HDDS-10. Add kdc docker image for secure ozone cluster. Contributed by Ajay Kumar.
This commit is contained in:
parent
d4511889fd
commit
0aab74026e
22
hadoop-ozone/dist/src/main/compose/ozonesecure/README.md
vendored
Normal file
22
hadoop-ozone/dist/src/main/compose/ozonesecure/README.md
vendored
Normal file
@ -0,0 +1,22 @@
|
||||
<!---
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License. See accompanying LICENSE file.
|
||||
-->
|
||||
# Experimental UNSECURE krb5 Kerberos container.
|
||||
|
||||
Only for development. Not for production.
|
||||
|
||||
#### Dockerfile for KDC:
|
||||
* ./docker-image/docker-krb5/Dockerfile-krb5
|
||||
|
||||
#### Dockerfile for SCM,OM and DataNode:
|
||||
* ./docker-image/runner/Dockerfile
|
@ -16,42 +16,58 @@
|
||||
|
||||
version: "3"
|
||||
services:
|
||||
kdc:
|
||||
image: ahadoop/kdc:v1
|
||||
hostname: kdc
|
||||
volumes:
|
||||
- $SRC_VOLUME:/opt/hadoop
|
||||
datanode:
|
||||
image: ahadoop/runner:latest
|
||||
volumes:
|
||||
- $SRC_VOLUME:/opt/hadoop
|
||||
hostname: datanode
|
||||
ports:
|
||||
- 9864
|
||||
command: ["/opt/hadoop/bin/ozone","datanode"]
|
||||
env_file:
|
||||
- ./docker-config
|
||||
ozoneManager:
|
||||
image: ahadoop/runner:latest
|
||||
hostname: om
|
||||
volumes:
|
||||
- $SRC_VOLUME:/opt/hadoop
|
||||
ports:
|
||||
- 9874:9874
|
||||
environment:
|
||||
ENSURE_OM_INITIALIZED: /data/metadata/ozoneManager/current/VERSION
|
||||
env_file:
|
||||
- ./docker-config
|
||||
command: ["/opt/hadoop/bin/ozone","om"]
|
||||
scm:
|
||||
image: ahadoop/runner:latest
|
||||
hostname: scm
|
||||
volumes:
|
||||
- $SRC_VOLUME:/opt/hadoop
|
||||
ports:
|
||||
- 9876:9876
|
||||
env_file:
|
||||
- ./docker-config
|
||||
environment:
|
||||
ENSURE_SCM_INITIALIZED: /data/metadata/scm/current/VERSION
|
||||
command: ["/opt/hadoop/bin/ozone","scm"]
|
||||
kdc:
|
||||
build:
|
||||
context: docker-image/docker-krb5
|
||||
dockerfile: Dockerfile-krb5
|
||||
args:
|
||||
buildno: 1
|
||||
hostname: kdc
|
||||
volumes:
|
||||
- $SRC_VOLUME:/opt/hadoop
|
||||
datanode:
|
||||
build:
|
||||
context: docker-image/runner
|
||||
dockerfile: Dockerfile
|
||||
args:
|
||||
buildno: 1
|
||||
volumes:
|
||||
- $SRC_VOLUME:/opt/hadoop
|
||||
hostname: datanode
|
||||
ports:
|
||||
- 9864
|
||||
command: ["/opt/hadoop/bin/ozone","datanode"]
|
||||
env_file:
|
||||
- docker-config
|
||||
om:
|
||||
build:
|
||||
context: docker-image/runner
|
||||
dockerfile: Dockerfile
|
||||
args:
|
||||
buildno: 1
|
||||
hostname: om
|
||||
volumes:
|
||||
- $SRC_VOLUME:/opt/hadoop
|
||||
ports:
|
||||
- 9874:9874
|
||||
environment:
|
||||
ENSURE_OM_INITIALIZED: /data/metadata/om/current/VERSION
|
||||
env_file:
|
||||
- docker-config
|
||||
command: ["/opt/hadoop/bin/ozone","om"]
|
||||
scm:
|
||||
build:
|
||||
context: docker-image/runner
|
||||
dockerfile: Dockerfile
|
||||
args:
|
||||
buildno: 1
|
||||
hostname: scm
|
||||
volumes:
|
||||
- $SRC_VOLUME:/opt/hadoop
|
||||
ports:
|
||||
- 9876:9876
|
||||
env_file:
|
||||
- docker-config
|
||||
environment:
|
||||
ENSURE_SCM_INITIALIZED: /data/metadata/scm/current/VERSION
|
||||
command: ["/opt/hadoop/bin/ozone","scm"]
|
||||
|
33
hadoop-ozone/dist/src/main/compose/ozonesecure/docker-image/docker-krb5/Dockerfile-krb5
vendored
Normal file
33
hadoop-ozone/dist/src/main/compose/ozonesecure/docker-image/docker-krb5/Dockerfile-krb5
vendored
Normal file
@ -0,0 +1,33 @@
|
||||
# Licensed to the Apache Software Foundation (ASF) under one
|
||||
# or more contributor license agreements. See the NOTICE file
|
||||
# distributed with this work for additional information
|
||||
# regarding copyright ownership. The ASF licenses this file
|
||||
# to you under the Apache License, Version 2.0 (the
|
||||
# "License"); you may not use this file except in compliance
|
||||
# with the License. You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License lsfor the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
|
||||
FROM frolvlad/alpine-oraclejdk8:slim
|
||||
RUN apk add --update bash ca-certificates openssl krb5-server krb5 && rm -rf /var/cache/apk/* && update-ca-certificates
|
||||
RUN wget -O /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.0/dumb-init_1.2.0_amd64
|
||||
RUN chmod +x /usr/local/bin/dumb-init
|
||||
RUN wget -O /root/issuer https://github.com/ajayydv/docker/raw/kdc/issuer
|
||||
RUN chmod +x /root/issuer
|
||||
WORKDIR /opt
|
||||
ADD krb5.conf /etc/
|
||||
ADD kadm5.acl /var/lib/krb5kdc/kadm5.acl
|
||||
RUN kdb5_util create -s -P Welcome1
|
||||
RUN kadmin.local -q "addprinc -randkey admin/admin@EXAMPLE.COM"
|
||||
RUN kadmin.local -q "ktadd -k /tmp/admin.keytab admin/admin@EXAMPLE.COM"
|
||||
ADD launcher.sh .
