HDDS-1788. Fix kerberos principal error in Ozone Recon. (#1201)
This commit is contained in:
parent
8f40856f76
commit
ec1d453846
|
@ -612,7 +612,7 @@
|
|||
<description>
|
||||
The actual address the OM web server will bind to using HTTPS.
|
||||
If this optional address is set, it overrides only the hostname portion of
|
||||
ozone.om.http-address.
|
||||
ozone.om.https-address.
|
||||
</description>
|
||||
</property>
|
||||
<property>
|
||||
|
@ -1040,7 +1040,7 @@
|
|||
<description>
|
||||
The actual address the SCM web server will bind to using HTTPS.
|
||||
If this optional address is set, it overrides only the hostname portion of
|
||||
ozone.scm.http-address.
|
||||
ozone.scm.https-address.
|
||||
</description>
|
||||
</property>
|
||||
<property>
|
||||
|
@ -1525,7 +1525,7 @@
|
|||
<value>5m</value>
|
||||
<tag>OZONE, OM</tag>
|
||||
<description>Time interval used to store the omMetrics in to a
|
||||
file. Background thread perodically stores the OM metrics in to a
|
||||
file. Background thread periodically stores the OM metrics in to a
|
||||
file. Unit could be defined with postfix (ns,ms,s,m,h,d)
|
||||
</description>
|
||||
</property>
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License lsfor the specific language governing permissions and
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
|
||||
|
|
|
@ -65,6 +65,19 @@ services:
|
|||
env_file:
|
||||
- ./docker-config
|
||||
command: ["/opt/hadoop/bin/ozone","s3g"]
|
||||
recon:
|
||||
image: apache/ozone-runner:${HADOOP_RUNNER_VERSION}
|
||||
hostname: recon
|
||||
volumes:
|
||||
- ../..:/opt/hadoop
|
||||
ports:
|
||||
- 9888:9888
|
||||
env_file:
|
||||
- ./docker-config
|
||||
environment:
|
||||
WAITFOR: om:9874
|
||||
ENSURE_OM_INITIALIZED: /data/metadata/om/current/VERSION
|
||||
command: ["/opt/hadoop/bin/ozone","recon"]
|
||||
scm:
|
||||
image: apache/ozone-runner:${HADOOP_RUNNER_VERSION}
|
||||
hostname: scm
|
||||
|
|
|
@ -33,6 +33,10 @@ OZONE-SITE.XML_ozone.om.kerberos.principal=om/om@EXAMPLE.COM
|
|||
OZONE-SITE.XML_ozone.om.kerberos.keytab.file=/etc/security/keytabs/om.keytab
|
||||
OZONE-SITE.XML_ozone.s3g.keytab.file=/etc/security/keytabs/HTTP.keytab
|
||||
OZONE-SITE.XML_ozone.s3g.authentication.kerberos.principal=HTTP/s3g@EXAMPLE.COM
|
||||
OZONE-SITE.XML_ozone.recon.authentication.kerberos.principal=HTTP/recon@EXAMPLE.COM
|
||||
OZONE-SITE.XML_ozone.recon.keytab.file=/etc/security/keytabs/HTTP.keytab
|
||||
OZONE-SITE.XML_ozone.recon.db.dir=/data/metadata/recon
|
||||
OZONE-SITE.XML_recon.om.snapshot.task.initial.delay=20s
|
||||
|
||||
OZONE-SITE.XML_ozone.security.enabled=true
|
||||
OZONE-SITE.XML_ozone.acl.enabled=true
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License lsfor the specific language governing permissions and
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
|
||||
|
|
|
@ -17,9 +17,9 @@
|
|||
*/
|
||||
package org.apache.hadoop.ozone.recon;
|
||||
|
||||
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
|
||||
|
||||
import com.google.inject.Provider;
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
|
||||
|
||||
/**
|
||||
* Ozone Configuration Provider.
|
||||
|
@ -27,17 +27,17 @@ import com.google.inject.Provider;
|
|||
* As the OzoneConfiguration is created by the CLI application here we inject
|
||||
* it via a singleton instance to the Jax-RS/CDI instances.
