HDDS-1788. Fix kerberos principal error in Ozone Recon. (#1201)

This commit is contained in:
Vivek Ratnavel Subramanian 2019-08-03 10:49:07 -07:00 committed by Bharat Viswanadham
parent 8f40856f76
commit ec1d453846
9 changed files with 39 additions and 24 deletions

View File

@ -612,7 +612,7 @@
<description> <description>
The actual address the OM web server will bind to using HTTPS. The actual address the OM web server will bind to using HTTPS.
If this optional address is set, it overrides only the hostname portion of If this optional address is set, it overrides only the hostname portion of
ozone.om.http-address. ozone.om.https-address.
</description> </description>
</property> </property>
<property> <property>
@ -1040,7 +1040,7 @@
<description> <description>
The actual address the SCM web server will bind to using HTTPS. The actual address the SCM web server will bind to using HTTPS.
If this optional address is set, it overrides only the hostname portion of If this optional address is set, it overrides only the hostname portion of
ozone.scm.http-address. ozone.scm.https-address.
</description> </description>
</property> </property>
<property> <property>
@ -1525,7 +1525,7 @@
<value>5m</value> <value>5m</value>
<tag>OZONE, OM</tag> <tag>OZONE, OM</tag>
<description>Time interval used to store the omMetrics in to a <description>Time interval used to store the omMetrics in to a
file. Background thread perodically stores the OM metrics in to a file. Background thread periodically stores the OM metrics in to a
file. Unit could be defined with postfix (ns,ms,s,m,h,d) file. Unit could be defined with postfix (ns,ms,s,m,h,d)
</description> </description>
</property> </property>

View File

@ -11,7 +11,7 @@
# Unless required by applicable law or agreed to in writing, software # Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, # distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License lsfor the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.

View File

@ -65,6 +65,19 @@ services:
env_file: env_file:
- ./docker-config - ./docker-config
command: ["/opt/hadoop/bin/ozone","s3g"] command: ["/opt/hadoop/bin/ozone","s3g"]
recon:
image: apache/ozone-runner:${HADOOP_RUNNER_VERSION}
hostname: recon
volumes:
- ../..:/opt/hadoop
ports:
- 9888:9888
env_file:
- ./docker-config
environment:
WAITFOR: om:9874
ENSURE_OM_INITIALIZED: /data/metadata/om/current/VERSION
command: ["/opt/hadoop/bin/ozone","recon"]
scm: scm:
image: apache/ozone-runner:${HADOOP_RUNNER_VERSION} image: apache/ozone-runner:${HADOOP_RUNNER_VERSION}
hostname: scm hostname: scm

View File

@ -33,6 +33,10 @@ OZONE-SITE.XML_ozone.om.kerberos.principal=om/om@EXAMPLE.COM
OZONE-SITE.XML_ozone.om.kerberos.keytab.file=/etc/security/keytabs/om.keytab OZONE-SITE.XML_ozone.om.kerberos.keytab.file=/etc/security/keytabs/om.keytab
OZONE-SITE.XML_ozone.s3g.keytab.file=/etc/security/keytabs/HTTP.keytab OZONE-SITE.XML_ozone.s3g.keytab.file=/etc/security/keytabs/HTTP.keytab
OZONE-SITE.XML_ozone.s3g.authentication.kerberos.principal=HTTP/s3g@EXAMPLE.COM OZONE-SITE.XML_ozone.s3g.authentication.kerberos.principal=HTTP/s3g@EXAMPLE.COM
OZONE-SITE.XML_ozone.recon.authentication.kerberos.principal=HTTP/recon@EXAMPLE.COM
OZONE-SITE.XML_ozone.recon.keytab.file=/etc/security/keytabs/HTTP.keytab
OZONE-SITE.XML_ozone.recon.db.dir=/data/metadata/recon
OZONE-SITE.XML_recon.om.snapshot.task.initial.delay=20s
OZONE-SITE.XML_ozone.security.enabled=true OZONE-SITE.XML_ozone.security.enabled=true
OZONE-SITE.XML_ozone.acl.enabled=true OZONE-SITE.XML_ozone.acl.enabled=true

View File

@ -11,7 +11,7 @@
# Unless required by applicable law or agreed to in writing, software # Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, # distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License lsfor the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.

