HDFS-12697. Ozone services must stay disabled in secure setup for alpha. Contributed by Bharat Viswanadham.

This commit is contained in:
Xiaoyu Yao 2017-10-31 14:32:36 -07:00 committed by Owen O'Malley
parent b687902590
commit 0760418bec
5 changed files with 52 additions and 3 deletions

View File

@ -44,6 +44,14 @@ else
exit 1
fi
SECURITY_ENABLED=$("${HADOOP_HDFS_HOME}/bin/hdfs" getconf -confKey hadoop.security.authentication | tr '[:upper:]' '[:lower:]' 2>&-)
SECURITY_AUTHORIZATION_ENABLED=$("${HADOOP_HDFS_HOME}/bin/hdfs" getconf -confKey hadoop.security.authorization | tr '[:upper:]' '[:lower:]' 2>&-)
if [[ ${SECURITY_ENABLED} == "kerberos" || ${SECURITY_AUTHORIZATION_ENABLED} == "true" ]]; then
echo "Ozone is not supported in a security enabled cluster."
exit 1
fi
#---------------------------------------------------------
# Check if ozone is enabled
OZONE_ENABLED=$("${HADOOP_HDFS_HOME}/bin/hdfs" getconf -confKey ozone.enabled | tr '[:upper:]' '[:lower:]' 2>&-)

View File

@ -44,6 +44,14 @@ else
exit 1
fi
SECURITY_ENABLED=$("${HADOOP_HDFS_HOME}/bin/hdfs" getconf -confKey hadoop.security.authentication | tr '[:upper:]' '[:lower:]' 2>&-)
SECURITY_AUTHORIZATION_ENABLED=$("${HADOOP_HDFS_HOME}/bin/hdfs" getconf -confKey hadoop.security.authorization | tr '[:upper:]' '[:lower:]' 2>&-)
if [[ ${SECURITY_ENABLED} == "kerberos" || ${SECURITY_AUTHORIZATION_ENABLED} == "true" ]]; then
echo "Ozone is not supported in a security enabled cluster."
exit 1
fi
#---------------------------------------------------------
# Check if ozone is enabled
OZONE_ENABLED=$("${HADOOP_HDFS_HOME}/bin/hdfs" getconf -confKey ozone.enabled | tr '[:upper:]' '[:lower:]' 2>&-)

View File

@ -36,6 +36,8 @@
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_SERVER_HTTPS_KEYPASSWORD_KEY;
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_SERVER_HTTPS_KEYSTORE_PASSWORD_KEY;
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_SERVER_HTTPS_TRUSTSTORE_PASSWORD_KEY;
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ENABLED;
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ENABLED_DEFAULT;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
@ -71,6 +73,7 @@
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.key.KeyProvider;
import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hdfs.protocol.DatanodeInfo;
@ -1494,6 +1497,23 @@ static String getPassword(Configuration conf, String alias) {
return password;
}
public static boolean isOzoneEnabled(Configuration conf) {
String securityEnabled = conf.get(CommonConfigurationKeysPublic
.HADOOP_SECURITY_AUTHENTICATION,
"simple");
boolean securityAuthorizationEnabled = conf.getBoolean(
CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION,
false);
if (securityEnabled.equals("kerberos") || securityAuthorizationEnabled) {
LOG.error("Ozone is not supported in a security enabled cluster. ");
return false;
} else {
return conf.getBoolean(OZONE_ENABLED,
OZONE_ENABLED_DEFAULT);
}
}
/**
* Converts a Date into an ISO-8601 formatted datetime string.
*/

View File

@ -57,6 +57,7 @@
import java.util.List;
import java.util.Map;
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ENABLED;
import static org.apache.hadoop.ozone.ksm.KSMConfigKeys
.OZONE_KSM_ADDRESS_KEY;
import static org.apache.hadoop.ozone.ksm.KSMConfigKeys
@ -186,7 +187,13 @@ public KSMMetrics getMetrics() {
public static void main(String[] argv) throws IOException {
StringUtils.startupShutdownMessage(KeySpaceManager.class, argv, LOG);
try {
KeySpaceManager ksm = new KeySpaceManager(new OzoneConfiguration());
OzoneConfiguration conf = new OzoneConfiguration();
if (!DFSUtil.isOzoneEnabled(conf)) {
System.out.println("KSM cannot be started in secure mode or when " +
OZONE_ENABLED + " is set to false");
System.exit(1);
}
KeySpaceManager ksm = new KeySpaceManager(conf);
ksm.start();
ksm.join();
} catch (Throwable t) {

View File

@ -104,6 +104,7 @@
import java.util.Collections;
import java.util.stream.Collectors;
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ENABLED;
import static org.apache.hadoop.ozone.protocol.proto
.ScmBlockLocationProtocolProtos.DeleteScmBlockResult.Result;
import static org.apache.hadoop.scm.ScmConfigKeys
@ -321,8 +322,13 @@ public static void main(String[] argv) throws IOException {
StringUtils.startupShutdownMessage(StorageContainerManager.class,
argv, LOG);
try {
StorageContainerManager scm = new StorageContainerManager(
new OzoneConfiguration());
OzoneConfiguration conf = new OzoneConfiguration();
if (!DFSUtil.isOzoneEnabled(conf)) {
System.out.println("SCM cannot be started in secure mode or when " +
OZONE_ENABLED + " is set to false");
System.exit(1);
}
StorageContainerManager scm = new StorageContainerManager(conf);
scm.start();
scm.join();
} catch (Throwable t) {