HDDS-1788. Fix kerberos principal error in Ozone Recon. (#1201)

This commit is contained in:
Vivek Ratnavel Subramanian 2019-08-03 10:49:07 -07:00 committed by Bharat Viswanadham
parent 8f40856f76
commit ec1d453846
9 changed files with 39 additions and 24 deletions

View File

@ -612,7 +612,7 @@
<description>
The actual address the OM web server will bind to using HTTPS.
If this optional address is set, it overrides only the hostname portion of
ozone.om.http-address.
ozone.om.https-address.
</description>
</property>
<property>
@ -1040,7 +1040,7 @@
<description>
The actual address the SCM web server will bind to using HTTPS.
If this optional address is set, it overrides only the hostname portion of
ozone.scm.http-address.
ozone.scm.https-address.
</description>
</property>
<property>
@ -1525,7 +1525,7 @@
<value>5m</value>
<tag>OZONE, OM</tag>
<description>Time interval used to store the omMetrics in to a
file. Background thread perodically stores the OM metrics in to a
file. Background thread periodically stores the OM metrics in to a
file. Unit could be defined with postfix (ns,ms,s,m,h,d)
</description>
</property>

View File

@ -11,7 +11,7 @@
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License lsfor the specific language governing permissions and
# See the License for the specific language governing permissions and
# limitations under the License.

View File

@ -65,6 +65,19 @@ services:
env_file:
- ./docker-config
command: ["/opt/hadoop/bin/ozone","s3g"]
recon:
image: apache/ozone-runner:${HADOOP_RUNNER_VERSION}
hostname: recon
volumes:
- ../..:/opt/hadoop
ports:
- 9888:9888
env_file:
- ./docker-config
environment:
WAITFOR: om:9874
ENSURE_OM_INITIALIZED: /data/metadata/om/current/VERSION
command: ["/opt/hadoop/bin/ozone","recon"]
scm:
image: apache/ozone-runner:${HADOOP_RUNNER_VERSION}
hostname: scm

View File

@ -33,6 +33,10 @@ OZONE-SITE.XML_ozone.om.kerberos.principal=om/om@EXAMPLE.COM
OZONE-SITE.XML_ozone.om.kerberos.keytab.file=/etc/security/keytabs/om.keytab
OZONE-SITE.XML_ozone.s3g.keytab.file=/etc/security/keytabs/HTTP.keytab
OZONE-SITE.XML_ozone.s3g.authentication.kerberos.principal=HTTP/s3g@EXAMPLE.COM
OZONE-SITE.XML_ozone.recon.authentication.kerberos.principal=HTTP/recon@EXAMPLE.COM
OZONE-SITE.XML_ozone.recon.keytab.file=/etc/security/keytabs/HTTP.keytab
OZONE-SITE.XML_ozone.recon.db.dir=/data/metadata/recon
OZONE-SITE.XML_recon.om.snapshot.task.initial.delay=20s
OZONE-SITE.XML_ozone.security.enabled=true
OZONE-SITE.XML_ozone.acl.enabled=true

View File

@ -11,7 +11,7 @@
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License lsfor the specific language governing permissions and
# See the License for the specific language governing permissions and
# limitations under the License.

View File

@ -17,9 +17,9 @@
*/
package org.apache.hadoop.ozone.recon;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import com.google.inject.Provider;
import org.apache.hadoop.conf.Configuration;
/**
* Ozone Configuration Provider.
@ -27,17 +27,17 @@ import com.google.inject.Provider;
* As the OzoneConfiguration is created by the CLI application here we inject
* it via a singleton instance to the Jax-RS/CDI instances.
*/
public class OzoneConfigurationProvider implements
Provider<OzoneConfiguration> {
public class ConfigurationProvider implements
Provider<Configuration> {
private static OzoneConfiguration configuration;
private static Configuration configuration;
static void setConfiguration(OzoneConfiguration conf) {
OzoneConfigurationProvider.configuration = conf;
static void setConfiguration(Configuration conf) {
ConfigurationProvider.configuration = conf;
}
@Override
public OzoneConfiguration get() {
public Configuration get() {
return configuration;
}
}

