HDFS-6181. Merging change r1585563 from trunk
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1585581 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Brandon Li
parent
fef85fad1a
commit
45e26bae05
|
|
@ -17,7 +17,7 @@
|
|||
*/
|
||||
package org.apache.hadoop.hdfs.nfs.mount;
|
||||
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NFS_KEYTAB_FILE_KEY;
|
||||
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NFS_USER_NAME_KEY;
|
||||
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NFS_KERBEROS_PRINCIPAL_KEY;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.InetAddress;
|
||||
|
|
@ -89,7 +89,7 @@ public class RpcProgramMountd extends RpcProgram implements MountInterface {
|
|||
this.mounts = Collections.synchronizedList(new ArrayList<MountEntry>());
|
||||
UserGroupInformation.setConfiguration(config);
|
||||
SecurityUtil.login(config, DFS_NFS_KEYTAB_FILE_KEY,
|
||||
DFS_NFS_USER_NAME_KEY);
|
||||
DFS_NFS_KERBEROS_PRINCIPAL_KEY);
|
||||
this.dfsClient = new DFSClient(NameNode.getAddress(config), config);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -131,7 +131,7 @@ import org.jboss.netty.channel.ChannelHandlerContext;
|
|||
import com.google.common.annotations.VisibleForTesting;
|
||||
|
||||
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NFS_KEYTAB_FILE_KEY;
|
||||
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NFS_USER_NAME_KEY;
|
||||
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NFS_KERBEROS_PRINCIPAL_KEY;
|
||||
|
||||
/**
|
||||
* RPC program corresponding to nfs daemon. See {@link Nfs3}.
|
||||
|
|
@ -191,7 +191,7 @@ public class RpcProgramNfs3 extends RpcProgram implements Nfs3Interface {
|
|||
Nfs3Constant.ENABLE_FILE_DUMP_DEFAULT);
|
||||
UserGroupInformation.setConfiguration(config);
|
||||
SecurityUtil.login(config, DFS_NFS_KEYTAB_FILE_KEY,
|
||||
DFS_NFS_USER_NAME_KEY);
|
||||
DFS_NFS_KERBEROS_PRINCIPAL_KEY);
|
||||
|
||||
if (!enableDump) {
|
||||
writeDumpDir = null;
|
||||
|
|
|
|||
|
|
@ -64,6 +64,8 @@ Release 2.5.0 - UNRELEASED
|
|||
HDFS-6159. TestBalancerWithNodeGroup.testBalancerWithNodeGroup fails if
|
||||
there is block missing after balancer success (Chen He via kihwal)
|
||||
|
||||
HDFS-6181. Fix the wrong property names in NFS user guide (brandonli)
|
||||
|
||||
Release 2.4.1 - UNRELEASED
|
||||
|
||||
INCOMPATIBLE CHANGES
|
||||
|
|
|
|||
|
|
@ -482,17 +482,17 @@ public class DFSConfigKeys extends CommonConfigurationKeys {
|
|||
public static final String DFS_WEB_UGI_KEY = "dfs.web.ugi";
|
||||
public static final String DFS_NAMENODE_STARTUP_KEY = "dfs.namenode.startup";
|
||||
public static final String DFS_DATANODE_KEYTAB_FILE_KEY = "dfs.datanode.keytab.file";
|
||||
public static final String DFS_DATANODE_USER_NAME_KEY = "dfs.datanode.kerberos.principal";
|
||||
public static final String DFS_DATANODE_KERBEROS_PRINCIPAL_KEY = "dfs.datanode.kerberos.principal";
|
||||
public static final String DFS_DATANODE_SHARED_FILE_DESCRIPTOR_PATHS = "dfs.datanode.shared.file.descriptor.paths";
|
||||
public static final String DFS_DATANODE_SHARED_FILE_DESCRIPTOR_PATHS_DEFAULT = "/dev/shm,/tmp";
|
||||
public static final String DFS_SHORT_CIRCUIT_SHARED_MEMORY_WATCHER_INTERRUPT_CHECK_MS = "dfs.short.circuit.shared.memory.watcher.interrupt.check.ms";
|
||||
public static final int DFS_SHORT_CIRCUIT_SHARED_MEMORY_WATCHER_INTERRUPT_CHECK_MS_DEFAULT = 60000;
|
||||
public static final String DFS_NAMENODE_KEYTAB_FILE_KEY = "dfs.namenode.keytab.file";
|
||||
public static final String DFS_NAMENODE_USER_NAME_KEY = "dfs.namenode.kerberos.principal";
|
||||
public static final String DFS_NAMENODE_INTERNAL_SPNEGO_USER_NAME_KEY = "dfs.namenode.kerberos.internal.spnego.principal";
|
||||
public static final String DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY = "dfs.namenode.kerberos.principal";
|
||||
public static final String DFS_NAMENODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY = "dfs.namenode.kerberos.internal.spnego.principal";
