HDDS-70. Fix config names for secure ksm and scm. Contributed by Ajay Kumar.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/46edc0d2 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/46edc0d2 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/46edc0d2 Branch: refs/heads/HDDS-4 Commit: 46edc0d2f4d7fe7175c30ab2dfa4c3ffc2087382 Parents: 5d68690 Author: Xiaoyu Yao <x...@apache.org> Authored: Tue May 22 13:32:28 2018 -0700 Committer: Xiaoyu Yao <x...@apache.org> Committed: Thu May 31 08:49:34 2018 -0700 ---------------------------------------------------------------------- .../org/apache/hadoop/hdds/HddsConfigKeys.java | 4 -- .../apache/hadoop/hdds/scm/ScmConfigKeys.java | 14 ++--- .../scm/protocol/ScmBlockLocationProtocol.java | 2 +- .../StorageContainerLocationProtocol.java | 3 +- .../protocolPB/ScmBlockLocationProtocolPB.java | 4 +- .../StorageContainerLocationProtocolPB.java | 2 +- .../apache/hadoop/ozone/OzoneConfigKeys.java | 8 +-- .../common/src/main/resources/ozone-default.xml | 54 ++++++-------------- .../StorageContainerDatanodeProtocol.java | 2 +- .../StorageContainerDatanodeProtocolPB.java | 2 +- .../scm/server/StorageContainerManager.java | 12 ++--- .../StorageContainerManagerHttpServer.java | 4 +- .../compose/compose-secure/docker-compose.yaml | 6 +-- .../test/compose/compose-secure/docker-config | 12 ++--- .../acceptance/ozone-secure.robot | 12 ++--- .../ozone/client/protocol/ClientProtocol.java | 2 +- .../apache/hadoop/ozone/ksm/KSMConfigKeys.java | 10 ++-- .../ksm/protocol/KeySpaceManagerProtocol.java | 4 +- .../protocolPB/KeySpaceManagerProtocolPB.java | 3 +- .../hadoop/ozone/TestSecureOzoneCluster.java | 32 ++++++------ .../hadoop/ozone/ksm/KeySpaceManager.java | 13 ++--- .../ozone/ksm/KeySpaceManagerHttpServer.java | 4 +- 22 files changed, 89 insertions(+), 120 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/46edc0d2/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/HddsConfigKeys.java ---------------------------------------------------------------------- diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/HddsConfigKeys.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/HddsConfigKeys.java index a12d6ac..dec2c1c 100644 --- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/HddsConfigKeys.java +++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/HddsConfigKeys.java @@ -20,8 +20,4 @@ package org.apache.hadoop.hdds; public final class HddsConfigKeys { private HddsConfigKeys() { } - public static final String HDDS_KSM_KERBEROS_KEYTAB_FILE_KEY = "hdds.ksm." - + "kerberos.keytab.file"; - public static final String HDDS_KSM_KERBEROS_PRINCIPAL_KEY = "hdds.ksm" - + ".kerberos.principal"; } http://git-wip-us.apache.org/repos/asf/hadoop/blob/46edc0d2/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/ScmConfigKeys.java ---------------------------------------------------------------------- diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/ScmConfigKeys.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/ScmConfigKeys.java index ba8f310..7929a08 100644 --- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/ScmConfigKeys.java +++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/ScmConfigKeys.java @@ -132,9 +132,9 @@ public final class ScmConfigKeys { "ozone.scm.http-address"; public static final String OZONE_SCM_HTTPS_ADDRESS_KEY = "ozone.scm.https-address"; - public static final String OZONE_SCM_KERBEROS_KEYTAB_FILE_KEY = - "ozone.scm.kerberos.keytab.file"; - public static final String OZONE_SCM_KERBEROS_PRINCIPAL_KEY = "ozone.scm.kerberos.principal"; + public static final String HDDS_SCM_KERBEROS_KEYTAB_FILE_KEY = + "hdds.scm.kerberos.keytab.file"; + public static final String HDDS_SCM_KERBEROS_PRINCIPAL_KEY = "hdds.scm.kerberos.principal"; public static final String OZONE_SCM_HTTP_BIND_HOST_DEFAULT = "0.0.0.0"; public static final int OZONE_SCM_HTTP_BIND_PORT_DEFAULT = 9876; public static final int OZONE_SCM_HTTPS_BIND_PORT_DEFAULT = 9877; @@ -281,10 +281,10 @@ public final class ScmConfigKeys { "ozone.scm.container.close.threshold"; public static final float OZONE_SCM_CONTAINER_CLOSE_THRESHOLD_DEFAULT = 0.9f; - public static final String SCM_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY = - "ozone.scm.web.authentication.kerberos.principal"; - public static final String SCM_WEB_AUTHENTICATION_KERBEROS_KEYTAB_FILE_KEY = - "ozone.scm.web.authentication.kerberos.keytab"; + public static final String HDDS_SCM_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY = + "hdds.scm.web.authentication.kerberos.principal"; + public static final String HDDS_SCM_WEB_AUTHENTICATION_KERBEROS_KEYTAB_FILE_KEY = + "hdds.scm.web.authentication.kerberos.keytab"; /** * Never constructed. */ http://git-wip-us.apache.org/repos/asf/hadoop/blob/46edc0d2/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocol/ScmBlockLocationProtocol.java ---------------------------------------------------------------------- diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocol/ScmBlockLocationProtocol.