errose28 commented on code in PR #5585:
URL: https://github.com/apache/ozone/pull/5585#discussion_r1406778380
##########
hadoop-ozone/dist/src/main/compose/common/security.conf:
##########
@@ -0,0 +1,105 @@
+# Licensed to the Apache Software Foundation (ASF) under one
Review Comment:
Is there a plan to refactor other secure tests' configurations to use this
file in a future jira?
##########
hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/docker-config:
##########
@@ -59,6 +59,11 @@ OZONE-SITE.XML_ozone.recon.db.dir=/data/metadata/recon
OZONE-SITE.XML_ozone.recon.om.snapshot.task.interval.delay=1m
OZONE-SITE.XML_ozone.recon.address=recon:9891
+CORE-SITE.XML_dfs.data.transfer.protection=authentication
+CORE-SITE.XML_hadoop.security.authentication=kerberos
+CORE-SITE.XML_hadoop.security.auth_to_local="DEFAULT"
+CORE-SITE.XML_hadoop.security.key.provider.path=kms://http@kms:9600/kms
+
Review Comment:
Are these hadoop keys only used by the hdfs client with ofs? I can't find
usages of them in the Ozone code.
##########
hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/docker-config:
##########
@@ -27,9 +27,9 @@ OZONE-SITE.XML_ozone.om.ratis.enable=true
OZONE-SITE.XML_ozone.scm.service.ids=scmservice
OZONE-SITE.XML_ozone.scm.nodes.scmservice=scm1,scm2,scm3
-OZONE-SITE.XML_ozone.scm.address.scmservice.scm1=scm1
-OZONE-SITE.XML_ozone.scm.address.scmservice.scm2=scm2
-OZONE-SITE.XML_ozone.scm.address.scmservice.scm3=scm3
+OZONE-SITE.XML_ozone.scm.address.scmservice.scm1=scm1.org
+OZONE-SITE.XML_ozone.scm.address.scmservice.scm2=scm2.org
+OZONE-SITE.XML_ozone.scm.address.scmservice.scm3=scm3.org
Review Comment:
Why is the `.org` suffix necessary for the SCM host names but not the OM? I
assume this is something specific to kerberos.
##########
hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/docker-compose.yaml:
##########
@@ -59,35 +61,75 @@ x-om:
- 9872
x-volumes:
+ - &keytabs ../../../_keytabs:/etc/security/keytabs
+ - &krb5conf ./krb5.conf:/etc/krb5.conf
- &ozone-dir ../../../..:${OZONE_DIR}
- &transformation
../../../../libexec/transformation.py:/opt/hadoop/libexec/transformation.py
services:
+ kdc:
+ command: ["krb5kdc","-n"]
+ hostname: kdc
+ image: ${OZONE_TESTKRB5_IMAGE}
+ networks:
+ net:
+ ipv4_address: 10.9.0.2
+ volumes:
+ - *keytabs
+ - ../../../..:/opt/hadoop
Review Comment:
Should we use the `OZONE_DIR` variable here instead?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