|
||||
public static final String DFS_SECONDARY_NAMENODE_KEYTAB_FILE_KEY = "dfs.secondary.namenode.keytab.file";
|
||||
public static final String DFS_SECONDARY_NAMENODE_USER_NAME_KEY = "dfs.secondary.namenode.kerberos.principal";
|
||||
public static final String DFS_SECONDARY_NAMENODE_INTERNAL_SPNEGO_USER_NAME_KEY = "dfs.secondary.namenode.kerberos.internal.spnego.principal";
|
||||
public static final String DFS_SECONDARY_NAMENODE_KERBEROS_PRINCIPAL_KEY = "dfs.secondary.namenode.kerberos.principal";
|
||||
public static final String DFS_SECONDARY_NAMENODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY = "dfs.secondary.namenode.kerberos.internal.spnego.principal";
|
||||
public static final String DFS_NAMENODE_NAME_CACHE_THRESHOLD_KEY = "dfs.namenode.name.cache.threshold";
|
||||
public static final int DFS_NAMENODE_NAME_CACHE_THRESHOLD_DEFAULT = 10;
|
||||
|
||||
|
|
@ -553,8 +553,8 @@ public class DFSConfigKeys extends CommonConfigurationKeys {
|
|||
public static final String DFS_JOURNALNODE_HTTPS_ADDRESS_DEFAULT = "0.0.0.0:" + DFS_JOURNALNODE_HTTPS_PORT_DEFAULT;
|
||||
|
||||
public static final String DFS_JOURNALNODE_KEYTAB_FILE_KEY = "dfs.journalnode.keytab.file";
|
||||
public static final String DFS_JOURNALNODE_USER_NAME_KEY = "dfs.journalnode.kerberos.principal";
|
||||
public static final String DFS_JOURNALNODE_INTERNAL_SPNEGO_USER_NAME_KEY = "dfs.journalnode.kerberos.internal.spnego.principal";
|
||||
public static final String DFS_JOURNALNODE_KERBEROS_PRINCIPAL_KEY = "dfs.journalnode.kerberos.principal";
|
||||
public static final String DFS_JOURNALNODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY = "dfs.journalnode.kerberos.internal.spnego.principal";
|
||||
|
||||
// Journal-node related configs for the client side.
|
||||
public static final String DFS_QJOURNAL_QUEUE_SIZE_LIMIT_KEY = "dfs.qjournal.queued-edits.limit.mb";
|
||||
|
|
@ -630,5 +630,5 @@ public class DFSConfigKeys extends CommonConfigurationKeys {
|
|||
"dfs.client.hedged.read.threadpool.size";
|
||||
public static final int DEFAULT_DFSCLIENT_HEDGED_READ_THREADPOOL_SIZE = 0;
|
||||
public static final String DFS_NFS_KEYTAB_FILE_KEY = "dfs.nfs.keytab.file";
|
||||
public static final String DFS_NFS_USER_NAME_KEY = "dfs.nfs.kerberos.principal";
|
||||
public static final String DFS_NFS_KERBEROS_PRINCIPAL_KEY = "dfs.nfs.kerberos.principal";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -681,7 +681,7 @@ public class DFSUtil {
|
|||
Configuration confForNn = new Configuration(conf);
|
||||
NameNode.initializeGenericKeys(confForNn, nsId, nnId);
|
||||
String principal = SecurityUtil.getServerPrincipal(confForNn
|
||||
.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY),
|
||||
.get(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY),
|
||||
NameNode.getAddress(confForNn).getHostName());
|
||||
principals.add(principal);
|
||||
}
|
||||
|
|
@ -689,7 +689,7 @@ public class DFSUtil {
|
|||
Configuration confForNn = new Configuration(conf);
|
||||
NameNode.initializeGenericKeys(confForNn, nsId, null);
|
||||
String principal = SecurityUtil.getServerPrincipal(confForNn
|
||||
.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY),
|
||||
.get(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY),
|
||||
NameNode.getAddress(confForNn).getHostName());
|
||||
principals.add(principal);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ import org.apache.hadoop.security.token.TokenInfo;
|
|||
@InterfaceAudience.Private
|
||||
@InterfaceStability.Evolving
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_DATANODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@TokenInfo(BlockTokenSelector.class)
|
||||
public interface ClientDatanodeProtocol {
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@ import org.apache.hadoop.security.token.TokenInfo;
|
|||
@InterfaceAudience.Private