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocol/ScmBlockLocationProtocol.java index e17f1c2..2d46ae0 100644 --- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocol/ScmBlockLocationProtocol.java +++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocol/ScmBlockLocationProtocol.java @@ -33,7 +33,7 @@ import java.util.List; * ScmBlockLocationProtocol is used by an HDFS node to find the set of nodes * to read/write a block. */ -@KerberosInfo(serverPrincipal = ScmConfigKeys.OZONE_SCM_KERBEROS_PRINCIPAL_KEY) +@KerberosInfo(serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY) public interface ScmBlockLocationProtocol { /** http://git-wip-us.apache.org/repos/asf/hadoop/blob/46edc0d2/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocol/StorageContainerLocationProtocol.java ---------------------------------------------------------------------- diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocol/StorageContainerLocationProtocol.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocol/StorageContainerLocationProtocol.java index d36bdf3..13545fb 100644 --- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocol/StorageContainerLocationProtocol.java +++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocol/StorageContainerLocationProtocol.java @@ -17,7 +17,6 @@ package org.apache.hadoop.hdds.scm.protocol; -import org.apache.hadoop.hdds.HddsConfigKeys; import org.apache.hadoop.hdds.scm.ScmConfigKeys; import org.apache.hadoop.hdds.scm.ScmInfo; import org.apache.hadoop.hdds.scm.container.common.helpers.ContainerInfo; @@ -35,7 +34,7 @@ import org.apache.hadoop.security.KerberosInfo; * ContainerLocationProtocol is used by an HDFS node to find the set of nodes * that currently host a container. */ -@KerberosInfo(serverPrincipal = ScmConfigKeys.OZONE_SCM_KERBEROS_PRINCIPAL_KEY) +@KerberosInfo(serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY) public interface StorageContainerLocationProtocol { /** * Asks SCM where a container should be allocated. SCM responds with the http://git-wip-us.apache.org/repos/asf/hadoop/blob/46edc0d2/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocolPB/ScmBlockLocationProtocolPB.java ---------------------------------------------------------------------- diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocolPB/ScmBlockLocationProtocolPB.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocolPB/ScmBlockLocationProtocolPB.java index 89bb066..06bbd05 100644 --- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocolPB/ScmBlockLocationProtocolPB.java +++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocolPB/ScmBlockLocationProtocolPB.java @@ -18,11 +18,9 @@ package org.apache.hadoop.hdds.scm.protocolPB; import org.apache.hadoop.classification.InterfaceAudience; -import org.apache.hadoop.hdds.HddsConfigKeys; import org.apache.hadoop.hdds.protocol.proto.ScmBlockLocationProtocolProtos .ScmBlockLocationProtocolService; import org.apache.hadoop.hdds.scm.ScmConfigKeys; -import org.apache.hadoop.hdfs.DFSConfigKeys; import org.apache.hadoop.ipc.ProtocolInfo; import org.apache.hadoop.security.KerberosInfo; @@ -35,7 +33,7 @@ import org.apache.hadoop.security.KerberosInfo; protocolVersion = 1) @InterfaceAudience.Private @KerberosInfo( - serverPrincipal = ScmConfigKeys.OZONE_SCM_KERBEROS_PRINCIPAL_KEY) + serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY) public interface ScmBlockLocationProtocolPB extends ScmBlockLocationProtocolService.BlockingInterface { } http://git-wip-us.apache.org/repos/asf/hadoop/blob/46edc0d2/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocolPB/StorageContainerLocationProtocolPB.java ---------------------------------------------------------------------- diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocolPB/StorageContainerLocationProtocolPB.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocolPB/StorageContainerLocationProtocolPB.java index 3bd83f9..f80ba20 100644 --- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocolPB/StorageContainerLocationProtocolPB.java +++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocolPB/StorageContainerLocationProtocolPB.java @@ -33,7 +33,7 @@ import org.apache.hadoop.security.KerberosInfo; "org.apache.hadoop.ozone.protocol.StorageContainerLocationProtocol", protocolVersion = 1) @KerberosInfo( - serverPrincipal = ScmConfigKeys.OZONE_SCM_KERBEROS_PRINCIPAL_KEY) + serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY) @InterfaceAudience.Private public interface StorageContainerLocationProtocolPB extends StorageContainerLocationProtocolService.BlockingInterface { http://git-wip-us.apache.org/repos/asf/hadoop/blob/46edc0d2/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConfigKeys.java ---------------------------------------------------------------------- diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConfigKeys.