[jira] [Commented] (HDDS-10509) Allow running ratis shell commands in secure Ozone cluster.

Fri, 10 Jan 2025 09:59:17 -0800 


    [ 
https://issues.apache.org/jira/browse/HDDS-10509?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17912053#comment-17912053
 ] 

Tsz-wo Sze commented on HDDS-10509:
-----------------------------------

[~pifta], For creating a XceiverClientRatis, we get a tlsConfig from the Ozone 
SecurityConfig; see
 - 
[https://github.com/apache/ozone/blob/da8fa24791b3a2e75b4abab922d8688190ced716/hadoop-hdds/client/src/main/java/org/apache/hadoop/hdds/scm/XceiverClientRatis.java#L92-L96]

Creating a RatisShall is similar:
{code:java}
//See also XceiverClientRatis.newXceiverClientRatis
  public static RatisShell newRatisShell(ConfigurationSource ozoneConf, 
ClientTrustManager trustManager) {
    final String rpcType = 
ozoneConf.get(ScmConfigKeys.HDDS_CONTAINER_RATIS_RPC_TYPE_KEY,
        ScmConfigKeys.HDDS_CONTAINER_RATIS_RPC_TYPE_DEFAULT);
    final RaftProperties properties = 
RatisHelper.newRaftProperties(SupportedRpcType.valueOfIgnoreCase(rpcType));

    final GrpcTlsConfig tlsConfig = RatisHelper.createTlsClientConfig(new
        SecurityConfig(ozoneConf), trustManager);
    final Parameters parameters = new Parameters();
    GrpcConfigKeys.Admin.setTlsConf(parameters, tlsConfig);

    return RatisShell.newBuilder()
        .setProperties(properties)
        .setParameters(parameters)
        .setRetryPolicy(RatisHelper.createRetryPolicy(ozoneConf))
        .build();
  }
{code}

> Allow running ratis shell commands in secure Ozone cluster.
> -----------------------------------------------------------
>
>                 Key: HDDS-10509
>                 URL: https://issues.apache.org/jira/browse/HDDS-10509
>             Project: Apache Ozone
>          Issue Type: Sub-task
>          Components: Tools
>            Reporter: Tsz-wo Sze
>            Assignee: Rishabh Patel
>            Priority: Major
>
> When Ozone is in secure mode, running ratis shell directly cannot access 
> Ozone since ratis shell does not have Ozone UserGroupInformation.  We should 
> add a new Ozone command to run ratis shell.  The new Ozone command can get 
> the UserGroupInformation and then run the ratis commands.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to