|
||||
@InterfaceStability.Evolving
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@TokenInfo(DelegationTokenSelector.class)
|
||||
public interface ClientProtocol {
|
||||
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ import org.apache.hadoop.security.KerberosInfo;
|
|||
import org.apache.hadoop.security.token.TokenInfo;
|
||||
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_DATANODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@TokenInfo(BlockTokenSelector.class)
|
||||
@ProtocolInfo(protocolName =
|
||||
"org.apache.hadoop.hdfs.protocol.ClientDatanodeProtocol",
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ import org.apache.hadoop.security.token.TokenInfo;
|
|||
@InterfaceAudience.Private
|
||||
@InterfaceStability.Stable
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@TokenInfo(DelegationTokenSelector.class)
|
||||
@ProtocolInfo(protocolName = HdfsConstants.CLIENT_NAMENODE_PROTOCOL_NAME,
|
||||
protocolVersion = 1)
|
||||
|
|
|
|||
|
|
@ -25,8 +25,8 @@ import org.apache.hadoop.ipc.ProtocolInfo;
|
|||
import org.apache.hadoop.security.KerberosInfo;
|
||||
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_DATANODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@ProtocolInfo(
|
||||
protocolName = "org.apache.hadoop.hdfs.server.protocol.DatanodeProtocol",
|
||||
protocolVersion = 1)
|
||||
|
|
|
|||
|
|
@ -24,8 +24,8 @@ import org.apache.hadoop.ipc.ProtocolInfo;
|
|||
import org.apache.hadoop.security.KerberosInfo;
|
||||
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_DATANODE_USER_NAME_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_DATANODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@ProtocolInfo(protocolName =
|
||||
"org.apache.hadoop.hdfs.server.protocol.InterDatanodeProtocol",
|
||||
protocolVersion = 1)
|
||||
|
|
|
|||
|
|
@ -31,8 +31,8 @@ import org.apache.hadoop.security.KerberosInfo;
|
|||
* add annotations required for security.
|
||||
*/
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@ProtocolInfo(protocolName =
|
||||
"org.apache.hadoop.hdfs.server.protocol.JournalProtocol",
|
||||
protocolVersion = 1)
|
||||
|
|
|
|||
|
|
@ -32,8 +32,8 @@ import org.apache.hadoop.security.KerberosInfo;
|
|||
* add annotations required for security.
|
||||
*/
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@ProtocolInfo(protocolName =
|
||||
"org.apache.hadoop.hdfs.server.protocol.NamenodeProtocol",
|
||||
protocolVersion = 1)
|
||||
|
|
|
|||
|
|
@ -43,8 +43,8 @@ import org.apache.hadoop.security.KerberosInfo;
|
|||
* recovery of the nodes.
|
||||
*/
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_JOURNALNODE_USER_NAME_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_JOURNALNODE_KERBEROS_PRINCIPAL_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@InterfaceAudience.Private
|
||||
public interface QJournalProtocol {
|
||||
public static final long versionID = 1L;
|
||||
|
|
|
|||
|
|
@ -30,8 +30,8 @@ import org.apache.hadoop.security.KerberosInfo;
|
|||
* add annotations required for security.
|
||||
*/
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_JOURNALNODE_USER_NAME_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_JOURNALNODE_KERBEROS_PRINCIPAL_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@ProtocolInfo(protocolName =
|
||||
"org.apache.hadoop.hdfs.qjournal.protocol.QJournalProtocol",
|
||||
protocolVersion = 1)
|
||||
|
|
|
|||
|
|
@ -93,7 +93,7 @@ public class GetJournalEditServlet extends HttpServlet {
|
|||
validRequestors.addAll(DFSUtil.getAllNnPrincipals(conf));
|
||||
validRequestors.add(
|
||||
SecurityUtil.getServerPrincipal(conf
|
||||
.get(DFSConfigKeys.DFS_SECONDARY_NAMENODE_USER_NAME_KEY),
|
||||
.get(DFSConfigKeys.DFS_SECONDARY_NAMENODE_KERBEROS_PRINCIPAL_KEY),
|
||||
SecondaryNameNode.getHttpAddress(conf).getHostName()));
|
||||
|
||||
// Check the full principal name of all the configured valid requestors.