View File

@ -17,9 +17,9 @@
*/ */
package org.apache.hadoop.ozone.recon; package org.apache.hadoop.ozone.recon;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import com.google.inject.Provider; import com.google.inject.Provider;
import org.apache.hadoop.conf.Configuration;
/** /**
* Ozone Configuration Provider. * Ozone Configuration Provider.
@ -27,17 +27,17 @@ import com.google.inject.Provider;
* As the OzoneConfiguration is created by the CLI application here we inject * As the OzoneConfiguration is created by the CLI application here we inject
* it via a singleton instance to the Jax-RS/CDI instances. * it via a singleton instance to the Jax-RS/CDI instances.
*/ */
public class OzoneConfigurationProvider implements public class ConfigurationProvider implements
Provider<OzoneConfiguration> { Provider<Configuration> {
private static OzoneConfiguration configuration; private static Configuration configuration;
static void setConfiguration(OzoneConfiguration conf) { static void setConfiguration(Configuration conf) {
OzoneConfigurationProvider.configuration = conf; ConfigurationProvider.configuration = conf;
} }
@Override @Override
public OzoneConfiguration get() { public Configuration get() {
return configuration; return configuration;
} }
} }

View File

@ -29,6 +29,7 @@ import static org.apache.hadoop.ozone.recon.ReconServerConfigKeys.OZONE_RECON_SQ
import static org.apache.hadoop.ozone.recon.ReconServerConfigKeys.OZONE_RECON_SQL_MAX_IDLE_CONNECTION_AGE; import static org.apache.hadoop.ozone.recon.ReconServerConfigKeys.OZONE_RECON_SQL_MAX_IDLE_CONNECTION_AGE;
import static org.apache.hadoop.ozone.recon.ReconServerConfigKeys.OZONE_RECON_SQL_MAX_IDLE_CONNECTION_TEST_STMT; import static org.apache.hadoop.ozone.recon.ReconServerConfigKeys.OZONE_RECON_SQL_MAX_IDLE_CONNECTION_TEST_STMT;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdds.conf.OzoneConfiguration; import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.ozone.recon.persistence.DataSourceConfiguration; import org.apache.hadoop.ozone.recon.persistence.DataSourceConfiguration;
import org.apache.hadoop.ozone.recon.persistence.JooqPersistenceModule; import org.apache.hadoop.ozone.recon.persistence.JooqPersistenceModule;
@ -53,7 +54,7 @@ import com.google.inject.Singleton;
public class ReconControllerModule extends AbstractModule { public class ReconControllerModule extends AbstractModule {
@Override @Override
protected void configure() { protected void configure() {
bind(OzoneConfiguration.class).toProvider(OzoneConfigurationProvider.class); bind(Configuration.class).toProvider(ConfigurationProvider.class);
bind(ReconHttpServer.class).in(Singleton.class); bind(ReconHttpServer.class).in(Singleton.class);
bind(DBStore.class) bind(DBStore.class)
.toProvider(ReconContainerDBProvider.class).in(Singleton.class); .toProvider(ReconContainerDBProvider.class).in(Singleton.class);

View File

@ -64,7 +64,7 @@ public class ReconServer extends GenericCli {
@Override @Override
public Void call() throws Exception { public Void call() throws Exception {
OzoneConfiguration ozoneConfiguration = createOzoneConfiguration(); OzoneConfiguration ozoneConfiguration = createOzoneConfiguration();
OzoneConfigurationProvider.setConfiguration(ozoneConfiguration); ConfigurationProvider.setConfiguration(ozoneConfiguration);
injector = Guice.createInjector(new injector = Guice.createInjector(new
ReconControllerModule(), new ReconRestServletModule() { ReconControllerModule(), new ReconRestServletModule() {