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConfigKeys.java index ac5d864..b8f7a29 100644 --- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConfigKeys.java +++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConfigKeys.java @@ -238,9 +238,6 @@ public final class OzoneConfigKeys { DFS_RATIS_SERVER_REQUEST_TIMEOUT_DURATION_DEFAULT = ScmConfigKeys.DFS_RATIS_SERVER_REQUEST_TIMEOUT_DURATION_DEFAULT; - public static final String OZONE_SCM_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL = - "ozone.web.authentication.kerberos.principal"; - public static final String HDDS_DATANODE_PLUGINS_KEY = "hdds.datanode.plugins"; @@ -259,6 +256,11 @@ public final class OzoneConfigKeys { public static final String OZONE_SYSTEM_TAGS_KEY = "ozone.system.tags"; public static final boolean OZONE_SECURITY_ENABLED_DEFAULT = false; + public static final String OZONE_OM_KERBEROS_KEYTAB_FILE_KEY = "ozone.om." + + "kerberos.keytab.file"; + public static final String OZONE_OM_KERBEROS_PRINCIPAL_KEY = "ozone.om" + + ".kerberos.principal"; + /** * There is no need to instantiate this class. */ http://git-wip-us.apache.org/repos/asf/hadoop/blob/46edc0d2/hadoop-hdds/common/src/main/resources/ozone-default.xml ---------------------------------------------------------------------- diff --git a/hadoop-hdds/common/src/main/resources/ozone-default.xml b/hadoop-hdds/common/src/main/resources/ozone-default.xml index 9f7fc84..42496c4 100644 --- a/hadoop-hdds/common/src/main/resources/ozone-default.xml +++ b/hadoop-hdds/common/src/main/resources/ozone-default.xml @@ -345,14 +345,6 @@ </description> </property> <property> - <name>ozone.ksm.keytab.file</name> - <value/> - <tag>KSM, SECURITY</tag> - <description> - The keytab file for Kerberos authentication in KSM. - </description> - </property> - <property> <name>ozone.ksm.db.cache.size.mb</name> <value>128</value> <tag>KSM, PERFORMANCE</tag> @@ -853,20 +845,6 @@ the logs. Very useful when debugging REST protocol. </description> </property> - <property> - <name>ozone.web.authentication.kerberos.principal</name> - <value/> - <tag>OZONE, SECURITY</tag> - <description> - The server principal used by the SCM and KSM for web UI SPNEGO - authentication when Kerberos security is enabled. This is typically set to - HTTP/_h...@realm.tld The SPNEGO server principal begins with the prefix - HTTP/ by convention. - - If the value is '*', the web server will attempt to login with - every principal specified in the keytab file. - </description> - </property> <!--Client Settings--> <property> @@ -902,7 +880,7 @@ </property> <property> - <name>ozone.scm.container.creation.lease.timeout</name> + <name>hdds.scm.container.creation.lease.timeout</name> <value>60s</value> <tag>OZONE, SCM</tag> <description> @@ -956,7 +934,7 @@ </description> </property> <property> - <name>ozone.scm.container.close.threshold</name> + <name>hdds.scm.container.close.threshold</name> <value>0.9f</value> <tag>OZONE, SCM</tag> <description> @@ -1087,58 +1065,58 @@ </property> <property> - <name>ozone.scm.kerberos.keytab.file</name> + <name>hdds.scm.kerberos.keytab.file</name> <value></value> <tag> OZONE, SECURITY</tag> <description> The keytab file used by each SCM daemon to login as its service principal. The principal name is configured with - ozone.scm.kerberos.principal. + hdds.scm.kerberos.principal. </description> </property> <property> - <name>ozone.scm.kerberos.principal</name> + <name>hdds.scm.kerberos.principal</name> <value></value> <tag> OZONE, SECURITY</tag> <description>The SCM service principal. Ex scm/_h...@realm.com</description> </property> <property> - <name>hdds.ksm.kerberos.keytab.file</name> + <name>ozone.om.kerberos.keytab.file</name> <value></value> <tag> HDDS, SECURITY</tag> - <description> The keytab file used by KSM daemon to login as its + <description> The keytab file used by OzoneManager daemon to login as its service principal. The principal name is configured with - hdds.ksm.kerberos.principal. + ozone.om.kerberos.principal. </description> </property> <property> - <name>hdds.ksm.kerberos.principal</name> + <name>ozone.om.kerberos.principal</name> <value></value> <tag> HDDS, SECURITY</tag> - <description>The KSM service principal. Ex ksm/_h...@realm.com</description> + <description>The OzoneManager service principal. Ex om/_h...@realm.com</description> </property> <property> - <name>ozone.scm.web.authentication.kerberos.principal</name> + <name>hdds.scm.web.authentication.kerberos.principal</name> <value>HTTP/_h...@example.com</value> </property> <property> - <name>ozone.scm.web.authentication.kerberos.keytab</name> + <name>hdds.scm.web.authentication.kerberos.keytab</name> <value>/etc/security/keytabs/HTTP.keytab</value> </property> <property> - <name>hdds.ksm.web.authentication.kerberos.principal</name> + <name>ozone.om.web.authentication.kerberos.principal</name> <value>HTTP/_h...@example.com</value> <description> - KSM http server kerberos principal. + OzoneManager http server kerberos principal. </description> </property> <property> - <name>hdds.ksm.web.authentication.kerberos.keytab</name> + <name>ozone.om.web.authentication.kerberos.keytab</name> <value>/etc/security/keytabs/HTTP.keytab</value> <description> - KSM http server kerberos keytab. + OzoneManager http server kerberos keytab. </description> </property> http://git-wip-us.apache.org/repos/asf/hadoop/blob/46edc0d2/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/protocol/StorageContainerDatanodeProtocol.java ---------------------------------------------------------------------- diff --git a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/protocol/StorageContainerDatanodeProtocol.java b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/protocol/StorageContainerDatanodeProtocol.java index 5b04c56..9f18d96 100644 --- a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/protocol/StorageContainerDatanodeProtocol.java +++ b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/protocol/StorageContainerDatanodeProtocol.java @@ -47,7 +47,7 @@ import org.apache.hadoop.security.KerberosInfo; * Protoc file that defines this protocol. */ @KerberosInfo( - serverPrincipal = ScmConfigKeys.OZONE_SCM_KERBEROS_PRINCIPAL_KEY) + serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY) @InterfaceAudience.Private public interface StorageContainerDatanodeProtocol { /** http://git-wip-us.apache.org/repos/asf/hadoop/blob/46edc0d2/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/protocolPB/StorageContainerDatanodeProtocolPB.java ---------------------------------------------------------------------- diff --git a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/protocolPB/StorageContainerDatanodeProtocolPB.java b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/protocolPB/StorageContainerDatanodeProtocolPB.java index 9c32ef8..9006e91 100644 --- a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/protocolPB/StorageContainerDatanodeProtocolPB.java +++ b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/protocolPB/StorageContainerDatanodeProtocolPB.java @@ -33,7 +33,7 @@ import org.apache.hadoop.security.KerberosInfo; "org.apache.hadoop.ozone.protocol.StorageContainerDatanodeProtocol", protocolVersion = 1) @KerberosInfo( - serverPrincipal = ScmConfigKeys.OZONE_SCM_KERBEROS_PRINCIPAL_KEY, + serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY, clientPrincipal = DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY) public interface StorageContainerDatanodeProtocolPB extends StorageContainerDatanodeProtocolService.BlockingInterface { http://git-wip-us.apache.org/repos/asf/hadoop/blob/46edc0d2/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java ---------------------------------------------------------------------- diff --git a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java index 65619a4..88217e5 100644 --- a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java +++ b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java @@ -77,8 +77,8 @@ import static org.apache.hadoop.hdds.scm.ScmConfigKeys.OZONE_SCM_DB_CACHE_SIZE_M import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ENABLED; import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_SECURITY_ENABLED_DEFAULT; import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_SECURITY_ENABLED_KEY; -import static org.apache.hadoop.hdds.scm.ScmConfigKeys.OZONE_SCM_KERBEROS_PRINCIPAL_KEY; -import static org.apache.hadoop.hdds.scm.ScmConfigKeys.OZONE_SCM_KERBEROS_KEYTAB_FILE_KEY; +import static org.apache.hadoop.hdds.scm.ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY; +import static org.apache.hadoop.hdds.scm.ScmConfigKeys.HDDS_SCM_KERBEROS_KEYTAB_FILE_KEY; import static org.apache.hadoop.util.ExitUtil.terminate; /** @@ -209,16 +209,16 @@ public final class StorageContainerManager extends ServiceRuntimeInfoImpl throws IOException, AuthenticationException { LOG.debug("Ozone security is enabled. Attempting login for SCM user. " + "Principal: {}, keytab: {}", this.scmConf.get - (OZONE_SCM_KERBEROS_PRINCIPAL_KEY), - this.scmConf.get(OZONE_SCM_KERBEROS_KEYTAB_FILE_KEY)); + (HDDS_SCM_KERBEROS_PRINCIPAL_KEY), + this.scmConf.get(HDDS_SCM_KERBEROS_KEYTAB_FILE_KEY)); if (SecurityUtil.getAuthenticationMethod(conf).equals (AuthenticationMethod.KERBEROS)) { UserGroupInformation.setConfiguration(this.scmConf); InetSocketAddress socAddr = HddsServerUtil .getScmBlockClientBindAddress(conf); - SecurityUtil.login(conf, OZONE_SCM_KERBEROS_KEYTAB_FILE_KEY, - OZONE_SCM_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName()); + SecurityUtil.login(conf, HDDS_SCM_KERBEROS_KEYTAB_FILE_KEY, + HDDS_SCM_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName()); } else { throw new AuthenticationException(SecurityUtil.getAuthenticationMethod (conf) + " authentication method not support. " http://git-wip-us.apache.org/repos/asf/hadoop/blob/46edc0d2/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManagerHttpServer.java ---------------------------------------------------------------------- diff --git a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManagerHttpServer.java