HADOOP-16438. ADLS Gen1 OpenSSL config control.
Contributed by Sneha Vijayarajan. Change-Id: Ib79ea6b4a90ad068033e175f3f59c5185868872d
This commit is contained in:
parent
60af8793b4
commit
147f98629c
@ -3373,6 +3373,20 @@
|
|||||||
</description>
|
</description>
|
||||||
</property>
|
</property>
|
||||||
|
|
||||||
|
<property>
|
||||||
|
<name>adl.ssl.channel.mode</name>
|
||||||
|
<value></value>
|
||||||
|
<description>
|
||||||
|
Valid inputs are OpenSSL, Default_JSE and Default (case insensitive).
|
||||||
|
If config is missing or is invalid, SSL Channel mode will be set to Default.
|
||||||
|
|
||||||
|
When OpenSSL, SSL socket connections are created in OpenSSL mode.
|
||||||
|
When Default_JSE, SSL socket connections are created in the default JSE mode.
|
||||||
|
When Default, SSL socket connections are attempted with OpenSSL
|
||||||
|
and will fallback to Default_JSE mode if OpenSSL is not available at runtime.
|
||||||
|
</description>
|
||||||
|
</property>
|
||||||
|
|
||||||
<!-- Azure Data Lake File System Configurations Ends Here-->
|
<!-- Azure Data Lake File System Configurations Ends Here-->
|
||||||
|
|
||||||
<property>
|
<property>
|
||||||
|
@ -33,7 +33,7 @@
|
|||||||
<minimalJsonVersion>0.9.1</minimalJsonVersion>
|
<minimalJsonVersion>0.9.1</minimalJsonVersion>
|
||||||
<file.encoding>UTF-8</file.encoding>
|
<file.encoding>UTF-8</file.encoding>
|
||||||
<downloadSources>true</downloadSources>
|
<downloadSources>true</downloadSources>
|
||||||
<azure.data.lake.store.sdk.version>2.3.3</azure.data.lake.store.sdk.version>
|
<azure.data.lake.store.sdk.version>2.3.6</azure.data.lake.store.sdk.version>
|
||||||
</properties>
|
</properties>
|
||||||
<build>
|
<build>
|
||||||
<plugins>
|
<plugins>
|
||||||
|
@ -106,6 +106,7 @@ public final class AdlConfKeys {
|
|||||||
"adl.feature.ownerandgroup.enableupn";
|
"adl.feature.ownerandgroup.enableupn";
|
||||||
static final boolean ADL_ENABLEUPN_FOR_OWNERGROUP_DEFAULT = false;
|
static final boolean ADL_ENABLEUPN_FOR_OWNERGROUP_DEFAULT = false;
|
||||||
public static final String ADL_HTTP_TIMEOUT = "adl.http.timeout";
|
public static final String ADL_HTTP_TIMEOUT = "adl.http.timeout";
|
||||||
|
public static final String ADL_SSL_CHANNEL_MODE = "adl.ssl.channel.mode";
|
||||||
|
|
||||||
public static void addDeprecatedKeys() {
|
public static void addDeprecatedKeys() {
|
||||||
Configuration.addDeprecations(new DeprecationDelta[]{
|
Configuration.addDeprecations(new DeprecationDelta[]{
|
||||||
|
@ -203,6 +203,10 @@ public void initialize(URI storeUri, Configuration originalConf)
|
|||||||
LOG.info("No valid ADL SDK timeout configured: using SDK default.");
|
LOG.info("No valid ADL SDK timeout configured: using SDK default.");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
String sslChannelMode = conf.get(ADL_SSL_CHANNEL_MODE,
|
||||||
|
"Default");
|
||||||
|
options.setSSLChannelMode(sslChannelMode);
|
||||||
|
|
||||||
adlClient.setOptions(options);
|
adlClient.setOptions(options);
|
||||||
|
|
||||||
boolean trackLatency = conf
|
boolean trackLatency = conf
|
||||||
|
@ -153,3 +153,13 @@ addressed by lowering the timeout used by the SDK. A lower timeout at the
|
|||||||
storage layer may allow more retries to be attempted and actually increase
|
storage layer may allow more retries to be attempted and actually increase
|
||||||
the likelihood of success before hitting the framework's timeout, as attempts
|
the likelihood of success before hitting the framework's timeout, as attempts
|
||||||
that may ultimately fail will fail faster.
|
that may ultimately fail will fail faster.
