diff --git a/hadoop-hdds/common/src/main/resources/ozone-default.xml b/hadoop-hdds/common/src/main/resources/ozone-default.xml
index 6384d1fbaba..77d75d87674 100644
--- a/hadoop-hdds/common/src/main/resources/ozone-default.xml
+++ b/hadoop-hdds/common/src/main/resources/ozone-default.xml
@@ -1139,7 +1139,7 @@
ozone.tags.system
OZONE,MANAGEMENT,SECURITY,PERFORMANCE,DEBUG,CLIENT,SERVER,OM,SCM,
- CRITICAL,RATIS,CONTAINER,REQUIRED,REST,STORAGE,PIPELINE,STANDALONE,S3GATEWAY,ACL,TOKEN
+ CRITICAL,RATIS,CONTAINER,REQUIRED,REST,STORAGE,PIPELINE,STANDALONE,S3GATEWAY,TOKEN,TLS
@@ -1400,7 +1400,7 @@
ozone.security.enabled
false
- OZONE, SECURITY, FLAG
+ OZONE, SECURITY
True if security is enabled for ozone. When this property is
true, hadoop.security.authentication should be Kerberos.
@@ -1656,6 +1656,110 @@
assumed.
+
+
+ hdds.grpc.block.token.enabled
+ false
+ OZONE, HDDS, SECURITY, TOKEN
+ True if block tokens are enabled, else false.
+
+
+ hdds.x509.file.name
+ certificate.crt
+ OZONE, HDDS, SECURITY
+ Certificate file name.
+
+
+ hdds.grpc.tls.provider
+ OPENSSL
+ OZONE, HDDS, SECURITY, TLS
+ HDDS GRPC server TLS provider.
+
+
+ hdds.client.cert.chain.file.name
+ client.crt
+ OZONE, HDDS, SECURITY
+ Client certificate file name. It is an optional
+ field only required when mutual TLS (hdds.grpc.mutual.tls.required)
+ is set to true .
+
+
+ hdds.grpc.mutual.tls.required
+ false
+ OZONE, HDDS, SECURITY, TLS
+ If mutual tls check is enabled for GRPC.
+ Considered only if hdds.grpc.tls.enabled is set to true.
+
+
+ hdds.grpc.tls.enabled
+ false
+ OZONE, HDDS, SECURITY, TLS
+ If HDDS GRPC server TLS is enabled.
+
+
+ hdds.server.cert.chain.file.name
+ server.crt
+ OZONE, HDDS, SECURITY
+ Hdds server certificate file name.
+
+
+ hdds.trust.cert.collection.file.name
+ ca.crt
+ OZONE, HDDS, SECURITY
+ HDDS Certificate Authority trust store file name.
+
+
+ hdds.x509.default.duration
+ P365D
+ OZONE, HDDS, SECURITY
+ Default duration for which x509 certificates issued by SCM are
+ valid. The formats accepted are based on the ISO-8601 duration format
+ PnDTnHnMn.nS
+
+
+ hdds.x509.dir.name
+ certs
+ OZONE, HDDS, SECURITY
+ X509 certificate directory name.
+
+
+ hdds.x509.max.duration
+ P1865D
+ OZONE, HDDS, SECURITY
+ Max time for which certificate issued by SCM CA are valid.
+ . The formats accepted are based on the ISO-8601 duration format
+ PnDTnHnMn.nS
+
+
+ hdds.x509.signature.algorithm
+ SHA256withRSA
+ OZONE, HDDS, SECURITY
+ X509 signature certificate.
+
+
+ ozone.scm.security.handler.count.key
+ 2
+ OZONE, HDDS, SECURITY
+ Threads configured for SCMSecurityProtocolServer.
+
+
+ ozone.scm.security.service.address
+ 0.0.0.0:9961
+ OZONE, HDDS, SECURITY
+ Address of SCMSecurityProtocolServer.
+
+
+ ozone.scm.security.service.bind.host
+ 0.0.0.0
+ OZONE, HDDS, SECURITY
+ SCM security server host.
+
+
+ ozone.scm.security.service.port
+ 9961
+ OZONE, HDDS, SECURITY
+ SCM security server port.
+
hdds.metadata.dir
diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestOzoneConfigurationFields.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestOzoneConfigurationFields.java
index 7b59903e047..0839292ac80 100644
--- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestOzoneConfigurationFields.java
+++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestOzoneConfigurationFields.java
@@ -30,7 +30,7 @@ public class TestOzoneConfigurationFields extends TestConfigurationFieldsBase {
@Override
public void initializeMemberVariables() {
- xmlFilename = new String("ozone-default.xml");
+ xmlFilename = "ozone-default.xml";
configurationClasses =
new Class[] {OzoneConfigKeys.class, ScmConfigKeys.class,
OMConfigKeys.class, HddsConfigKeys.class,
@@ -44,5 +44,6 @@ public class TestOzoneConfigurationFields extends TestConfigurationFieldsBase {
private void addPropertiesNotInXml() {
configurationPropsToSkipCompare.add(HddsConfigKeys.HDDS_KEY_ALGORITHM);
configurationPropsToSkipCompare.add(HddsConfigKeys.HDDS_SECURITY_PROVIDER);
+ configurationPropsToSkipCompare.add(HddsConfigKeys.HDDS_GRPC_TLS_TEST_CERT);
}
}
\ No newline at end of file