b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManagerHttpServer.java index da936ad..41dd89a 100644 --- a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManagerHttpServer.java +++ b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManagerHttpServer.java @@ -62,11 +62,11 @@ public class StorageContainerManagerHttpServer extends BaseHttpServer { } @Override protected String getKeytabFile() { - return ScmConfigKeys.SCM_WEB_AUTHENTICATION_KERBEROS_KEYTAB_FILE_KEY; + return ScmConfigKeys.HDDS_SCM_WEB_AUTHENTICATION_KERBEROS_KEYTAB_FILE_KEY; } @Override protected String getSpnegoPrincipal() { - return ScmConfigKeys.SCM_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY; + return ScmConfigKeys.HDDS_SCM_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY; } @Override protected String getEnabledKey() { http://git-wip-us.apache.org/repos/asf/hadoop/blob/46edc0d2/hadoop-ozone/acceptance-test/src/test/compose/compose-secure/docker-compose.yaml ---------------------------------------------------------------------- diff --git a/hadoop-ozone/acceptance-test/src/test/compose/compose-secure/docker-compose.yaml b/hadoop-ozone/acceptance-test/src/test/compose/compose-secure/docker-compose.yaml index 2661163..db211bc 100644 --- a/hadoop-ozone/acceptance-test/src/test/compose/compose-secure/docker-compose.yaml +++ b/hadoop-ozone/acceptance-test/src/test/compose/compose-secure/docker-compose.yaml @@ -40,15 +40,15 @@ services: env_file: - ./docker-config command: ["/opt/hadoop/bin/ozone","datanode"] - ksm: + om: image: ahadoop/ozone:v1 - hostname: ksm + hostname: om volumes: - ${OZONEDIR}:/opt/hadoop ports: - 9874:9874 environment: - ENSURE_KSM_INITIALIZED: /data/metadata/ksm/current/VERSION + ENSURE_KSM_INITIALIZED: /data/metadata/om/current/VERSION env_file: - ./docker-config command: ["/opt/hadoop/bin/ozone","ksm"] http://git-wip-us.apache.org/repos/asf/hadoop/blob/46edc0d2/hadoop-ozone/acceptance-test/src/test/compose/compose-secure/docker-config ---------------------------------------------------------------------- diff --git a/hadoop-ozone/acceptance-test/src/test/compose/compose-secure/docker-config b/hadoop-ozone/acceptance-test/src/test/compose/compose-secure/docker-config index 678c75a..360b69a 100644 --- a/hadoop-ozone/acceptance-test/src/test/compose/compose-secure/docker-config +++ b/hadoop-ozone/acceptance-test/src/test/compose/compose-secure/docker-config @@ -14,7 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -OZONE-SITE.XML_ozone.ksm.address=ksm +OZONE-SITE.XML_ozone.ksm.address=om OZONE-SITE.XML_ozone.scm.names=scm OZONE-SITE.XML_ozone.enabled=True OZONE-SITE.XML_hdds.scm.datanode.id=/data/datanode.id @@ -25,13 +25,13 @@ OZONE-SITE.XML_hdds.scm.client.address=scm OZONE-SITE.XML_hdds.datanode.plugins=org.apache.hadoop.ozone.web.OzoneHddsDatanodeService OZONE-SITE.XML_hdds.scm.kerberos.principal=scm/s...@example.com OZONE-SITE.XML_hdds.scm.kerberos.keytab.file=/etc/security/keytabs/scm.keytab -OZONE-SITE.XML_ozone.ksm.kerberos.principal=ksm/k...@example.com -OZONE-SITE.XML_ozone.ksm.kerberos.keytab.file=/etc/security/keytabs/ksm.keytab +OZONE-SITE.XML_ozone.om.kerberos.principal=om/o...@example.com +OZONE-SITE.XML_ozone.om.kerberos.keytab.file=/etc/security/keytabs/om.keytab OZONE-SITE.XML_ozone.security.enabled=true OZONE-SITE.XML_hdds.scm.web.authentication.kerberos.principal=HTTP/s...@example.com OZONE-SITE.XML_hdds.scm.web.authentication.kerberos.keytab=/etc/security/keytabs/HTTP.keytab -OZONE-SITE.XML_ozone.ksm.web.authentication.kerberos.principal=HTTP/k...@example.com -OZONE-SITE.XML_ozone.ksm.web.authentication.kerberos.keytab=/etc/security/keytabs/HTTP.keytab +OZONE-SITE.XML_ozone.om.web.authentication.kerberos.principal=HTTP/o...@example.com +OZONE-SITE.XML_ozone.om.web.authentication.kerberos.keytab=/etc/security/keytabs/HTTP.keytab OZONE-SITE.XML_ozone.scm.block.client.address=scm OZONE-SITE.XML_ozone.scm.client.address=scm HDFS-SITE.XML_dfs.namenode.name.dir=/data/namenode @@ -57,7 +57,7 @@ LOG4J.PROPERTIES_log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH OZONE_DATANODE_SECURE_USER=root CONF_DIR=/etc/security/keytabs -KERBEROS_KEYTABS=dn nn ksm scm HTTP testuser +KERBEROS_KEYTABS=dn nn om scm HTTP testuser KERBEROS_KEYSTORES=hadoop KERBEROS_SERVER=ozone.kdc JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/ http://git-wip-us.apache.org/repos/asf/hadoop/blob/46edc0d2/hadoop-ozone/acceptance-test/src/test/robotframework/acceptance/ozone-secure.robot ---------------------------------------------------------------------- diff --git a/hadoop-ozone/acceptance-test/src/test/robotframework/acceptance/ozone-secure.robot b/hadoop-ozone/acceptance-test/src/test/robotframework/acceptance/ozone-secure.robot index 4a78980..7fc1088 100644 --- a/hadoop-ozone/acceptance-test/src/test/robotframework/acceptance/ozone-secure.robot +++ b/hadoop-ozone/acceptance-test/src/test/robotframework/acceptance/ozone-secure.robot @@ -26,7 +26,7 @@ ${version} *** Test Cases *** Daemons are running - Is daemon running ksm + Is daemon running om Is daemon running scm Is daemon running datanode Is daemon running ozone.kdc @@ -45,15 +45,15 @@ Test rest interface Should contain ${result} 200 OK Test ozone cli - ${result} = Execute on 1 datanode ozone oz -createVolume o3://ksm/hive -user bilbo -quota 100TB -root + ${result} = Execute on 1 datanode ozone oz -createVolume o3://om/hive -user bilbo -quota 100TB -root Should contain ${result} Client cannot authenticate via # Authenticate testuser Execute on 0 datanode kinit -k testuser/datan...