View File

@ -29,6 +29,7 @@ import static org.apache.hadoop.ozone.recon.ReconServerConfigKeys.OZONE_RECON_SQ
import static org.apache.hadoop.ozone.recon.ReconServerConfigKeys.OZONE_RECON_SQL_MAX_IDLE_CONNECTION_AGE;
import static org.apache.hadoop.ozone.recon.ReconServerConfigKeys.OZONE_RECON_SQL_MAX_IDLE_CONNECTION_TEST_STMT;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.ozone.recon.persistence.DataSourceConfiguration;
import org.apache.hadoop.ozone.recon.persistence.JooqPersistenceModule;
@ -53,7 +54,7 @@ import com.google.inject.Singleton;
public class ReconControllerModule extends AbstractModule {
@Override
protected void configure() {
bind(OzoneConfiguration.class).toProvider(OzoneConfigurationProvider.class);
bind(Configuration.class).toProvider(ConfigurationProvider.class);
bind(ReconHttpServer.class).in(Singleton.class);
bind(DBStore.class)
.toProvider(ReconContainerDBProvider.class).in(Singleton.class);

View File

@ -64,7 +64,7 @@ public class ReconServer extends GenericCli {
@Override
public Void call() throws Exception {
OzoneConfiguration ozoneConfiguration = createOzoneConfiguration();
OzoneConfigurationProvider.setConfiguration(ozoneConfiguration);
ConfigurationProvider.setConfiguration(ozoneConfiguration);
injector = Guice.createInjector(new
ReconControllerModule(), new ReconRestServletModule() {

View File

@ -18,7 +18,6 @@
package org.apache.hadoop.ozone.recon.spi.impl;
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_SECURITY_ENABLED_KEY;
import static org.apache.hadoop.ozone.OzoneConsts.OZONE_DB_CHECKPOINT_REQUEST_FLUSH;
import static org.apache.hadoop.ozone.OzoneConsts.OZONE_OM_DB_CHECKPOINT_HTTP_ENDPOINT;
import static org.apache.hadoop.ozone.recon.ReconConstants.RECON_OM_SNAPSHOT_DB;
@ -45,7 +44,9 @@ import javax.inject.Inject;
import javax.inject.Singleton;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdfs.DFSUtil;
import org.apache.hadoop.http.HttpConfig;
import org.apache.hadoop.ozone.om.OMConfigKeys;
import org.apache.hadoop.ozone.om.OMMetadataManager;
import org.apache.hadoop.ozone.recon.recovery.ReconOMMetadataManager;
@ -74,14 +75,11 @@ public class OzoneManagerServiceProviderImpl
private File omSnapshotDBParentDir = null;
private String omDBSnapshotUrl;
@Inject
private OzoneConfiguration configuration;
@Inject
private ReconOMMetadataManager omMetadataManager;
@Inject
public OzoneManagerServiceProviderImpl(OzoneConfiguration configuration) {
public OzoneManagerServiceProviderImpl(Configuration configuration) {
String ozoneManagerHttpAddress = configuration.get(OMConfigKeys
.OZONE_OM_HTTP_ADDRESS_KEY);
@ -92,8 +90,7 @@ public class OzoneManagerServiceProviderImpl
omSnapshotDBParentDir = getReconDbDir(configuration,
OZONE_RECON_OM_SNAPSHOT_DB_DIR);
boolean ozoneSecurityEnabled = configuration.getBoolean(
OZONE_SECURITY_ENABLED_KEY, false);
HttpConfig.Policy policy = DFSUtil.getHttpPolicy(configuration);
int socketTimeout = (int) configuration.getTimeDuration(
RECON_OM_SOCKET_TIMEOUT, RECON_OM_SOCKET_TIMEOUT_DEFAULT,
@ -118,7 +115,7 @@ public class OzoneManagerServiceProviderImpl
omDBSnapshotUrl = "http://" + ozoneManagerHttpAddress +
OZONE_OM_DB_CHECKPOINT_HTTP_ENDPOINT;
if (ozoneSecurityEnabled) {
if (policy.isHttpsEnabled()) {
omDBSnapshotUrl = "https://" + ozoneManagerHttpsAddress +
OZONE_OM_DB_CHECKPOINT_HTTP_ENDPOINT;
}