HDDS-1355. Only FQDN is accepted for OM rpc address in secure environment. Contributed by Ajay Kumar.
Closes #677
This commit is contained in:
parent
aeb43dfba3
commit
bfc90bdc64
|
@ -51,6 +51,7 @@ import static org.apache.hadoop.hdds.scm.ScmConfigKeys.OZONE_SCM_NAMES;
|
||||||
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED;
|
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED;
|
||||||
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_OPEN_KEY_EXPIRE_THRESHOLD_SECONDS;
|
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_OPEN_KEY_EXPIRE_THRESHOLD_SECONDS;
|
||||||
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_SECURITY_ENABLED_KEY;
|
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_SECURITY_ENABLED_KEY;
|
||||||
|
import static org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_OM_ADDRESS_KEY;
|
||||||
import static org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod.KERBEROS;
|
import static org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod.KERBEROS;
|
||||||
import static org.apache.hadoop.test.GenericTestUtils.*;
|
import static org.apache.hadoop.test.GenericTestUtils.*;
|
||||||
|
|
||||||
|
@ -221,4 +222,20 @@ public class TestSecureOzoneManager {
|
||||||
omLogs.clearOutput();
|
omLogs.clearOutput();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test om bind socket address.
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testSecureOmInitFailure() throws Exception {
|
||||||
|
OzoneConfiguration config = new OzoneConfiguration(conf);
|
||||||
|
OMStorage omStorage = new OMStorage(config);
|
||||||
|
omStorage.setClusterId(clusterId);
|
||||||
|
omStorage.setScmId(scmId);
|
||||||
|
omStorage.setOmId(omId);
|
||||||
|
config.set(OZONE_OM_ADDRESS_KEY, "om-unknown");
|
||||||
|
LambdaTestUtils.intercept(RuntimeException.class, "Can't get SCM signed" +
|
||||||
|
" certificate",
|
||||||
|
() -> OzoneManager.initializeSecurity(config, omStorage));
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1374,8 +1374,12 @@ public final class OzoneManager extends ServiceRuntimeInfoImpl
|
||||||
KeyPair keyPair = new KeyPair(client.getPublicKey(),
|
KeyPair keyPair = new KeyPair(client.getPublicKey(),
|
||||||
client.getPrivateKey());
|
client.getPrivateKey());
|
||||||
InetSocketAddress omRpcAdd;
|
InetSocketAddress omRpcAdd;
|
||||||
|
|
||||||
omRpcAdd = OmUtils.getOmAddress(config);
|
omRpcAdd = OmUtils.getOmAddress(config);
|
||||||
|
if (omRpcAdd == null || omRpcAdd.getAddress() == null) {
|
||||||
|
LOG.error("Incorrect om rpc address. omRpcAdd:{}", omRpcAdd);
|
||||||
|
throw new RuntimeException("Can't get SCM signed certificate. " +
|
||||||
|
"omRpcAdd: " + omRpcAdd);
|
||||||
|
}
|
||||||
// Get host name.
|
// Get host name.
|
||||||
String hostname = omRpcAdd.getAddress().getHostName();
|
String hostname = omRpcAdd.getAddress().getHostName();
|
||||||
|
|
||||||
|
@ -1388,7 +1392,7 @@ public final class OzoneManager extends ServiceRuntimeInfoImpl
|
||||||
.setScmID(omStore.getScmId())
|
.setScmID(omStore.getScmId())
|
||||||
.setClusterID(omStore.getClusterID())
|
.setClusterID(omStore.getClusterID())
|
||||||
.setSubject(subject)
|
.setSubject(subject)
|
||||||
.addIpAddress(omRpcAdd.getAddress().getHostAddress());
|
.addIpAddress(hostname);
|
||||||
|
|
||||||
LOG.info("Creating csr for OM->dns:{},ip:{},scmId:{},clusterId:{}," +
|
LOG.info("Creating csr for OM->dns:{},ip:{},scmId:{},clusterId:{}," +
|
||||||
"subject:{}", hostname, omRpcAdd.getAddress().getHostAddress(),
|
"subject:{}", hostname, omRpcAdd.getAddress().getHostAddress(),
|
||||||
|
@ -1397,7 +1401,7 @@ public final class OzoneManager extends ServiceRuntimeInfoImpl
|
||||||
HddsProtos.OzoneManagerDetailsProto.Builder omDetailsProtoBuilder =
|
HddsProtos.OzoneManagerDetailsProto.Builder omDetailsProtoBuilder =
|
||||||
HddsProtos.OzoneManagerDetailsProto.newBuilder()
|
HddsProtos.OzoneManagerDetailsProto.newBuilder()
|
||||||
.setHostName(omRpcAdd.getHostName())
|
.setHostName(omRpcAdd.getHostName())
|
||||||
.setIpAddress(omRpcAdd.getAddress().getHostAddress())
|
.setIpAddress(hostname)
|
||||||
.setUuid(omStore.getOmId())
|
.setUuid(omStore.getOmId())
|
||||||
.addPorts(HddsProtos.Port.newBuilder()
|
.addPorts(HddsProtos.Port.newBuilder()
|
||||||
.setName(RPC_PORT)
|
.setName(RPC_PORT)
|
||||||
|
|
Loading…
Reference in New Issue