@example.com -t /etc/security/keytabs/testuser.keytab - Execute on 0 datanode ozone oz -createVolume o3://ksm/hive -user bilbo -quota 100TB -root - ${result} = Execute on 0 datanode ozone oz -listVolume o3://ksm/ -user bilbo | grep -Ev 'Removed|WARN|DEBUG|ERROR|INFO|TRACE' | jq -r '.[] | select(.volumeName=="hive")' + Execute on 0 datanode ozone oz -createVolume o3://om/hive -user bilbo -quota 100TB -root + ${result} = Execute on 0 datanode ozone oz -listVolume o3://om/ -user bilbo | grep -Ev 'Removed|WARN|DEBUG|ERROR|INFO|TRACE' | jq -r '.[] | select(.volumeName=="hive")' Should contain ${result} createdOn - Execute on 0 datanode ozone oz -updateVolume o3://ksm/hive -user bill -quota 10TB - ${result} = Execute on 0 datanode ozone oz -infoVolume o3://ksm/hive | grep -Ev 'Removed|WARN|DEBUG|ERROR|INFO|TRACE' | jq -r '. | select(.volumeName=="hive") | .owner | .name' + Execute on 0 datanode ozone oz -updateVolume o3://om/hive -user bill -quota 10TB + ${result} = Execute on 0 datanode ozone oz -infoVolume o3://om/hive | grep -Ev 'Removed|WARN|DEBUG|ERROR|INFO|TRACE' | jq -r '. | select(.volumeName=="hive") | .owner | .name' Should Be Equal ${result} bill *** Keywords *** http://git-wip-us.apache.org/repos/asf/hadoop/blob/46edc0d2/hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/protocol/ClientProtocol.java ---------------------------------------------------------------------- diff --git a/hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/protocol/ClientProtocol.java b/hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/protocol/ClientProtocol.java index 80b0a40..ee5dca9 100644 --- a/hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/protocol/ClientProtocol.java +++ b/hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/protocol/ClientProtocol.java @@ -44,7 +44,7 @@ import org.apache.hadoop.security.KerberosInfo; * includes: {@link org.apache.hadoop.ozone.client.rpc.RpcClient} for RPC and * {@link org.apache.hadoop.ozone.client.rest.RestClient} for REST. */ -@KerberosInfo(serverPrincipal = ScmConfigKeys.OZONE_SCM_KERBEROS_PRINCIPAL_KEY) +@KerberosInfo(serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY) public interface ClientProtocol { /** http://git-wip-us.apache.org/repos/asf/hadoop/blob/46edc0d2/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/ksm/KSMConfigKeys.java ---------------------------------------------------------------------- diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/ksm/KSMConfigKeys.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/ksm/KSMConfigKeys.java index d911bcb..cc25dbe 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/ksm/KSMConfigKeys.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/ksm/KSMConfigKeys.java @@ -49,8 +49,6 @@ public final class KSMConfigKeys { "ozone.ksm.http-address"; public static final String OZONE_KSM_HTTPS_ADDRESS_KEY = "ozone.ksm.https-address"; - public static final String OZONE_KSM_KEYTAB_FILE = - "ozone.ksm.keytab.file"; public static final String OZONE_KSM_HTTP_BIND_HOST_DEFAULT = "0.0.0.0"; public static final int OZONE_KSM_HTTP_BIND_PORT_DEFAULT = 9874; public static final int OZONE_KSM_HTTPS_BIND_PORT_DEFAULT = 9875; @@ -79,8 +77,8 @@ public final class KSMConfigKeys { "ozone.key.deleting.limit.per.task"; public static final int OZONE_KEY_DELETING_LIMIT_PER_TASK_DEFAULT = 1000; - public static final String KSM_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL = - "hdds.ksm.web.authentication.kerberos.principal"; - public static final String KSM_WEB_AUTHENTICATION_KERBEROS_KEYTAB_FILE = - "hdds.ksm.web.authentication.kerberos.keytab"; + public static final String OZONE_OM_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL = + "ozone.om.web.authentication.kerberos.principal"; + public static final String OZONE_OM_WEB_AUTHENTICATION_KERBEROS_KEYTAB_FILE = + "ozone.om.web.authentication.kerberos.keytab"; } http://git-wip-us.apache.org/repos/asf/hadoop/blob/46edc0d2/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/ksm/protocol/KeySpaceManagerProtocol.java ---------------------------------------------------------------------- diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/ksm/protocol/KeySpaceManagerProtocol.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/ksm/protocol/KeySpaceManagerProtocol.java index de27108..21c36fa 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/ksm/protocol/KeySpaceManagerProtocol.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/ksm/protocol/KeySpaceManagerProtocol.java @@ -17,7 +17,7 @@ */ package org.apache.hadoop.ozone.ksm.protocol; -import org.apache.hadoop.hdds.HddsConfigKeys; +import org.apache.hadoop.ozone.OzoneConfigKeys; import org.apache.hadoop.ozone.ksm.helpers.KsmBucketArgs; import org.apache.hadoop.ozone.ksm.helpers.KsmBucketInfo; import org.apache.hadoop.ozone.ksm.helpers.KsmKeyArgs; @@ -36,7 +36,7 @@ import org.apache.hadoop.security.KerberosInfo; * Protocol to talk to KSM. */ @KerberosInfo( - serverPrincipal = HddsConfigKeys.HDDS_KSM_KERBEROS_PRINCIPAL_KEY) + serverPrincipal = OzoneConfigKeys.OZONE_OM_KERBEROS_PRINCIPAL_KEY) public interface KeySpaceManagerProtocol { /** http://git-wip-us.apache.org/repos/asf/hadoop/blob/46edc0d2/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/ksm/protocolPB/KeySpaceManagerProtocolPB.java ---------------------------------------------------------------------- diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/ksm/protocolPB/KeySpaceManagerProtocolPB.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/ksm/protocolPB/KeySpaceManagerProtocolPB.java index 71b9da0..84fe154 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/ksm/protocolPB/KeySpaceManagerProtocolPB.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/ksm/protocolPB/KeySpaceManagerProtocolPB.java @@ -18,7 +18,6 @@ package org.apache.hadoop.ozone.ksm.protocolPB; import org.apache.hadoop.classification.InterfaceAudience; -import org.apache.hadoop.hdds.HddsConfigKeys; import org.apache.hadoop.ipc.ProtocolInfo; import org.apache.hadoop.ozone.OzoneConfigKeys; import org.apache.hadoop.ozone.protocol.proto @@ -32,7 +31,7 @@ import org.apache.hadoop.security.KerberosInfo; "org.apache.hadoop.ozone.protocol.KeySpaceManagerProtocol", protocolVersion = 1) @KerberosInfo( - serverPrincipal = HddsConfigKeys.HDDS_KSM_KERBEROS_PRINCIPAL_KEY) + serverPrincipal = OzoneConfigKeys.OZONE_OM_KERBEROS_PRINCIPAL_KEY) @InterfaceAudience.Private public interface KeySpaceManagerProtocolPB extends KeySpaceManagerService.BlockingInterface { http://git-wip-us.apache.org/repos/asf/hadoop/blob/46edc0d2/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestSecureOzoneCluster.java ---------------------------------------------------------------------- diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestSecureOzoneCluster.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestSecureOzoneCluster.java index b917dfe..cc97576 100644 --- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestSecureOzoneCluster.java +++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestSecureOzoneCluster.java @@ -29,9 +29,7 @@ import java.util.UUID; import java.util.concurrent.Callable; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.fs.CommonConfigurationKeys; import org.apache.hadoop.fs.CommonConfigurationKeysPublic; -import org.apache.hadoop.hdds.HddsConfigKeys; import org.apache.hadoop.hdds.conf.OzoneConfiguration; import org.apache.hadoop.hdds.scm.ScmConfigKeys; import org.apache.hadoop.hdds.scm.ScmInfo; @@ -120,12 +118,12 @@ public final class TestSecureOzoneCluster { private void createCredentialsInKDC(Configuration conf, MiniKdc miniKdc) throws Exception { createPrincipal(scmKeytab, - conf.get(ScmConfigKeys.OZONE_SCM_KERBEROS_PRINCIPAL_KEY)); + conf.get(ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY)); createPrincipal(spnegoKeytab, - conf.get(ScmConfigKeys.SCM_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY), - conf.get(KSMConfigKeys.KSM_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL)); + conf.get(ScmConfigKeys.HDDS_SCM_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY), + conf.get(KSMConfigKeys.OZONE_OM_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL)); createPrincipal(ksmKeyTab, - conf.get(HddsConfigKeys.HDDS_KSM_KERBEROS_PRINCIPAL_KEY)); + conf.get(OzoneConfigKeys.OZONE_OM_KERBEROS_PRINCIPAL_KEY)); } private void createPrincipal(File keytab, String... principal) @@ -155,25 +153,25 @@ public final class TestSecureOzoneCluster { "kerberos"); conf.set(OZONE_ADMINISTRATORS, curUser); - conf.set(ScmConfigKeys.OZONE_SCM_KERBEROS_PRINCIPAL_KEY, + conf.set(ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY, "scm/" + host + "@" + realm); - conf.set(ScmConfigKeys.SCM_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY, + conf.set(ScmConfigKeys.HDDS_SCM_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY, "HTTP_SCM/" + host + "@" + realm); - conf.set(HddsConfigKeys.HDDS_KSM_KERBEROS_PRINCIPAL_KEY, + conf.set(OzoneConfigKeys.OZONE_OM_KERBEROS_PRINCIPAL_KEY, "ksm/" + host + "@" + realm); - conf.set(KSMConfigKeys.KSM_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL, + conf.set(KSMConfigKeys.OZONE_OM_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL, "HTTP_KSM/" + host + "@" + realm); scmKeytab = new File(workDir, "scm.keytab"); spnegoKeytab = new File(workDir, "http.keytab"); ksmKeyTab = new