|
||||
*/
|
||||
public class OzoneConfigurationProvider implements
|
||||
Provider<OzoneConfiguration> {
|
||||
public class ConfigurationProvider implements
|
||||
Provider<Configuration> {
|
||||
|
||||
private static OzoneConfiguration configuration;
|
||||
private static Configuration configuration;
|
||||
|
||||
static void setConfiguration(OzoneConfiguration conf) {
|
||||
OzoneConfigurationProvider.configuration = conf;
|
||||
static void setConfiguration(Configuration conf) {
|
||||
ConfigurationProvider.configuration = conf;
|
||||
}
|
||||
|
||||
@Override
|
||||
public OzoneConfiguration get() {
|
||||
public Configuration get() {
|
||||
return configuration;
|
||||
}
|
||||
}
|
|
@ -29,6 +29,7 @@ import static org.apache.hadoop.ozone.recon.ReconServerConfigKeys.OZONE_RECON_SQ
|
|||
import static org.apache.hadoop.ozone.recon.ReconServerConfigKeys.OZONE_RECON_SQL_MAX_IDLE_CONNECTION_AGE;
|
||||
import static org.apache.hadoop.ozone.recon.ReconServerConfigKeys.OZONE_RECON_SQL_MAX_IDLE_CONNECTION_TEST_STMT;
|
||||
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
|
||||
import org.apache.hadoop.ozone.recon.persistence.DataSourceConfiguration;
|
||||
import org.apache.hadoop.ozone.recon.persistence.JooqPersistenceModule;
|
||||
|
@ -53,7 +54,7 @@ import com.google.inject.Singleton;
|
|||
public class ReconControllerModule extends AbstractModule {
|
||||
@Override
|
||||
protected void configure() {
|
||||
bind(OzoneConfiguration.class).toProvider(OzoneConfigurationProvider.class);
|
||||
bind(Configuration.class).toProvider(ConfigurationProvider.class);
|
||||
bind(ReconHttpServer.class).in(Singleton.class);
|
||||
bind(DBStore.class)
|
||||
.toProvider(ReconContainerDBProvider.class).in(Singleton.class);
|
||||
|
|
|
@ -64,7 +64,7 @@ public class ReconServer extends GenericCli {
|
|||
@Override
|
||||
public Void call() throws Exception {
|
||||
OzoneConfiguration ozoneConfiguration = createOzoneConfiguration();
|
||||
OzoneConfigurationProvider.setConfiguration(ozoneConfiguration);
|
||||
ConfigurationProvider.setConfiguration(ozoneConfiguration);
|
||||
|
||||
injector = Guice.createInjector(new
|
||||
ReconControllerModule(), new ReconRestServletModule() {
|
||||
|
|
|
@ -18,7 +18,6 @@
|
|||
|
||||
package org.apache.hadoop.ozone.recon.spi.impl;
|
||||
|
||||
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_SECURITY_ENABLED_KEY;
|
||||
import static org.apache.hadoop.ozone.OzoneConsts.OZONE_DB_CHECKPOINT_REQUEST_FLUSH;
|
||||
import static org.apache.hadoop.ozone.OzoneConsts.OZONE_OM_DB_CHECKPOINT_HTTP_ENDPOINT;
|
||||
import static org.apache.hadoop.ozone.recon.ReconConstants.RECON_OM_SNAPSHOT_DB;
|
||||
|
@ -45,7 +44,9 @@ import javax.inject.Inject;
|
|||
import javax.inject.Singleton;
|
||||
|
||||
import org.apache.commons.io.FileUtils;
|
||||
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.hdfs.DFSUtil;
|
||||
import org.apache.hadoop.http.HttpConfig;
|
||||
import org.apache.hadoop.ozone.om.OMConfigKeys;
|
||||
import org.apache.hadoop.ozone.om.OMMetadataManager;
|
||||
import org.apache.hadoop.ozone.recon.recovery.ReconOMMetadataManager;
|
||||
|
@ -74,14 +75,11 @@ public class OzoneManagerServiceProviderImpl
|
|||
private File omSnapshotDBParentDir = null;
|
||||
private String omDBSnapshotUrl;
|
||||
|
||||
@Inject
|
||||
private OzoneConfiguration configuration;
|
||||
|
||||
@Inject
|
||||
private ReconOMMetadataManager omMetadataManager;
|
||||
|
||||
@Inject
|
||||
public OzoneManagerServiceProviderImpl(OzoneConfiguration configuration) {
|
||||
public OzoneManagerServiceProviderImpl(Configuration configuration) {
|
||||
|
||||
String ozoneManagerHttpAddress = configuration.get(OMConfigKeys
|
||||
.OZONE_OM_HTTP_ADDRESS_KEY);
|
||||
|
@ -92,8 +90,7 @@ public class OzoneManagerServiceProviderImpl
|
|||
omSnapshotDBParentDir = getReconDbDir(configuration,
|
||||
OZONE_RECON_OM_SNAPSHOT_DB_DIR);
|
||||
|
||||
boolean ozoneSecurityEnabled = configuration.getBoolean(
|
||||
OZONE_SECURITY_ENABLED_KEY, false);
|
||||
HttpConfig.Policy policy = DFSUtil.getHttpPolicy(configuration);
|
||||
|
||||
int socketTimeout = (int) configuration.getTimeDuration(
|
||||
RECON_OM_SOCKET_TIMEOUT, RECON_OM_SOCKET_TIMEOUT_DEFAULT,
|
||||
|
@ -118,7 +115,7 @@ public class OzoneManagerServiceProviderImpl
|
|||
omDBSnapshotUrl = "http://" + ozoneManagerHttpAddress +
|
||||
OZONE_OM_DB_CHECKPOINT_HTTP_ENDPOINT;
|
||||
|
||||
if (ozoneSecurityEnabled) {
|
||||
if (policy.isHttpsEnabled()) {
|
||||
omDBSnapshotUrl = "https://" + ozoneManagerHttpsAddress +
|
||||
OZONE_OM_DB_CHECKPOINT_HTTP_ENDPOINT;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue