Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HDDS-596. Add robot test for OM Block Token. Contributed by Ajay Kumar. 

This closes (#581)
This commit is contained in:
Ajay Yadav 2019-03-11 15:01:04 -07:00 committed by Xiaoyu Yao
parent 4ad295a4f1
commit 599e926d46
5 changed files with 28 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/authority/DefaultCAServer.java
View File

@ -224,12 +224,16 @@ public Future<X509CertificateHolder> requestCertificate(
break; break;
case KERBEROS_TRUSTED: case KERBEROS_TRUSTED:
case TESTING_AUTOMATIC: case TESTING_AUTOMATIC:
X509CertificateHolder xcert = approver.sign(config, X509CertificateHolder xcert;
getCAKeys().getPrivate(), try {
getCACertificate(), java.sql.Date.valueOf(beginDate), xcert = signAndStoreCertificate(beginDate, endDate, csr);
java.sql.Date.valueOf(endDate), csr, scmID, clusterID); } catch (SCMSecurityException e) {
store.storeValidCertificate(xcert.getSerialNumber(), // Certificate with conflicting serial id, retry again may resolve
CertificateCodec.getX509Certificate(xcert)); // this issue.
LOG.error("Certificate storage failed, retrying one more time.", e);
xcert = signAndStoreCertificate(beginDate, endDate, csr);
}
xcertHolder.complete(xcert); xcertHolder.complete(xcert);
break; break;
default: default:
@ -242,6 +246,18 @@ public Future<X509CertificateHolder> requestCertificate(
return xcertHolder; return xcertHolder;
} }
private X509CertificateHolder signAndStoreCertificate(LocalDate beginDate, LocalDate endDate,
PKCS10CertificationRequest csr) throws IOException,
OperatorCreationException, CertificateException {
X509CertificateHolder xcert = approver.sign(config,
getCAKeys().getPrivate(),
getCACertificate(), java.sql.Date.valueOf(beginDate),
java.sql.Date.valueOf(endDate), csr, scmID, clusterID);
store.storeValidCertificate(xcert.getSerialNumber(),
CertificateCodec.getX509Certificate(xcert));
return xcert;
}
@Override @Override
public Future<X509CertificateHolder> requestCertificate(String csr, public Future<X509CertificateHolder> requestCertificate(String csr,
CertificateApprover.ApprovalType type) throws IOException { CertificateApprover.ApprovalType type) throws IOException {

1
hadoop-ozone/dist/src/main/compose/ozonesecure/docker-compose.yaml vendored
View File

@ -38,7 +38,6 @@ services:
image: apache/hadoop-runner image: apache/hadoop-runner
volumes: volumes:
- ../..:/opt/hadoop - ../..:/opt/hadoop
hostname: datanode
ports: ports:
- 9864 - 9864
command: ["/opt/hadoop/bin/ozone","datanode"] command: ["/opt/hadoop/bin/ozone","datanode"]

1
hadoop-ozone/dist/src/main/compose/ozonesecure/docker-config vendored
View File

@ -23,6 +23,7 @@ OZONE-SITE.XML_ozone.scm.block.client.address=scm
OZONE-SITE.XML_ozone.metadata.dirs=/data/metadata OZONE-SITE.XML_ozone.metadata.dirs=/data/metadata
OZONE-SITE.XML_ozone.handler.type=distributed OZONE-SITE.XML_ozone.handler.type=distributed
OZONE-SITE.XML_ozone.scm.client.address=scm OZONE-SITE.XML_ozone.scm.client.address=scm
OZONE-SITE.XML_hdds.block.token.enabled=true
OZONE-SITE.XML_ozone.replication=1 OZONE-SITE.XML_ozone.replication=1
OZONE-SITE.XML_hdds.scm.kerberos.principal=scm/scm@EXAMPLE.COM OZONE-SITE.XML_hdds.scm.kerberos.principal=scm/scm@EXAMPLE.COM
OZONE-SITE.XML_hdds.scm.kerberos.keytab.file=/etc/security/keytabs/scm.keytab OZONE-SITE.XML_hdds.scm.kerberos.keytab.file=/etc/security/keytabs/scm.keytab

5
hadoop-ozone/dist/src/main/smoketest/security/ozone-secure.robot vendored
View File

@ -23,7 +23,8 @@ Create volume and bucket
${rc} ${output} = Run And Return Rc And Output ozone sh volume create o3://om/fstest --user bilbo --quota 100TB --root ${rc} ${output} = Run And Return Rc And Output ozone sh volume create o3://om/fstest --user bilbo --quota 100TB --root
Should contain ${output} Client cannot authenticate via Should contain ${output} Client cannot authenticate via
# Authenticate testuser # Authenticate testuser
Execute kinit -k testuser/datanode@EXAMPLE.COM -t /etc/security/keytabs/testuser.keytab ${hostname}= Execute hostname
Execute kinit -k testuser/${hostname}@EXAMPLE.COM -t /etc/security/keytabs/testuser.keytab
Execute ozone sh volume create o3://om/fstest --user bilbo --quota 100TB --root Execute ozone sh volume create o3://om/fstest --user bilbo --quota 100TB --root
Execute ozone sh volume create o3://om/fstest2 --user bilbo --quota 100TB --root Execute ozone sh volume create o3://om/fstest2 --user bilbo --quota 100TB --root
Execute ozone sh bucket create o3://om/fstest/bucket1 Execute ozone sh bucket create o3://om/fstest/bucket1
@ -107,5 +108,5 @@ Run ozoneFS tests
Execute ls -l GET.txt Execute ls -l GET.txt
${rc} ${result} = Run And Return Rc And Output ozone fs -ls o3fs://abcde.pqrs/ ${rc} ${result} = Run And Return Rc And Output ozone fs -ls o3fs://abcde.pqrs/
Should Be Equal As Integers ${rc} 1 Should Be Equal As Integers ${rc} 1
Should contain ${result} VOLUME_NOT_FOUND Should contain ${result} Volume pqrs is not found

2
hadoop-ozone/dist/src/main/smoketest/test.sh vendored
View File

@ -151,6 +151,8 @@ if [ "$RUN_ALL" = true ]; then
execute_tests ozone-hdfs "${TESTS[@]}" execute_tests ozone-hdfs "${TESTS[@]}"
TESTS=("s3") TESTS=("s3")
execute_tests ozones3 "${TESTS[@]}" execute_tests ozones3 "${TESTS[@]}"
TESTS=("security")
execute_tests ozonesecure "${TESTS[@]}"
else else
execute_tests "$DOCKERENV" "${POSITIONAL[@]}" execute_tests "$DOCKERENV" "${POSITIONAL[@]}"
fi fi