|
||||
|
|
|
|||
|
|
@ -140,7 +140,7 @@ public class JournalNode implements Tool, Configurable, JournalNodeMXBean {
|
|||
|
||||
InetSocketAddress socAddr = JournalNodeRpcServer.getAddress(conf);
|
||||
SecurityUtil.login(conf, DFSConfigKeys.DFS_JOURNALNODE_KEYTAB_FILE_KEY,
|
||||
DFSConfigKeys.DFS_JOURNALNODE_USER_NAME_KEY, socAddr.getHostName());
|
||||
DFSConfigKeys.DFS_JOURNALNODE_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName());
|
||||
|
||||
registerJNMXBean();
|
||||
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ public class JournalNodeHttpServer {
|
|||
|
||||
HttpServer2.Builder builder = DFSUtil.httpServerTemplateForNNAndJN(conf,
|
||||
httpAddr, httpsAddr, "journal",
|
||||
DFSConfigKeys.DFS_JOURNALNODE_INTERNAL_SPNEGO_USER_NAME_KEY,
|
||||
DFSConfigKeys.DFS_JOURNALNODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY,
|
||||
DFSConfigKeys.DFS_JOURNALNODE_KEYTAB_FILE_KEY);
|
||||
|
||||
httpServer = builder.build();
|
||||
|
|
|
|||
|
|
@ -1768,7 +1768,7 @@ public class DataNode extends Configured
|
|||
Collection<StorageLocation> dataLocations = getStorageLocations(conf);
|
||||
UserGroupInformation.setConfiguration(conf);
|
||||
SecurityUtil.login(conf, DFS_DATANODE_KEYTAB_FILE_KEY,
|
||||
DFS_DATANODE_USER_NAME_KEY);
|
||||
DFS_DATANODE_KERBEROS_PRINCIPAL_KEY);
|
||||
return makeInstance(dataLocations, conf, resources);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -235,16 +235,16 @@ public class ImageServlet extends HttpServlet {
|
|||
Set<String> validRequestors = new HashSet<String>();
|
||||
|
||||
validRequestors.add(SecurityUtil.getServerPrincipal(conf
|
||||
.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY),
|
||||
.get(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY),
|
||||
NameNode.getAddress(conf).getHostName()));
|
||||
validRequestors.add(SecurityUtil.getServerPrincipal(
|
||||
conf.get(DFSConfigKeys.DFS_SECONDARY_NAMENODE_USER_NAME_KEY),
|
||||
conf.get(DFSConfigKeys.DFS_SECONDARY_NAMENODE_KERBEROS_PRINCIPAL_KEY),
|
||||
SecondaryNameNode.getHttpAddress(conf).getHostName()));
|
||||
|
||||
if (HAUtil.isHAEnabled(conf, DFSUtil.getNamenodeNameServiceId(conf))) {
|
||||
Configuration otherNnConf = HAUtil.getConfForOtherNode(conf);
|
||||
validRequestors.add(SecurityUtil.getServerPrincipal(otherNnConf
|
||||
.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY),
|
||||
.get(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY),
|
||||
NameNode.getAddress(otherNnConf).getHostName()));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -181,8 +181,8 @@ public class NameNode implements NameNodeStatusMXBean {
|
|||
DFS_NAMENODE_BACKUP_ADDRESS_KEY,
|
||||
DFS_NAMENODE_BACKUP_HTTP_ADDRESS_KEY,
|
||||
DFS_NAMENODE_BACKUP_SERVICE_RPC_ADDRESS_KEY,
|
||||
DFS_NAMENODE_USER_NAME_KEY,
|
||||
DFS_NAMENODE_INTERNAL_SPNEGO_USER_NAME_KEY,
|
||||
DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY,
|
||||
DFS_NAMENODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY,
|
||||
DFS_HA_FENCE_METHODS_KEY,
|
||||
DFS_HA_ZKFC_PORT_KEY,
|
||||
DFS_HA_FENCE_METHODS_KEY
|
||||
|
|
@ -482,7 +482,7 @@ public class NameNode implements NameNodeStatusMXBean {
|
|||
void loginAsNameNodeUser(Configuration conf) throws IOException {
|
||||
InetSocketAddress socAddr = getRpcServerAddress(conf);
|
||||
SecurityUtil.login(conf, DFS_NAMENODE_KEYTAB_FILE_KEY,
|
||||
DFS_NAMENODE_USER_NAME_KEY, socAddr.getHostName());
|
||||
DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName());
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -814,7 +814,7 @@ public class NameNode implements NameNodeStatusMXBean {
|
|||
if (UserGroupInformation.isSecurityEnabled()) {
|
||||
InetSocketAddress socAddr = getAddress(conf);
|
||||
SecurityUtil.login(conf, DFS_NAMENODE_KEYTAB_FILE_KEY,
|
||||
DFS_NAMENODE_USER_NAME_KEY, socAddr.getHostName());
|
||||
DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName());
