | asflicense | 49 | The patch does not generate ASF License warnings. |
| | | 7605 | |
| Reason | Tests |
|-------:|:------|
| Failed junit tests | hadoop.ozone.om.TestScmSafeMode |
| | hadoop.ozone.TestMiniChaosOzoneCluster |
| | hadoop.ozone.client.rpc.TestContainerStateMachine |
| | hadoop.ozone.client.rpc.TestBlockOutputStream |
| | hadoop.ozone.om.TestOzoneManagerHA |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | Client=19.03.1 Server=19.03.1 base:
https://builds.apache.org/job/hadoop-multibranch/job/PR-1228/1/artifact/out/Dockerfile
|
| GITHUB PR | https://github.com/apache/hadoop/pull/1228 |
| Optional Tests | dupname asflicense compile javac javadoc mvninstall
mvnsite unit shadedclient findbugs checkstyle xml shellcheck shelldocs |
| uname | Linux cc84026f91f7 4.4.0-139-generic #165-Ubuntu SMP Wed Oct 24
10:58:50 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | personality/hadoop.sh |
| git revision | trunk / 71aad60 |
| Default Java | 1.8.0_212 |
| unit |
https://builds.apache.org/job/hadoop-multibranch/job/PR-1228/1/artifact/out/patch-unit-hadoop-ozone.txt
|
| Test Results |
https://builds.apache.org/job/hadoop-multibranch/job/PR-1228/1/testReport/ |
| Max. process+thread count | 3939 (vs. ulimit of 5500) |
| modules | C: hadoop-hdds/common hadoop-hdds/docs hadoop-ozone/common
hadoop-ozone/dist U: . |
| Console output |
https://builds.apache.org/job/hadoop-multibranch/job/PR-1228/1/console |
| versions | git=2.7.4 maven=3.3.9 shellcheck=0.4.6 findbugs=3.1.0-RC1 |
| Powered by | Apache Yetus 0.10.0 http://yetus.apache.org |
This message was automatically generated.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 289151)
Time Spent: 20m (was: 10m)
> Fix Ozone HTTP WebConsole Authentication
> ----------------------------------------
>
> Key: HDDS-1901
> URL: https://issues.apache.org/jira/browse/HDDS-1901
> Project: Hadoop Distributed Data Store
> Issue Type: Bug
> Affects Versions: 0.4.0
> Reporter: Vivek Ratnavel Subramanian
> Assignee: Xiaoyu Yao
> Priority: Major
> Labels: pull-request-available
> Time Spent: 20m
> Remaining Estimate: 0h
>
> This was found during integration testing where the http authentication is
> enabled but anonymous can still access the ozone http web console like
> scm:9876 or om:9874. This can be reproed with the following configurations
> added to the ozonesecure docker-compose.
> {code}
> CORE-SITE.XML_hadoop.http.authentication.simple.anonymous.allowed=false
> CORE-SITE.XML_hadoop.http.authentication.signature.secret.file=/etc/security/http_secret
> CORE-SITE.XML_hadoop.http.authentication.type=kerberos
> CORE-SITE.XML_hadoop.http.authentication.kerberos.principal=HTTP/[email protected]
> CORE-SITE.XML_hadoop.http.authentication.kerberos.keytab=/etc/security/keytabs/HTTP.keytab
> CORE-SITE.XML_hadoop.http.filter.initializers=org.apache.hadoop.security.AuthenticationFilterInitializer
> {code}
> After debugging into the KerberosAuthenticationFilter, the root cause is the
> name of the keytab does not follow the AuthenticationFilter tradition. The
> fix is to change
> hdds.scm.http.kerberos.keytab.file to hdds.scm.http.kerberos.keytab and
> hdds.om.http.kerberos.keytab.file to hdds.om.http.kerberos.keytab
> I will also add an integration test for this under ozonesecure
> docker-compose.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