View File

@ -18,7 +18,6 @@
package org.apache.hadoop.ozone.recon.spi.impl; package org.apache.hadoop.ozone.recon.spi.impl;
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_SECURITY_ENABLED_KEY;
import static org.apache.hadoop.ozone.OzoneConsts.OZONE_DB_CHECKPOINT_REQUEST_FLUSH; import static org.apache.hadoop.ozone.OzoneConsts.OZONE_DB_CHECKPOINT_REQUEST_FLUSH;
import static org.apache.hadoop.ozone.OzoneConsts.OZONE_OM_DB_CHECKPOINT_HTTP_ENDPOINT; import static org.apache.hadoop.ozone.OzoneConsts.OZONE_OM_DB_CHECKPOINT_HTTP_ENDPOINT;
import static org.apache.hadoop.ozone.recon.ReconConstants.RECON_OM_SNAPSHOT_DB; import static org.apache.hadoop.ozone.recon.ReconConstants.RECON_OM_SNAPSHOT_DB;
@ -45,7 +44,9 @@ import javax.inject.Inject;
import javax.inject.Singleton; import javax.inject.Singleton;
import org.apache.commons.io.FileUtils; import org.apache.commons.io.FileUtils;
import org.apache.hadoop.hdds.conf.OzoneConfiguration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdfs.DFSUtil;
import org.apache.hadoop.http.HttpConfig;
import org.apache.hadoop.ozone.om.OMConfigKeys; import org.apache.hadoop.ozone.om.OMConfigKeys;
import org.apache.hadoop.ozone.om.OMMetadataManager; import org.apache.hadoop.ozone.om.OMMetadataManager;
import org.apache.hadoop.ozone.recon.recovery.ReconOMMetadataManager; import org.apache.hadoop.ozone.recon.recovery.ReconOMMetadataManager;
@ -74,14 +75,11 @@ public class OzoneManagerServiceProviderImpl
private File omSnapshotDBParentDir = null; private File omSnapshotDBParentDir = null;
private String omDBSnapshotUrl; private String omDBSnapshotUrl;
@Inject
private OzoneConfiguration configuration;
@Inject @Inject
private ReconOMMetadataManager omMetadataManager; private ReconOMMetadataManager omMetadataManager;
@Inject @Inject
public OzoneManagerServiceProviderImpl(OzoneConfiguration configuration) { public OzoneManagerServiceProviderImpl(Configuration configuration) {
String ozoneManagerHttpAddress = configuration.get(OMConfigKeys String ozoneManagerHttpAddress = configuration.get(OMConfigKeys
.OZONE_OM_HTTP_ADDRESS_KEY); .OZONE_OM_HTTP_ADDRESS_KEY);
@ -92,8 +90,7 @@ public class OzoneManagerServiceProviderImpl
omSnapshotDBParentDir = getReconDbDir(configuration, omSnapshotDBParentDir = getReconDbDir(configuration,
OZONE_RECON_OM_SNAPSHOT_DB_DIR); OZONE_RECON_OM_SNAPSHOT_DB_DIR);
boolean ozoneSecurityEnabled = configuration.getBoolean( HttpConfig.Policy policy = DFSUtil.getHttpPolicy(configuration);
OZONE_SECURITY_ENABLED_KEY, false);
int socketTimeout = (int) configuration.getTimeDuration( int socketTimeout = (int) configuration.getTimeDuration(
RECON_OM_SOCKET_TIMEOUT, RECON_OM_SOCKET_TIMEOUT_DEFAULT, RECON_OM_SOCKET_TIMEOUT, RECON_OM_SOCKET_TIMEOUT_DEFAULT,
@ -118,7 +115,7 @@ public class OzoneManagerServiceProviderImpl
omDBSnapshotUrl = "http://" + ozoneManagerHttpAddress + omDBSnapshotUrl = "http://" + ozoneManagerHttpAddress +
OZONE_OM_DB_CHECKPOINT_HTTP_ENDPOINT; OZONE_OM_DB_CHECKPOINT_HTTP_ENDPOINT;
if (ozoneSecurityEnabled) { if (policy.isHttpsEnabled()) {
omDBSnapshotUrl = "https://" + ozoneManagerHttpsAddress + omDBSnapshotUrl = "https://" + ozoneManagerHttpsAddress +
OZONE_OM_DB_CHECKPOINT_HTTP_ENDPOINT; OZONE_OM_DB_CHECKPOINT_HTTP_ENDPOINT;
} }