|
||||
}
|
||||
|
||||
Collection<URI> nameDirsToFormat = FSNamesystem.getNamespaceDirs(conf);
|
||||
|
|
@ -917,7 +917,7 @@ public class NameNode implements NameNodeStatusMXBean {
|
|||
if (UserGroupInformation.isSecurityEnabled()) {
|
||||
InetSocketAddress socAddr = getAddress(conf);
|
||||
SecurityUtil.login(conf, DFS_NAMENODE_KEYTAB_FILE_KEY,
|
||||
DFS_NAMENODE_USER_NAME_KEY, socAddr.getHostName());
|
||||
DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName());
|
||||
}
|
||||
|
||||
NNStorage existingStorage = null;
|
||||
|
|
|
|||
|
|
@ -110,7 +110,7 @@ public class NameNodeHttpServer {
|
|||
|
||||
HttpServer2.Builder builder = DFSUtil.httpServerTemplateForNNAndJN(conf,
|
||||
httpAddr, httpsAddr, "hdfs",
|
||||
DFSConfigKeys.DFS_NAMENODE_INTERNAL_SPNEGO_USER_NAME_KEY,
|
||||
DFSConfigKeys.DFS_NAMENODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY,
|
||||
DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY);
|
||||
|
||||
httpServer = builder.build();
|
||||
|
|
|
|||
|
|
@ -219,7 +219,7 @@ public class SecondaryNameNode implements Runnable {
|
|||
if (UserGroupInformation.isSecurityEnabled()) {
|
||||
SecurityUtil.login(conf,
|
||||
DFSConfigKeys.DFS_SECONDARY_NAMENODE_KEYTAB_FILE_KEY,
|
||||
DFSConfigKeys.DFS_SECONDARY_NAMENODE_USER_NAME_KEY, infoBindAddress);
|
||||
DFSConfigKeys.DFS_SECONDARY_NAMENODE_KERBEROS_PRINCIPAL_KEY, infoBindAddress);
|
||||
}
|
||||
// initiate Java VM metrics
|
||||
DefaultMetricsSystem.initialize("SecondaryNameNode");
|
||||
|
|
@ -263,7 +263,7 @@ public class SecondaryNameNode implements Runnable {
|
|||
|
||||
HttpServer2.Builder builder = DFSUtil.httpServerTemplateForNNAndJN(conf,
|
||||
httpAddr, httpsAddr, "secondary",
|
||||
DFSConfigKeys.DFS_SECONDARY_NAMENODE_INTERNAL_SPNEGO_USER_NAME_KEY,
|
||||
DFSConfigKeys.DFS_SECONDARY_NAMENODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY,
|
||||
DFSConfigKeys.DFS_SECONDARY_NAMENODE_KEYTAB_FILE_KEY);
|
||||
|
||||
infoServer = builder.build();
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@
|
|||
package org.apache.hadoop.hdfs.server.namenode.ha;
|
||||
|
||||
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY;
|
||||
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY;
|
||||
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.InetSocketAddress;
|
||||
|
|
@ -97,7 +97,7 @@ public class BootstrapStandby implements Tool, Configurable {
|
|||
|
||||
InetSocketAddress myAddr = NameNode.getAddress(conf);
|
||||
SecurityUtil.login(conf, DFS_NAMENODE_KEYTAB_FILE_KEY,
|
||||
DFS_NAMENODE_USER_NAME_KEY, myAddr.getHostName());
|
||||
DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, myAddr.getHostName());
|
||||
|
||||
return SecurityUtil.doAsLoginUserOrFatal(new PrivilegedAction<Integer>() {
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -39,8 +39,8 @@ import org.apache.hadoop.security.KerberosInfo;
|
|||
*
|
||||
**********************************************************************/
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_DATANODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@InterfaceAudience.Private
|
||||
public interface DatanodeProtocol {
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -31,8 +31,8 @@ import org.apache.hadoop.security.KerberosInfo;
|
|||
/** An inter-datanode protocol for updating generation stamp
|
||||
*/
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_DATANODE_USER_NAME_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_DATANODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@InterfaceAudience.Private
|
||||
public interface InterDatanodeProtocol {
|
||||
public static final Log LOG = LogFactory.getLog(InterDatanodeProtocol.class);
|
||||
|
|
|
|||
|
|
@ -28,8 +28,8 @@ import org.apache.hadoop.security.KerberosInfo;
|
|||
* this is used to publish edits from the NameNode to a BackupNode.
