This is an automated email from the ASF dual-hosted git repository. adoroszlai pushed a commit to branch HDDS-4440-s3-performance in repository https://gitbox.apache.org/repos/asf/ozone.git
commit d87a7461c1e4eb661bffa0d54d2c2faf0aa2c100 Author: Doroszlai, Attila <[email protected]> AuthorDate: Mon Apr 11 19:12:00 2022 +0200 Revert "HDDS-5545. Enable TLS for GRPC OmTransport implementation (#2945)" This reverts commit 0b0c586fec7bf7931d09821a74bbe3cb64afc110. --- hadoop-ozone/common/pom.xml | 11 --- .../org/apache/hadoop/ozone/om/OMConfigKeys.java | 1 + .../ozone/om/protocolPB/GrpcOmTransport.java | 39 +-------- .../ozone/om/protocolPB/OmTransportFactory.java | 8 +- ...OzoneManagerProtocolClientSideTranslatorPB.java | 2 +- hadoop-ozone/dist/src/main/license/bin/LICENSE.txt | 2 - hadoop-ozone/dist/src/main/license/jar-report.txt | 2 - .../src/main/proto/OmClientProtocol.proto | 2 +- hadoop-ozone/ozone-manager/pom.xml | 11 --- .../hadoop/ozone/om/GrpcOzoneManagerServer.java | 46 ++--------- .../org/apache/hadoop/ozone/om/OzoneManager.java | 3 +- .../ozone/om/TestGrpcOzoneManagerServer.java | 3 +- .../apache/hadoop/ozone/s3/OzoneClientCache.java | 96 +--------------------- .../hadoop/ozone/s3/endpoint/EndpointBase.java | 2 +- .../ozone/protocolPB/TestGrpcOmTransport.java | 13 --- pom.xml | 3 - 16 files changed, 22 insertions(+), 222 deletions(-) diff --git a/hadoop-ozone/common/pom.xml b/hadoop-ozone/common/pom.xml index 701e6d5e6a..7c9518ab53 100644 --- a/hadoop-ozone/common/pom.xml +++ b/hadoop-ozone/common/pom.xml @@ -48,17 +48,6 @@ https://maven.apache.org/xsd/maven-4.0.0.xsd";> <dependency> <groupId>io.netty</groupId> <artifactId>netty-handler-proxy</artifactId> - </dependency> - <dependency> - <groupId>io.netty</groupId> - <artifactId>netty-tcnative-boringssl-static</artifactId> - <version>${tcnative.version}</version> - <scope>runtime</scope> - </dependency> - <dependency> - <groupId>io.netty</groupId> - <artifactId>netty-tcnative</artifactId> - <version>${tcnative.version}</version> </dependency> <dependency> <groupId>org.mockito</groupId> diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OMConfigKeys.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OMConfigKeys.java index e679404eba..6ebd7e11ad 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OMConfigKeys.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OMConfigKeys.java @@ -307,4 +307,5 @@ public final class OMConfigKeys { public static final String OZONE_OM_TRANSPORT_CLASS_DEFAULT = "org.apache.hadoop.ozone.om.protocolPB" + ".Hadoop3OmTransportFactory"; + } diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/protocolPB/GrpcOmTransport.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/protocolPB/GrpcOmTransport.java index 764f51b2f6..72c29f0cc6 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/protocolPB/GrpcOmTransport.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/protocolPB/GrpcOmTransport.java @@ -19,12 +19,11 @@ package org.apache.hadoop.ozone.om.protocolPB; import java.io.IOException; import java.lang.reflect.Constructor; -import java.security.cert.X509Certificate; -import java.util.List; import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicBoolean; import java.util.concurrent.atomic.AtomicReference; import java.util.HashMap; +import java.util.List; import java.util.Map; import com.google.common.net.HostAndPort; @@ -36,7 +35,6 @@ import org.apache.hadoop.hdds.conf.Config; import org.apache.hadoop.hdds.conf.ConfigGroup; import org.apache.hadoop.hdds.conf.ConfigTag; import org.apache.hadoop.hdds.conf.ConfigurationSource; -import org.apache.hadoop.hdds.security.x509.SecurityConfig; import org.apache.hadoop.io.Text; import org.apache.hadoop.io.retry.RetryPolicy; import org.apache.hadoop.ozone.OzoneConfigKeys; @@ -50,9 +48,7 @@ import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.ozone.om.ha.GrpcOMFailoverProxyProvider; import org.apache.hadoop.ozone.protocol.proto.OzoneManagerServiceGrpc; import io.grpc.ManagedChannel; -import io.grpc.netty.GrpcSslContexts; import io.grpc.netty.NettyChannelBuilder; -import io.netty.handler.ssl.SslContextBuilder; import com.google.common.annotations.VisibleForTesting; import org.slf4j.Logger; @@ -74,8 +70,6 @@ public class GrpcOmTransport implements OmTransport { private final AtomicBoolean isRunning = new AtomicBoolean(false); // gRPC specific - private static List<X509Certificate> caCerts = null; - private OzoneManagerServiceGrpc.OzoneManagerServiceBlockingStub client; private Map<String, OzoneManagerServiceGrpc.OzoneManagerServiceBlockingStub> clients; @@ -83,13 +77,9 @@ public class GrpcOmTransport implements OmTransport { private int lastVisited = -1; private ConfigurationSource conf; + //private String host = "om"; private AtomicReference<String> host; private int maxSize; - private SecurityConfig secConfig; - - public static void setCaCerts(List<X509Certificate> x509Certificates) { - caCerts = x509Certificates; - } private List<String> oms; private RetryPolicy retryPolicy; @@ -106,7 +96,6 @@ public class GrpcOmTransport implements OmTransport { this.conf = conf; this.host = new AtomicReference(); - secConfig = new SecurityConfig(conf); maxSize = conf.getInt(OZONE_OM_GRPC_MAXIMUM_RESPONSE_LENGTH, OZONE_OM_GRPC_MAXIMUM_RESPONSE_LENGTH_DEFAULT); @@ -138,29 +127,6 @@ public class GrpcOmTransport implements OmTransport { NettyChannelBuilder.forAddress(hp.getHost(), hp.getPort()) .usePlaintext() .maxInboundMessageSize(OzoneConsts.OZONE_SCM_CHUNK_MAX_SIZE); - - if (secConfig.isGrpcTlsEnabled()) { - try { - SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient(); - if (secConfig.isSecurityEnabled()) { - if (caCerts != null) { - sslContextBuilder.trustManager(caCerts); - } else { - LOG.error("x509Certicates empty"); - } - channelBuilder.useTransportSecurity(). - sslContext(sslContextBuilder.build()); - } else { - LOG.error("ozone.security not enabled when TLS specified," + - " using plaintext"); - } - } catch (Exception ex) { - LOG.error("cannot establish TLS for grpc om transport client"); - } - } else { - channelBuilder.usePlaintext(); - } - channels.put(hostaddr, channelBuilder.build()); clients.put(hostaddr, OzoneManagerServiceGrpc @@ -170,6 +136,7 @@ public class GrpcOmTransport implements OmTransport { OzoneConfigKeys.OZONE_CLIENT_FAILOVER_MAX_ATTEMPTS_KEY, OzoneConfigKeys.OZONE_CLIENT_FAILOVER_MAX_ATTEMPTS_DEFAULT); + retryPolicy = omFailoverProxyProvider.getRetryPolicy(maxFailovers); LOG.info("{}: started", CLIENT_NAME); } diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/protocolPB/OmTransportFactory.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/protocolPB/OmTransportFactory.java index 2ba8536e18..2eb11d0320 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/protocolPB/OmTransportFactory.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/protocolPB/OmTransportFactory.java @@ -46,8 +46,8 @@ public interface OmTransportFactory { throws IOException { try { // if configured transport class is different than the default - // OmTransportFactory (Hadoop3OmTransportFactory), then - // check service loader for transport class and instantiate it + // Hadoop3OmTransportFactory, then check service loader for + // transport class and instantiate it if (conf .get(OZONE_OM_TRANSPORT_CLASS, OZONE_OM_TRANSPORT_CLASS_DEFAULT) != @@ -61,7 +61,9 @@ public interface OmTransportFactory { } } return OmTransportFactory.class.getClassLoader() - .loadClass(OZONE_OM_TRANSPORT_CLASS_DEFAULT) + .loadClass( + "org.apache.hadoop.ozone.om.protocolPB" + + ".Hadoop3OmTransportFactory") .asSubclass(OmTransportFactory.class) .newInstance(); } catch (Exception ex) { diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/protocolPB/OzoneManagerProtocolClientSideTranslatorPB.