File(workDir, "ksm.keytab"); - conf.set(ScmConfigKeys.OZONE_SCM_KERBEROS_KEYTAB_FILE_KEY, + conf.set(ScmConfigKeys.HDDS_SCM_KERBEROS_KEYTAB_FILE_KEY, scmKeytab.getAbsolutePath()); - conf.set(ScmConfigKeys.SCM_WEB_AUTHENTICATION_KERBEROS_KEYTAB_FILE_KEY, + conf.set(ScmConfigKeys.HDDS_SCM_WEB_AUTHENTICATION_KERBEROS_KEYTAB_FILE_KEY, spnegoKeytab.getAbsolutePath()); - conf.set(HddsConfigKeys.HDDS_KSM_KERBEROS_KEYTAB_FILE_KEY, + conf.set(OzoneConfigKeys.OZONE_OM_KERBEROS_KEYTAB_FILE_KEY, ksmKeyTab.getAbsolutePath()); } @@ -206,7 +204,7 @@ public final class TestSecureOzoneCluster { @Test public void testSecureScmStartupFailure() throws Exception { initSCM(); - conf.set(ScmConfigKeys.OZONE_SCM_KERBEROS_KEYTAB_FILE_KEY, ""); + conf.set(ScmConfigKeys.HDDS_SCM_KERBEROS_KEYTAB_FILE_KEY, ""); conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); @@ -216,9 +214,9 @@ public final class TestSecureOzoneCluster { StorageContainerManager.createSCM(null, conf); }); - conf.set(ScmConfigKeys.OZONE_SCM_KERBEROS_PRINCIPAL_KEY, + conf.set(ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY, "scm/_h...@example.com"); - conf.set(ScmConfigKeys.OZONE_SCM_KERBEROS_KEYTAB_FILE_KEY, + conf.set(ScmConfigKeys.HDDS_SCM_KERBEROS_KEYTAB_FILE_KEY, "/etc/security/keytabs/scm.keytab"); testCommonKerberosFailures( @@ -261,7 +259,7 @@ public final class TestSecureOzoneCluster { ksmStore.setScmId("testScmId"); // writes the version file properties ksmStore.initialize(); - conf.set(HddsConfigKeys.HDDS_KSM_KERBEROS_PRINCIPAL_KEY, + conf.set(OzoneConfigKeys.OZONE_OM_KERBEROS_PRINCIPAL_KEY, "non-existent-u...@example.com"); testCommonKerberosFailures(() -> KeySpaceManager.createKSM(null, conf)); } http://git-wip-us.apache.org/repos/asf/hadoop/blob/46edc0d2/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/ksm/KeySpaceManager.java ---------------------------------------------------------------------- diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/ksm/KeySpaceManager.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/ksm/KeySpaceManager.java index be747d2..3e5a1e8 100644 --- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/ksm/KeySpaceManager.java +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/ksm/KeySpaceManager.java @@ -88,8 +88,8 @@ import java.util.List; import java.util.Map; import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ENABLED; -import static org.apache.hadoop.hdds.HddsConfigKeys.HDDS_KSM_KERBEROS_PRINCIPAL_KEY; -import static org.apache.hadoop.hdds.HddsConfigKeys.HDDS_KSM_KERBEROS_KEYTAB_FILE_KEY; +import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_OM_KERBEROS_PRINCIPAL_KEY; +import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_OM_KERBEROS_KEYTAB_FILE_KEY; import static org.apache.hadoop.ozone.ksm.KSMConfigKeys .OZONE_KSM_ADDRESS_KEY; import static org.apache.hadoop.ozone.ksm.KSMConfigKeys @@ -213,14 +213,15 @@ public final class KeySpaceManager extends ServiceRuntimeInfoImpl if (SecurityUtil.getAuthenticationMethod(conf).equals (AuthenticationMethod.KERBEROS)) { LOG.debug("Ozone security is enabled. Attempting login for KSM user. " - + "Principal: {},keytab: {}", conf.get(HDDS_KSM_KERBEROS_PRINCIPAL_KEY), - conf.get(HDDS_KSM_KERBEROS_KEYTAB_FILE_KEY)); + + "Principal: {},keytab: {}", conf.get( + OZONE_OM_KERBEROS_PRINCIPAL_KEY), + conf.get(OZONE_OM_KERBEROS_KEYTAB_FILE_KEY)); UserGroupInformation.setConfiguration(conf); InetSocketAddress socAddr = getKsmAddress(conf); - SecurityUtil.login(conf, HDDS_KSM_KERBEROS_KEYTAB_FILE_KEY, - HDDS_KSM_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName()); + SecurityUtil.login(conf, OZONE_OM_KERBEROS_KEYTAB_FILE_KEY, + OZONE_OM_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName()); } else { throw new AuthenticationException(SecurityUtil.getAuthenticationMethod (conf) + " authentication method not supported. KSM user login " http://git-wip-us.apache.org/repos/asf/hadoop/blob/46edc0d2/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/ksm/KeySpaceManagerHttpServer.java ---------------------------------------------------------------------- diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/ksm/KeySpaceManagerHttpServer.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/ksm/KeySpaceManagerHttpServer.java index a0d15b3..9848840 100644 --- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/ksm/KeySpaceManagerHttpServer.java +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/ksm/KeySpaceManagerHttpServer.java @@ -64,11 +64,11 @@ public class KeySpaceManagerHttpServer extends BaseHttpServer { } @Override protected String getKeytabFile() { - return KSMConfigKeys.KSM_WEB_AUTHENTICATION_KERBEROS_KEYTAB_FILE; + return KSMConfigKeys.OZONE_OM_WEB_AUTHENTICATION_KERBEROS_KEYTAB_FILE; } @Override protected String getSpnegoPrincipal() { - return KSMConfigKeys.KSM_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL; + return KSMConfigKeys.OZONE_OM_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL; } @Override protected String getEnabledKey() { --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org