|
||||
*/
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@InterfaceAudience.Private
|
||||
public interface JournalProtocol {
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ import org.apache.hadoop.security.KerberosInfo;
|
|||
* It's used to get part of the name node state
|
||||
*****************************************************************************/
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@InterfaceAudience.Private
|
||||
public interface NamenodeProtocol {
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -975,7 +975,7 @@ public class DFSAdmin extends FsShell {
|
|||
// server principal for this call
|
||||
// should be NN's one.
|
||||
conf.set(CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_USER_NAME_KEY,
|
||||
conf.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY, ""));
|
||||
conf.get(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, ""));
|
||||
|
||||
// Create the client
|
||||
RefreshAuthorizationPolicyProtocol refreshProtocol =
|
||||
|
|
@ -1001,7 +1001,7 @@ public class DFSAdmin extends FsShell {
|
|||
// server principal for this call
|
||||
// should be NN's one.
|
||||
conf.set(CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_USER_NAME_KEY,
|
||||
conf.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY, ""));
|
||||
conf.get(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, ""));
|
||||
|
||||
// Create the client
|
||||
RefreshUserMappingsProtocol refreshProtocol =
|
||||
|
|
@ -1028,7 +1028,7 @@ public class DFSAdmin extends FsShell {
|
|||
// server principal for this call
|
||||
// should be NAMENODE's one.
|
||||
conf.set(CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_USER_NAME_KEY,
|
||||
conf.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY, ""));
|
||||
conf.get(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, ""));
|
||||
|
||||
// Create the client
|
||||
RefreshUserMappingsProtocol refreshProtocol =
|
||||
|
|
@ -1049,7 +1049,7 @@ public class DFSAdmin extends FsShell {
|
|||
// server principal for this call
|
||||
// should be NN's one.
|
||||
conf.set(CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_USER_NAME_KEY,
|
||||
conf.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY, ""));
|
||||
conf.get(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, ""));
|
||||
|
||||
// Create the client
|
||||
RefreshCallQueueProtocol refreshProtocol =
|
||||
|
|
@ -1415,7 +1415,7 @@ public class DFSAdmin extends FsShell {
|
|||
|
||||
// For datanode proxy the server principal should be DN's one.
|
||||
conf.set(CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_USER_NAME_KEY,
|
||||
conf.get(DFSConfigKeys.DFS_DATANODE_USER_NAME_KEY, ""));
|
||||
conf.get(DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY, ""));
|
||||
|
||||
// Create the client
|
||||
ClientDatanodeProtocol dnProtocol =
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ public class DFSHAAdmin extends HAAdmin {
|
|||
// force loading of hdfs-site.xml.
