adoroszlai commented on a change in pull request #2165: URL: https://github.com/apache/ozone/pull/2165#discussion_r620046767
########## File path: hadoop-ozone/dist/src/main/compose/ozonesecure-mr/docker-config ########## @@ -78,7 +80,7 @@ MAPRED-SITE.XML_mapreduce.reduce.env=HADOOP_MAPRED_HOME=$HADOOP_HOME MAPRED-SITE.XML_mapreduce.map.memory.mb=2048 MAPRED-SITE.XML_mapreduce.reduce.memory.mb=2048 #MAPRED-SITE.XML_mapred.child.java.opts=-Xmx2048 -MAPRED-SITE.XML_mapreduce.application.classpath=/opt/hadoop/share/hadoop/mapreduce/*:/opt/hadoop/share/hadoop/mapreduce/lib/*:/opt/ozone/share/ozone/lib/[email protected]@.jar +MAPRED-SITE.XML_mapreduce.application.classpath=/opt/hadoop/share/hadoop/mapreduce/*:/opt/hadoop/share/hadoop/mapreduce/lib/*:/opt/ozone/share/ozone/lib/hadoop-ozone-filesystem-hadoop3-1.1.0-SNAPSHOT.jar Review comment: Seems to be unintended change (copy from target to source). ########## File path: hadoop-ozone/dist/src/main/smoketest/commonlib.robot ########## @@ -32,6 +32,6 @@ Kinit HTTP user Kinit test user [arguments] ${user} ${keytab} - ${hostname} = Execute hostname + ${hostname} = Execute hostname | sed 's/.org//' | sed 's/[0-9]//' Review comment: I think ACLs like `user:testuser2/${SCM}@EXAMPLE.COM` need to be tweaked, too. With SCM HA they apply to `testuser2/scm1`, but this `sed` makes the test `kinit` with `testuser2/scm`. This causes test failure: ``` Can follow link with read access | FAIL | 'PERMISSION_DENIED User testuser2/[email protected] doesn't have READ permission to access volume 84112-target null null' does not contain 'key-in-readable-bucket' ``` https://github.com/apache/ozone/runs/2400748407#step:6:1636 ########## File path: hadoop-ozone/dist/dev-support/bin/dist-layout-stitching ########## @@ -120,6 +120,12 @@ run cp -p -r "${ROOT}/hadoop-ozone/dist/src/main/smoketest" . run cp -p -r "${ROOT}/hadoop-ozone/dist/target/k8s" kubernetes run cp -p -r "${ROOT}/hadoop-ozone/dist/target/Dockerfile" . +#Copy pre-generated keytabs +run cp -p -R "${ROOT}/hadoop-ozone/dist/src/main/keytabs" compose/ozonesecure +run cp -p -R "${ROOT}/hadoop-ozone/dist/src/main/keytabs" compose/ozonesecure-mr +run cp -p -R "${ROOT}/hadoop-ozone/dist/src/main/keytabs" compose/ozonesecure-om-ha +run cp -p -R "${ROOT}/hadoop-ozone/dist/src/main/keytabs" compose/ozonesecure-ha Review comment: Can we put a single copy under `compose/` (or a subdirectory) and use it for all environments? ########## File path: hadoop-ozone/dist/src/main/compose/ozonesecure-mr/docker-compose.yaml ########## @@ -108,13 +112,15 @@ services: - ozone volumes: - ../..:/opt/ozone + - ./keytabs:/etc/security/keytabs + - ./krb5.conf:/etc/krb5.conf - ../../libexec/transformation.py:/opt/transformation.py ports: - 8088:8088 env_file: - ./docker-config environment: - KERBEROS_KEYTABS: rm HTTP hadoop + HADOOP_CLASSPATH: /opt/ozone/share/ozone/lib/hadoop-ozone-filesystem-hadoop3-1.1.0-SNAPSHOT.jar Review comment: Is this needed (same variable is defined in `docker-config`)? If so, shouldn't version number come from placeholder? ########## File path: hadoop-ozone/dist/src/main/compose/ozonesecure-ha/docker-compose.yaml ########## @@ -55,8 +58,6 @@ services: env_file: - docker-config environment: - WAITFOR: scm3.org:9865 Review comment: Are these `WAITFOR` configs being removed intentionally? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