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/protocolPB/OzoneManagerProtocolClientSideTranslatorPB.java index e368f10732..be758a06d2 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/protocolPB/OzoneManagerProtocolClientSideTranslatorPB.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/protocolPB/OzoneManagerProtocolClientSideTranslatorPB.java @@ -178,7 +178,7 @@ public final class OzoneManagerProtocolClientSideTranslatorPB private OmTransport transport; private ThreadLocal<S3Auth> threadLocalS3Auth = new ThreadLocal<>(); - + private boolean s3AuthCheck; public OzoneManagerProtocolClientSideTranslatorPB(OmTransport omTransport, String clientId) { diff --git a/hadoop-ozone/dist/src/main/license/bin/LICENSE.txt b/hadoop-ozone/dist/src/main/license/bin/LICENSE.txt index 20281ea0c5..3439317598 100644 --- a/hadoop-ozone/dist/src/main/license/bin/LICENSE.txt +++ b/hadoop-ozone/dist/src/main/license/bin/LICENSE.txt @@ -309,8 +309,6 @@ Apache License io.netty:netty-handler io.netty:netty-handler-proxy io.netty:netty-resolver - io.netty:netty-tcnative-boringssl-static - io.netty:netty-tcnative io.netty:netty-transport io.netty:netty-transport-native-epoll io.netty:netty-transport-native-unix-common diff --git a/hadoop-ozone/dist/src/main/license/jar-report.txt b/hadoop-ozone/dist/src/main/license/jar-report.txt index a337955656..ec949fdf33 100644 --- a/hadoop-ozone/dist/src/main/license/jar-report.txt +++ b/hadoop-ozone/dist/src/main/license/jar-report.txt @@ -172,8 +172,6 @@ share/ozone/lib/netty-common.Final.jar share/ozone/lib/netty-handler.Final.jar share/ozone/lib/netty-handler-proxy.Final.jar share/ozone/lib/netty-resolver.Final.jar -share/ozone/lib/netty-tcnative-boringssl-static.Final.jar -share/ozone/lib/netty-tcnative.Final.jar share/ozone/lib/netty-transport.Final.jar share/ozone/lib/netty-transport-native-epoll.Final.jar share/ozone/lib/netty-transport-native-unix-common.Final.jar diff --git a/hadoop-ozone/interface-client/src/main/proto/OmClientProtocol.proto b/hadoop-ozone/interface-client/src/main/proto/OmClientProtocol.proto index bbb4267a12..694d7df6b3 100644 --- a/hadoop-ozone/interface-client/src/main/proto/OmClientProtocol.proto +++ b/hadoop-ozone/interface-client/src/main/proto/OmClientProtocol.proto @@ -1350,7 +1350,7 @@ message UpdateGetS3SecretRequest { } /** - This will be used by OM to authenticate S3 gateway requests on a per request basis. + This will be used by OM to authenicate S3 gateway requests on a per request basis. */ message S3Authentication { required string stringToSign = 1; diff --git a/hadoop-ozone/ozone-manager/pom.xml b/hadoop-ozone/ozone-manager/pom.xml index bc2909e686..cea140b122 100644 --- a/hadoop-ozone/ozone-manager/pom.xml +++ b/hadoop-ozone/ozone-manager/pom.xml @@ -87,17 +87,6 @@ https://maven.apache.org/xsd/maven-4.0.0.xsd";> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15on</artifactId> </dependency> - <dependency> - <groupId>io.netty</groupId> - <artifactId>netty-tcnative</artifactId> - <version>${tcnative.version}</version> - </dependency> - <dependency> - <groupId>io.netty</groupId> - <artifactId>netty-tcnative-boringssl-static</artifactId> - <version>${tcnative.version}</version> - <scope>runtime</scope> - </dependency> <dependency> <groupId>org.mockito</groupId> diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/GrpcOzoneManagerServer.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/GrpcOzoneManagerServer.java index b083378fab..7fe338c83e 100644 --- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/GrpcOzoneManagerServer.java +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/GrpcOzoneManagerServer.java @@ -30,23 +30,11 @@ import org.apache.hadoop.ozone.OzoneConsts; import org.apache.hadoop.ozone.ha.ConfUtils; import org.apache.hadoop.ozone.protocolPB.OzoneManagerProtocolServerSideTranslatorPB; import org.apache.hadoop.ozone.security.OzoneDelegationTokenSecretManager; -import org.apache.hadoop.hdds.security.x509.SecurityConfig; -import org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient; -import io.grpc.netty.GrpcSslContexts; -import io.grpc.netty.NettyServerBuilder; -import io.netty.handler.ssl.SslContextBuilder; -import io.netty.handler.ssl.SslProvider; import io.grpc.Server; - +import io.grpc.netty.NettyServerBuilder; import org.slf4j.Logger; import org.slf4j.LoggerFactory; - - -import static org.apache.hadoop.hdds.HddsConfigKeys.HDDS_GRPC_TLS_PROVIDER; -import static org.apache.hadoop.hdds.HddsConfigKeys - .HDDS_GRPC_TLS_PROVIDER_DEFAULT; - /** * Separated network server for gRPC transport OzoneManagerService s3g->OM. */ @@ -61,8 +49,7 @@ public class GrpcOzoneManagerServer { OzoneManagerProtocolServerSideTranslatorPB omTranslator, OzoneDelegationTokenSecretManager - delegationTokenMgr, - CertificateClient caClient) { + delegationTokenMgr) { OptionalInt haPort = HddsUtils.getNumberFromConfigKeys(config, ConfUtils.addKeySuffixes( OMConfigKeys.OZONE_OM_GRPC_PORT_KEY, @@ -76,44 +63,21 @@ public class GrpcOzoneManagerServer { GrpcOzoneManagerServerConfig.class). getPort(); } - + init(omTranslator, delegationTokenMgr, - config, - caClient); + config); } public void init(OzoneManagerProtocolServerSideTranslatorPB omTranslator, OzoneDelegationTokenSecretManager delegationTokenMgr, - OzoneConfiguration omServerConfig, - CertificateClient caClient) { + OzoneConfiguration omServerConfig) { NettyServerBuilder nettyServerBuilder = NettyServerBuilder.forPort(port) .maxInboundMessageSize(OzoneConsts.OZONE_SCM_CHUNK_MAX_SIZE) .addService(new OzoneManagerServiceGrpc(omTranslator, delegationTokenMgr, omServerConfig)); - SecurityConfig secConf = new SecurityConfig(omServerConfig); - if (secConf.isGrpcTlsEnabled()) { - try { - if (secConf.isSecurityEnabled()) { - SslContextBuilder sslClientContextBuilder = - SslContextBuilder.forServer(caClient.getPrivateKey(), - caClient.getCertificate()); - SslContextBuilder sslContextBuilder = GrpcSslContexts.configure( - sslClientContextBuilder, - SslProvider.valueOf(omServerConfig.get(HDDS_GRPC_TLS_PROVIDER, - HDDS_GRPC_TLS_PROVIDER_DEFAULT))); - nettyServerBuilder.sslContext(sslContextBuilder.build()); - } else { - LOG.error("ozone.security not enabled when TLS specified," + - " creating Om S3g GRPC channel using plaintext"); - } - } catch (Exception ex) { - LOG.error("Unable to setup TLS for secure Om S3g GRPC channel.", ex); - } - } - server = nettyServerBuilder.build(); } diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java index a02b3197a0..6297199c27 100644 --- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java @@ -1107,8 +1107,7 @@ public final class OzoneManager extends ServiceRuntimeInfoImpl throws IOException { return new GrpcOzoneManagerServer(conf, this.omServerProtocol, - this.delegationTokenMgr, - this.certClient); + this.delegationTokenMgr); } private static boolean isOzoneSecurityEnabled() { diff --git a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/TestGrpcOzoneManagerServer.java b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/TestGrpcOzoneManagerServer.java index e58b7a47ea..b75a651eea 100644 --- a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/TestGrpcOzoneManagerServer.java +++ b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/TestGrpcOzoneManagerServer.java @@ -49,8 +49,7 @@ public class TestGrpcOzoneManagerServer { server = new GrpcOzoneManagerServer(conf, omServerProtocol, - ozoneManager.getDelegationTokenMgr(), - ozoneManager.getCertificateClient()); + ozoneManager.getDelegationTokenMgr()); try { server.start(); diff --git a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/OzoneClientCache.java b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/OzoneClientCache.java index 80f0b643fc..ab88b18e7e 100644 --- a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/OzoneClientCache.java +++ b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/OzoneClientCache.java @@ -19,25 +19,15 @@ package org.apache.hadoop.ozone.s3; import org.apache.hadoop.ozone.OmUtils; import org.apache.hadoop.hdds.conf.OzoneConfiguration; -import org.apache.hadoop.hdds.security.x509.SecurityConfig; import org.apache.hadoop.ozone.client.OzoneClient; import org.apache.hadoop.ozone.client.OzoneClientFactory; import org.apache.hadoop.ozone.om.protocol.S3Auth; -import org.apache.hadoop.ozone.om.helpers.ServiceInfoEx; -import org.apache.hadoop.ozone.om.protocolPB.GrpcOmTransport; -import org.apache.hadoop.ozone.OzoneSecurityUtil; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import javax.annotation.PreDestroy; import javax.enterprise.context.ApplicationScoped; import java.io.IOException; -import java.security.cert.CertificateException; -import java.util.Collections; -import java.util.List; - -import static org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_OM_TRANSPORT_CLASS; -import static org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_OM_TRANSPORT_CLASS_DEFAULT; import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_OM_CLIENT_PROTOCOL_VERSION; import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_OM_CLIENT_PROTOCOL_VERSION_KEY; @@ -53,29 +43,16 @@ public final class OzoneClientCache { // for s3g gRPC OmTransport, OmRequest - OmResponse channel private static OzoneClientCache instance; private OzoneClient client; - private SecurityConfig secConfig; private OzoneClientCache(OzoneConfiguration ozoneConfiguration) throws IOException { + // S3 Gateway should always set the S3 Auth. + ozoneConfiguration.setBoolean(S3Auth.S3_AUTH_CHECK, true); // Set the expected OM version if not set via config. ozoneConfiguration.setIfUnset(OZONE_OM_CLIENT_PROTOCOL_VERSION_KEY, OZONE_OM_CLIENT_PROTOCOL_VERSION); String omServiceID = OmUtils.getOzoneManagerServiceId(ozoneConfiguration); - secConfig = new SecurityConfig(ozoneConfiguration); - client = null; try { - if (secConfig.isGrpcTlsEnabled()) { - if (ozoneConfiguration - .get(OZONE_OM_TRANSPORT_CLASS, - OZONE_OM_TRANSPORT_CLASS_DEFAULT) != - OZONE_OM_TRANSPORT_CLASS_DEFAULT) { - // Grpc transport selected - // need to get certificate for TLS through - // hadoop rpc first via ServiceInfo - setCertificate(omServiceID, - ozoneConfiguration); - } - } if (omServiceID == null) { client = OzoneClientFactory.getRpcClient(ozoneConfiguration); } else { @@ -87,8 +64,6 @@ public final class OzoneClientCache { LOG.warn("cannot create OzoneClient", e); throw e; } - // S3 Gateway should always set the S3 Auth. - ozoneConfiguration.setBoolean(S3Auth.S3_AUTH_CHECK, true); } public static OzoneClient getOzoneClientInstance(OzoneConfiguration @@ -100,73 +75,8 @@ public final class OzoneClientCache { return instance.client; } - public static void closeClient() throws IOException { - if (instance != null) { - instance.client.close(); - instance = null; - } - } - - private void setCertificate(String omServiceID, - OzoneConfiguration conf) - throws IOException { - - // create local copy of config incase exception occurs - // with certificate OmRequest - OzoneConfiguration config = new OzoneConfiguration(conf); - OzoneClient certClient; - - if (secConfig.isGrpcTlsEnabled()) { - // set OmTransport to hadoop rpc to securely, - // get certificates with service list request - config.set(OZONE_OM_TRANSPORT_CLASS, - OZONE_OM_TRANSPORT_CLASS_DEFAULT); - - if (omServiceID == null) { - certClient = OzoneClientFactory.getRpcClient(config); - } else { - // As in HA case, we need to pass om service ID. - certClient = OzoneClientFactory.getRpcClient(omServiceID, - config); - } - try { - ServiceInfoEx serviceInfoEx = certClient - .getObjectStore() - .getClientProxy() - .getOzoneManagerClient() - .getServiceInfo(); - - if (OzoneSecurityUtil.isSecurityEnabled(conf)) { - String caCertPem = null; - List<String> caCertPems = null; - caCertPem = serviceInfoEx.getCaCertificate(); - caCertPems = serviceInfoEx.getCaCertPemList(); - if (caCertPems == null || caCertPems.isEmpty()) { - if (caCertPem == null) { - LOG.error("S3g received empty caCertPems from serviceInfo"); - throw new CertificateException("No caCerts found; caCertPem can" + - " not be null when caCertPems is empty or null"); - } - caCertPems = Collections.singletonList(caCertPem); - } - GrpcOmTransport.setCaCerts(OzoneSecurityUtil - .convertToX509(caCertPems)); - } - } catch (CertificateException ce) { - throw new IOException(ce); - } catch (IOException e) { - throw e; - } finally { - if (certClient != null) { - certClient.close(); - } - } - } - } - - @PreDestroy public void destroy() throws IOException { - OzoneClientCache.closeClient(); + client.close(); } } diff --git a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/EndpointBase.java b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/EndpointBase.java index 162d0b55aa..248ee92cfd 100644 --- a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/EndpointBase.java +++ b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/EndpointBase.java @@ -58,7 +58,7 @@ public abstract class EndpointBase { } catch (OMException ex) { if (ex.getResult() == ResultCodes.KEY_NOT_FOUND) { throw S3ErrorTable.newError(S3ErrorTable.NO_SUCH_BUCKET, bucketName); - } else if (ex.getResult() == ResultCodes.INVALID_TOKEN) { + } else if (ex.getResult() == ResultCodes.S3_SECRET_NOT_FOUND) { throw S3ErrorTable.newError(S3ErrorTable.ACCESS_DENIED, s3Auth.getAccessID()); } else if (ex.getResult() == ResultCodes.TIMEOUT || diff --git a/hadoop-ozone/s3gateway/src/test/java/org/apache/hadoop/ozone/protocolPB/TestGrpcOmTransport.java b/hadoop-ozone/s3gateway/src/test/java/org/apache/hadoop/ozone/protocolPB/TestGrpcOmTransport.java index a28f47a809..a158e0212e 100644 --- a/hadoop-ozone/s3gateway/src/test/java/org/apache/hadoop/ozone/protocolPB/TestGrpcOmTransport.java +++ b/hadoop-ozone/s3gateway/src/test/java/org/apache/hadoop/ozone/protocolPB/TestGrpcOmTransport.java @@ -58,19 +58,6 @@ public class TestGrpcOmTransport { } - @Test - public void testHrpcOmTransportFactory() throws Exception { - String omServiceId = ""; - OzoneConfiguration conf = new OzoneConfiguration(); - - UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); - OmTransport omTransport = OmTransportFactory.create(conf, ugi, omServiceId); - // OmTransport should be Hadoop Rpc and - // fail equality GrpcOmTransport equality test - Assert.assertNotEquals(GrpcOmTransport.class.getSimpleName(), - omTransport.getClass().getSimpleName()); - } - @Test public void testStartStop() throws Exception { String omServiceId = ""; diff --git a/pom.xml b/pom.xml index 9b282a68f3..11a0ad1ee9 100644 --- a/pom.xml +++ b/pom.xml @@ -194,9 +194,6 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xs <netty.version>4.1.63.Final</netty.version> <io.grpc.version>1.38.0</io.grpc.version> - <tcnative.version>2.0.38.Final</tcnative.version> <!-- See table for correct version --> - <!-- Table for netty, grpc & tcnative version combinations --> - <!-- https://github.com/grpc/grpc-java/blob/master/SECURITY.md#netty --> <!-- define the Java language version used by the compiler --> <javac.version>1.8</javac.version> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
