HADOOP-14880. [KMS] Document&test missing KMS client side configs. Contributed by Gabor Bota.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/97c70c7a Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/97c70c7a Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/97c70c7a Branch: refs/heads/YARN-1011 Commit: 97c70c7ac6881f87eee1575bcbdd28b31ecac231 Parents: 60bfee2 Author: Wei-Chiu Chuang <weic...@apache.org> Authored: Thu Oct 19 06:02:13 2017 -0700 Committer: Wei-Chiu Chuang <weic...@apache.org> Committed: Thu Oct 19 06:02:13 2017 -0700 ---------------------------------------------------------------------- .../org/apache/hadoop/crypto/key/kms/KMSClientProvider.java | 8 +++----- .../org/apache/hadoop/fs/CommonConfigurationKeysPublic.java | 9 +++++++++ .../hadoop-common/src/main/resources/core-default.xml | 8 ++++++++ .../org/apache/hadoop/crypto/key/kms/server/TestKMS.java | 3 ++- 4 files changed, 22 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/97c70c7a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java index c514beb..c324cd7 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java @@ -121,10 +121,6 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension, private static final String CONFIG_PREFIX = "hadoop.security.kms.client."; - /* It's possible to specify a timeout, in seconds, in the config file */ - public static final String TIMEOUT_ATTR = CONFIG_PREFIX + "timeout"; - public static final int DEFAULT_TIMEOUT = 60; - /* Number of times to retry authentication in the event of auth failure * (normally happens due to stale authToken) */ @@ -361,7 +357,9 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension, throw new IOException(ex); } } - int timeout = conf.getInt(TIMEOUT_ATTR, DEFAULT_TIMEOUT); + int timeout = conf.getInt( + CommonConfigurationKeysPublic.KMS_CLIENT_TIMEOUT_SECONDS, + CommonConfigurationKeysPublic.KMS_CLIENT_TIMEOUT_DEFAULT); authRetry = conf.getInt(AUTH_RETRY, DEFAULT_AUTH_RETRY); configurator = new TimeoutConnConfigurator(timeout, sslFactory); encKeyVersionQueue = http://git-wip-us.apache.org/repos/asf/hadoop/blob/97c70c7a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java index 4fda2b8..3c8628c 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java @@ -726,6 +726,15 @@ public class CommonConfigurationKeysPublic { * <a href="{@docRoot}/../hadoop-project-dist/hadoop-common/core-default.xml"> * core-default.xml</a> */ + public static final String KMS_CLIENT_TIMEOUT_SECONDS = + "hadoop.security.kms.client.timeout"; + public static final int KMS_CLIENT_TIMEOUT_DEFAULT = 60; + + /** + * @see + * <a href="{@docRoot}/../hadoop-project-dist/hadoop-common/core-default.xml"> + * core-default.xml</a> + */ /** Default value is the number of providers specified. */ public static final String KMS_CLIENT_FAILOVER_MAX_RETRIES_KEY = "hadoop.security.kms.client.failover.max.retries"; http://git-wip-us.apache.org/repos/asf/hadoop/blob/97c70c7a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml index bde7a85..8db9f44 100644 --- a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml +++ b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml @@ -2340,6 +2340,14 @@ key will be dropped. Default = 12hrs </description> </property> +<property> + <name>hadoop.security.kms.client.timeout</name> + <value>60</value> + <description> + Sets value for KMS client connection timeout, and the read timeout + to KMS servers. + </description> +</property> <property> <name>hadoop.security.kms.client.failover.sleep.base.millis</name> http://git-wip-us.apache.org/repos/asf/hadoop/blob/97c70c7a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java index 7605b28..f7ecf44 100644 --- a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java +++ b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java @@ -33,6 +33,7 @@ import org.apache.hadoop.crypto.key.kms.KMSClientProvider; import org.apache.hadoop.crypto.key.kms.KMSDelegationToken; import org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider; import org.apache.hadoop.crypto.key.kms.ValueQueue; +import org.apache.hadoop.fs.CommonConfigurationKeysPublic; import org.apache.hadoop.fs.Path; import org.apache.hadoop.minikdc.MiniKdc; import org.apache.hadoop.security.Credentials; @@ -1883,7 +1884,7 @@ public class TestKMS { public void testKMSTimeout() throws Exception { File confDir = getTestDir(); Configuration conf = createBaseKMSConf(confDir); - conf.setInt(KMSClientProvider.TIMEOUT_ATTR, 1); + conf.setInt(CommonConfigurationKeysPublic.KMS_CLIENT_TIMEOUT_SECONDS, 1); writeConf(confDir, conf); ServerSocket sock; --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org