|
||||||
|
|
||||||
|
## SSL Socket Channel Mode
|
||||||
|
|
||||||
|
ADL SDK will by default attempt to create secure socket connections over
|
||||||
|
OpenSSL as they provide significant performance improvements over Https. If
|
||||||
|
there are runtime issues, SDK will default connections over Default_JSE. This
|
||||||
|
can be overridden with the hadoop property `adl.ssl.channel.mode`. Possible
|
||||||
|
values for this config are OpenSSL, Default_JSE and Default (default).
|
||||||
|
Setting the config to OpenSSL or Default_JSE will try the connection to
|
||||||
|
only that mode.
|
||||||
|
@ -19,6 +19,8 @@
|
|||||||
|
|
||||||
package org.apache.hadoop.fs.adl.live;
|
package org.apache.hadoop.fs.adl.live;
|
||||||
|
|
||||||
|
import com.microsoft.azure.datalake.store.SSLSocketFactoryEx.SSLChannelMode;
|
||||||
|
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
import org.apache.hadoop.fs.adl.AdlFileSystem;
|
import org.apache.hadoop.fs.adl.AdlFileSystem;
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
@ -29,6 +31,7 @@
|
|||||||
import java.net.URISyntaxException;
|
import java.net.URISyntaxException;
|
||||||
|
|
||||||
import static org.apache.hadoop.fs.adl.AdlConfKeys.ADL_HTTP_TIMEOUT;
|
import static org.apache.hadoop.fs.adl.AdlConfKeys.ADL_HTTP_TIMEOUT;
|
||||||
|
import static org.apache.hadoop.fs.adl.AdlConfKeys.ADL_SSL_CHANNEL_MODE;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Tests interactions with SDK and ensures configuration is having the desired
|
* Tests interactions with SDK and ensures configuration is having the desired
|
||||||
@ -53,7 +56,6 @@ public void testDefaultTimeout() throws IOException {
|
|||||||
|
|
||||||
// Skip this test if we can't get a real FS
|
// Skip this test if we can't get a real FS
|
||||||
Assume.assumeNotNull(fs);
|
Assume.assumeNotNull(fs);
|
||||||
|
|
||||||
effectiveTimeout = fs.getAdlClient().getDefaultTimeout();
|
effectiveTimeout = fs.getAdlClient().getDefaultTimeout();
|
||||||
Assert.assertFalse("A negative timeout is not supposed to take effect",
|
Assert.assertFalse("A negative timeout is not supposed to take effect",
|
||||||
effectiveTimeout < 0);
|
effectiveTimeout < 0);
|
||||||
@ -74,4 +76,32 @@ public void testDefaultTimeout() throws IOException {
|
|||||||
|
|
||||||
// The default value may vary by SDK, so that value is not tested here.
|
// The default value may vary by SDK, so that value is not tested here.
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testSSLChannelModeConfig()
|
||||||
|
throws IOException, URISyntaxException {
|
||||||
|
testSSLChannelMode(SSLChannelMode.OpenSSL, "OpenSSL");
|
||||||
|
testSSLChannelMode(SSLChannelMode.Default_JSE, "Default_JSE");
|
||||||
|
testSSLChannelMode(SSLChannelMode.Default, "Default");
|
||||||
|
// If config set is invalid, SSL channel mode will be Default.
|
||||||
|
testSSLChannelMode(SSLChannelMode.Default, "Invalid");
|
||||||
|
// Config value is case insensitive.
|
||||||
|
testSSLChannelMode(SSLChannelMode.OpenSSL, "openssl");
|
||||||
|
}
|
||||||
|
|
||||||
|
public void testSSLChannelMode(SSLChannelMode expectedMode,
|
||||||
|
String sslChannelModeConfigValue) throws IOException, URISyntaxException {
|
||||||
|
|
||||||
|
AdlFileSystem fs = null;
|
||||||
|
Configuration conf = null;
|
||||||
|
|
||||||
|
conf = AdlStorageConfiguration.getConfiguration();
|
||||||
|
conf.set(ADL_SSL_CHANNEL_MODE, sslChannelModeConfigValue);
|
||||||
|
fs = (AdlFileSystem) (AdlStorageConfiguration.createStorageConnector(conf));
|
||||||
|
|
||||||
|
SSLChannelMode sslChannelMode = fs.getAdlClient().getSSLChannelMode();
|
||||||
|
Assert.assertEquals(
|
||||||
|
"Unexpected SSL Channel Mode for adl.ssl.channel.mode config value : "
|
||||||
|
+ sslChannelModeConfigValue, expectedMode, sslChannelMode);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user