|
||||
conf = new HdfsConfiguration(conf);
|
||||
String nameNodePrincipal = conf.get(
|
||||
DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY, "");
|
||||
DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, "");
|
||||
if (LOG.isDebugEnabled()) {
|
||||
LOG.debug("Using NN principal: " + nameNodePrincipal);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@
|
|||
package org.apache.hadoop.hdfs.tools;
|
||||
|
||||
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY;
|
||||
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY;
|
||||
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.InetSocketAddress;
|
||||
|
|
@ -152,7 +152,7 @@ public class DFSZKFailoverController extends ZKFailoverController {
|
|||
public void loginAsFCUser() throws IOException {
|
||||
InetSocketAddress socAddr = NameNode.getAddress(conf);
|
||||
SecurityUtil.login(conf, DFS_NAMENODE_KEYTAB_FILE_KEY,
|
||||
DFS_NAMENODE_USER_NAME_KEY, socAddr.getHostName());
|
||||
DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ public class GetGroups extends GetGroupsBase {
|
|||
public void setConf(Configuration conf) {
|
||||
conf = new HdfsConfiguration(conf);
|
||||
String nameNodePrincipal = conf.get(
|
||||
DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY, "");
|
||||
DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, "");
|
||||
|
||||
if (LOG.isDebugEnabled()) {
|
||||
LOG.debug("Using NN principal: " + nameNodePrincipal);
|
||||
|
|
|
|||
|
|
@ -78,14 +78,14 @@ HDFS NFS Gateway
|
|||
|
||||
----
|
||||
<property>
|
||||
<name>dfs.nfsgateway.keytab.file</name>
|
||||
<name>dfs.nfs.keytab.file</name>
|
||||
<value>/etc/hadoop/conf/nfsserver.keytab</value> <!-- path to the nfs gateway keytab -->
|
||||
</property>
|
||||
----
|
||||
|
||||
----
|
||||
<property>
|
||||
<name>dfs.nfsgateway.kerberos.principal</name>
|
||||
<name>dfs.nfs.kerberos.principal</name>
|
||||
<value>nfsserver/_HOST@YOUR-REALM.COM</value>
|
||||
</property>
|
||||
----
|
||||
|
|
|
|||
|
|
@ -88,11 +88,11 @@ public class TestStartSecureDataNode {
|
|||
Configuration conf = new HdfsConfiguration();
|
||||
conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION,
|
||||
"kerberos");
|
||||
conf.set(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY, nnPrincipal);
|
||||
conf.set(DFSConfigKeys.DFS_NAMENODE_INTERNAL_SPNEGO_USER_NAME_KEY,
|
||||
conf.set(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, nnPrincipal);
|
||||
conf.set(DFSConfigKeys.DFS_NAMENODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY,
|
||||
nnSpnegoPrincipal);
|
||||
conf.set(DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY, nnKeyTab);
|
||||
conf.set(DFSConfigKeys.DFS_DATANODE_USER_NAME_KEY, dnPrincipal);
|
||||
conf.set(DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY, dnPrincipal);
|
||||
conf.set(DFSConfigKeys.DFS_DATANODE_KEYTAB_FILE_KEY, dnKeyTab);
|
||||
// Secure DataNode requires using ports lower than 1024.
|
||||
conf.set(DFSConfigKeys.DFS_DATANODE_ADDRESS_KEY, "127.0.0.1:1004");
|
||||
|
|
|
|||
|
|
@ -51,13 +51,13 @@ public class TestGetImageServlet {
|
|||
// Set up NN1 HA configs.
|
||||
conf.set(DFSUtil.addKeySuffixes(DFSConfigKeys.DFS_NAMENODE_RPC_ADDRESS_KEY,
|
||||
"ns1", "nn1"), "host1:1234");
|
||||
conf.set(DFSUtil.addKeySuffixes(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY,
|
||||
conf.set(DFSUtil.addKeySuffixes(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY,
|
||||
"ns1", "nn1"), "hdfs/_HOST@TEST-REALM.COM");
|
||||
|
||||
// Set up NN2 HA configs.
|
||||
conf.set(DFSUtil.addKeySuffixes(DFSConfigKeys.DFS_NAMENODE_RPC_ADDRESS_KEY,
|
||||
"ns1", "nn2"), "host2:1234");
|
||||
conf.set(DFSUtil.addKeySuffixes(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY,
|
||||
conf.set(DFSUtil.addKeySuffixes(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY,
|
||||
"ns1", "nn2"), "hdfs/_HOST@TEST-REALM.COM");
|
||||
|
||||
// Initialize this conf object as though we're running on NN1.
|
||||
|
|
|
|||
|
|
@ -80,8 +80,8 @@ public class TestSecureNameNodeWithExternalKdc {
|
|||
Configuration conf = new HdfsConfiguration();
|
||||
conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION,
|
||||
"kerberos");
|
||||
conf.set(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY, nnPrincipal);
|
||||
conf.set(DFSConfigKeys.DFS_NAMENODE_INTERNAL_SPNEGO_USER_NAME_KEY,
|
||||
conf.set(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, nnPrincipal);
|
||||
conf.set(DFSConfigKeys.DFS_NAMENODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY,
|
||||
nnSpnegoPrincipal);
|
||||
conf.set(DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY, nnKeyTab);
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue