adoroszlai commented on code in PR #7803: URL: https://github.com/apache/ozone/pull/7803#discussion_r1955002664
########## hadoop-hdds/docs/content/security/SecuringDatanodes.md: ########## @@ -37,8 +37,8 @@ that is setup in hdfs-site.xml. Property|Description --------|-------------- -dfs.datanode.kerberos.principal|The datanode service principal. <br/> e.g. dn/[email protected] -dfs.datanode.kerberos.keytab.file| The keytab file used by datanode daemon to login as its service principal. +hdds.datanode.kerberos.principal|The datanode service principal. <br/> e.g. dn/[email protected] +hdds.datanode.kerberos.keytab.file| The keytab file used by datanode daemon to login as its service principal. Review Comment: This doc talks about supporting legacy config, so let's keep `dfs.` prefix. ########## hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/DFSConfigKeysLegacy.java: ########## @@ -29,58 +29,46 @@ private DFSConfigKeysLegacy() { } public static final String DFS_DATANODE_DNS_INTERFACE_KEY = - "dfs.datanode.dns.interface"; + "hdds.datanode.dns.interface"; public static final String DFS_DATANODE_DNS_NAMESERVER_KEY = - "dfs.datanode.dns.nameserver"; + "hdds.datanode.dns.nameserver"; public static final String DFS_DATANODE_HOST_NAME_KEY = - "dfs.datanode.hostname"; + "hdds.datanode.hostname"; public static final String DFS_DATANODE_DATA_DIR_KEY = - "dfs.datanode.data.dir"; + "hdds.datanode.data.dir"; public static final String DFS_DATANODE_USE_DN_HOSTNAME = - "dfs.datanode.use.datanode.hostname"; + "hdds.datanode.use.datanode.hostname"; public static final boolean DFS_DATANODE_USE_DN_HOSTNAME_DEFAULT = false; - public static final String DFS_XFRAME_OPTION_ENABLED = "dfs.xframe.enabled"; + public static final String DFS_XFRAME_OPTION_ENABLED = "hdds.xframe.enabled"; public static final boolean DFS_XFRAME_OPTION_ENABLED_DEFAULT = true; - public static final String DFS_XFRAME_OPTION_VALUE = "dfs.xframe.value"; + public static final String DFS_XFRAME_OPTION_VALUE = "hdds.xframe.value"; public static final String DFS_XFRAME_OPTION_VALUE_DEFAULT = "SAMEORIGIN"; public static final String DFS_METRICS_SESSION_ID_KEY = - "dfs.metrics.session-id"; + "hdds.metrics.session-id"; public static final String NET_TOPOLOGY_NODE_SWITCH_MAPPING_IMPL_KEY = "net.topology.node.switch.mapping.impl"; - public static final String DFS_CLIENT_HTTPS_KEYSTORE_RESOURCE_KEY = - "dfs.client.https.keystore.resource"; - - public static final String DFS_SERVER_HTTPS_KEYSTORE_RESOURCE_KEY = - "dfs.https.server.keystore.resource"; - - public static final String DFS_HTTP_POLICY_KEY = "dfs.http.policy"; - public static final String DFS_DATANODE_KERBEROS_PRINCIPAL_KEY = - "dfs.datanode.kerberos.principal"; - - @Deprecated - public static final String DFS_DATANODE_KEYTAB_FILE_KEY = - "dfs.datanode.keytab.file"; + "hdds.datanode.kerberos.principal"; public static final String DFS_DATANODE_KERBEROS_KEYTAB_FILE_KEY = - "dfs.datanode.kerberos.keytab.file"; + "hdds.datanode.kerberos.keytab.file"; public static final String DFS_METRICS_PERCENTILES_INTERVALS_KEY = - "dfs.metrics.percentiles.intervals"; + "hdds.metrics.percentiles.intervals"; public static final String DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY = - "dfs.web.authentication.kerberos.keytab"; + "hdds.web.authentication.kerberos.keytab"; Review Comment: It seems this constant is not used anywhere, I think we can remove it. ########## hadoop-ozone/dist/src/main/compose/ozonesecure-ha/docker-config: ########## @@ -92,10 +92,10 @@ OZONE-SITE.XML_ozone.s3g.kerberos.principal=s3g/[email protected] OZONE-SITE.XML_ozone.httpfs.kerberos.keytab.file=/etc/security/keytabs/httpfs.keytab OZONE-SITE.XML_ozone.httpfs.kerberos.principal=httpfs/[email protected] -HDFS-SITE.XML_dfs.datanode.kerberos.principal=dn/[email protected] -HDFS-SITE.XML_dfs.datanode.kerberos.keytab.file=/etc/security/keytabs/dn.keytab +HDFS-SITE.XML_hdds.datanode.kerberos.principal=dn/[email protected] +HDFS-SITE.XML_hdds.datanode.kerberos.keytab.file=/etc/security/keytabs/dn.keytab Review Comment: Let's also change `HDFS-SITE` to `OZONE-SITE`. (Also in other similar files.) ########## hadoop-ozone/dist/src/main/compose/ozonesecure-ha/docker-config: ########## @@ -92,10 +92,10 @@ OZONE-SITE.XML_ozone.s3g.kerberos.principal=s3g/[email protected] OZONE-SITE.XML_ozone.httpfs.kerberos.keytab.file=/etc/security/keytabs/httpfs.keytab OZONE-SITE.XML_ozone.httpfs.kerberos.principal=httpfs/[email protected] -HDFS-SITE.XML_dfs.datanode.kerberos.principal=dn/[email protected] -HDFS-SITE.XML_dfs.datanode.kerberos.keytab.file=/etc/security/keytabs/dn.keytab +HDFS-SITE.XML_hdds.datanode.kerberos.principal=dn/[email protected] +HDFS-SITE.XML_hdds.datanode.kerberos.keytab.file=/etc/security/keytabs/dn.keytab HDFS-SITE.XML_dfs.web.authentication.kerberos.principal=HTTP/[email protected] -HDFS-SITE.XML_dfs.web.authentication.kerberos.keytab=/etc/security/keytabs/HTTP.keytab +HDFS-SITE.XML_hdds.web.authentication.kerberos.keytab=/etc/security/keytabs/HTTP.keytab Review Comment: These can be removed. (Also in other similar files.) ########## hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/conf/OzoneConfiguration.java: ########## @@ -382,7 +382,37 @@ private static void addDeprecatedKeys() { new DeprecationDelta("dfs.ratis.server.retry-cache.timeout.duration", ScmConfigKeys.HDDS_RATIS_SERVER_RETRY_CACHE_TIMEOUT_DURATION_KEY), new DeprecationDelta("dfs.ratis.snapshot.threshold", - ScmConfigKeys.HDDS_RATIS_SNAPSHOT_THRESHOLD_KEY) + ScmConfigKeys.HDDS_RATIS_SNAPSHOT_THRESHOLD_KEY), + new DeprecationDelta("dfs.datanode.dns.interface", + DFSConfigKeysLegacy.DFS_DATANODE_DNS_INTERFACE_KEY), + new DeprecationDelta("dfs.datanode.dns.nameserver", + DFSConfigKeysLegacy.DFS_DATANODE_DNS_NAMESERVER_KEY), + new DeprecationDelta("dfs.datanode.hostname", + DFSConfigKeysLegacy.DFS_DATANODE_HOST_NAME_KEY), + new DeprecationDelta("dfs.datanode.data.dir", + DFSConfigKeysLegacy.DFS_DATANODE_DATA_DIR_KEY), + new DeprecationDelta("dfs.datanode.use.datanode.hostname", + DFSConfigKeysLegacy.DFS_DATANODE_USE_DN_HOSTNAME), + new DeprecationDelta("dfs.xframe.enabled", + DFSConfigKeysLegacy.DFS_XFRAME_OPTION_ENABLED), + new DeprecationDelta("dfs.xframe.value", + DFSConfigKeysLegacy.DFS_XFRAME_OPTION_VALUE), + new DeprecationDelta("dfs.metrics.session-id", + DFSConfigKeysLegacy.DFS_METRICS_SESSION_ID_KEY), + new DeprecationDelta("dfs.client.https.keystore.resource", + OzoneConfigKeys.OZONE_CLIENT_HTTPS_KEYSTORE_RESOURCE_KEY), + new DeprecationDelta("dfs.https.server.keystore.resource", + OzoneConfigKeys.OZONE_SERVER_HTTPS_KEYSTORE_RESOURCE_KEY), + new DeprecationDelta("dfs.http.policy", + OzoneConfigKeys.OZONE_HTTP_POLICY_KEY), + new DeprecationDelta("dfs.datanode.kerberos.principal", + DFSConfigKeysLegacy.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY), + new DeprecationDelta("dfs.datanode.kerberos.keytab.file", + DFSConfigKeysLegacy.DFS_DATANODE_KERBEROS_KEYTAB_FILE_KEY), + new DeprecationDelta("dfs.metrics.percentiles.intervals", + DFSConfigKeysLegacy.DFS_METRICS_PERCENTILES_INTERVALS_KEY), + new DeprecationDelta("dfs.web.authentication.kerberos.keytab", + DFSConfigKeysLegacy.DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY) Review Comment: This one is not needed, either. ########## hadoop-hdds/docs/content/security/SecuringDatanodes.zh.md: ########## @@ -32,8 +32,8 @@ Hadoop 中 datanode 的安全机制是通过给每个节点创建 Keytab 文件 参数名|描述 --------|-------------- -dfs.datanode.kerberos.principal| datanode 的服务主体名 <br/> 比如:dn/[email protected] -dfs.datanode.kerberos.keytab.file| datanode 进程所使用的 keytab 文件 +hdds.datanode.kerberos.principal| datanode 的服务主体名 <br/> 比如:dn/[email protected] +hdds.datanode.kerberos.keytab.file| datanode 进程所使用的 keytab 文件 Review Comment: Same here, let's keep `dfs.` prefix. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