|
||||
RUN mkdir -p /data
|
||||
ENTRYPOINT ["/usr/local/bin/dumb-init", "--", "/opt/launcher.sh"]
|
||||
|
34
hadoop-ozone/dist/src/main/compose/ozonesecure/docker-image/docker-krb5/README.md
vendored
Normal file
34
hadoop-ozone/dist/src/main/compose/ozonesecure/docker-image/docker-krb5/README.md
vendored
Normal file
@ -0,0 +1,34 @@
|
||||
<!---
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License. See accompanying LICENSE file.
|
||||
-->
|
||||
|
||||
# Experimental UNSECURE krb5 Kerberos container.
|
||||
|
||||
Only for development. Not for production.
|
||||
|
||||
The docker image contains a rest service which provides keystore and keytab files without any authentication!
|
||||
|
||||
Master password: Welcome1
|
||||
|
||||
Principal: admin/admin@EXAMPLE.COM Password: Welcome1
|
||||
|
||||
Test:
|
||||
|
||||
```
|
||||
docker run --net=host krb5
|
||||
|
||||
docker run --net=host -it --entrypoint=bash krb5
|
||||
kinit admin/admin
|
||||
#pwd: Welcome1
|
||||
klist
|
||||
```
|
1
hadoop-ozone/dist/src/main/compose/ozonesecure/docker-image/docker-krb5/kadm5.acl
vendored
Normal file
1
hadoop-ozone/dist/src/main/compose/ozonesecure/docker-image/docker-krb5/kadm5.acl
vendored
Normal file
@ -0,0 +1 @@
|
||||
*/admin@EXAMPLE.COM x
|
40
hadoop-ozone/dist/src/main/compose/ozonesecure/docker-image/docker-krb5/krb5.conf
vendored
Normal file
40
hadoop-ozone/dist/src/main/compose/ozonesecure/docker-image/docker-krb5/krb5.conf
vendored
Normal file
@ -0,0 +1,40 @@
|
||||
# Licensed to the Apache Software Foundation (ASF) under one
|
||||
# or more contributor license agreements. See the NOTICE file
|
||||
# distributed with this work for additional information
|
||||
# regarding copyright ownership. The ASF licenses this file
|
||||
# to you under the Apache License, Version 2.0 (the
|
||||
# "License"); you may not use this file except in compliance
|
||||
# with the License. You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
[logging]
|
||||
default = FILE:/var/log/krb5libs.log
|
||||
kdc = FILE:/var/log/krb5kdc.log
|
||||
admin_server = FILE:/var/log/kadmind.log
|
||||
|
||||
[libdefaults]
|
||||
dns_canonicalize_hostname = false
|
||||
dns_lookup_realm = false
|
||||
ticket_lifetime = 24h
|
||||
renew_lifetime = 7d
|
||||
forwardable = true
|
||||
rdns = false
|
||||
default_realm = EXAMPLE.COM
|
||||
|
||||
[realms]
|
||||
EXAMPLE.COM = {
|
||||
kdc = localhost
|
||||
admin_server = localhost
|
||||
}
|
||||
|
||||
[domain_realm]
|
||||
.example.com = EXAMPLE.COM
|
||||
example.com = EXAMPLE.COM
|
||||
|
25
hadoop-ozone/dist/src/main/compose/ozonesecure/docker-image/docker-krb5/launcher.sh
vendored
Normal file
25
hadoop-ozone/dist/src/main/compose/ozonesecure/docker-image/docker-krb5/launcher.sh
vendored
Normal file
@ -0,0 +1,25 @@
|
||||
#!/bin/bash
|
||||
# Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
# contributor license agreements. See the NOTICE file distributed with
|
||||
# this work for additional information regarding copyright ownership.
|
||||
# The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
# (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
set -e
|
||||
/root/issuer &
|
||||
krb5kdc -n &
|
||||
sleep 4
|
||||
kadmind -nofork &
|
||||
sleep 2
|
||||
tail -f /var/log/krb5kdc.log &
|
||||
tail -f /var/log/kadmind.log
|
||||
|
Loading…
Reference in New Issue
Block a user