HDFS-6181. Fix the wrong property names in NFS user guide. Contributed by Brandon Li
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1585563 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Brandon Li
parent
fe328621d4
commit
a5b37c6ed1
@ -17,7 +17,7 @@
|
||||
*/
|
||||
package org.apache.hadoop.hdfs.nfs.mount;
|
||||
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NFS_KEYTAB_FILE_KEY;
|
||||
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NFS_USER_NAME_KEY;
|
||||
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NFS_KERBEROS_PRINCIPAL_KEY;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.InetAddress;
|
||||
@ -89,7 +89,7 @@ public RpcProgramMountd(Configuration config) throws IOException {
|
||||
this.mounts = Collections.synchronizedList(new ArrayList<MountEntry>());
|
||||
UserGroupInformation.setConfiguration(config);
|
||||
SecurityUtil.login(config, DFS_NFS_KEYTAB_FILE_KEY,
|
||||
DFS_NFS_USER_NAME_KEY);
|
||||
DFS_NFS_KERBEROS_PRINCIPAL_KEY);
|
||||
this.dfsClient = new DFSClient(NameNode.getAddress(config), config);
|
||||
}
|
||||
|
||||
|
||||
@ -131,7 +131,7 @@
|
||||
import com.google.common.annotations.VisibleForTesting;
|
||||
|
||||
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NFS_KEYTAB_FILE_KEY;
|
||||
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NFS_USER_NAME_KEY;
|
||||
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NFS_KERBEROS_PRINCIPAL_KEY;
|
||||
|
||||
/**
|
||||
* RPC program corresponding to nfs daemon. See {@link Nfs3}.
|
||||
@ -191,7 +191,7 @@ public RpcProgramNfs3(Configuration config) throws IOException {
|
||||
Nfs3Constant.ENABLE_FILE_DUMP_DEFAULT);
|
||||
UserGroupInformation.setConfiguration(config);
|
||||
SecurityUtil.login(config, DFS_NFS_KEYTAB_FILE_KEY,
|
||||
DFS_NFS_USER_NAME_KEY);
|
||||
DFS_NFS_KERBEROS_PRINCIPAL_KEY);
|
||||
|
||||
if (!enableDump) {
|
||||
writeDumpDir = null;
|
||||
|
||||
@ -312,6 +312,8 @@ Release 2.5.0 - UNRELEASED
|
||||
HDFS-6159. TestBalancerWithNodeGroup.testBalancerWithNodeGroup fails if
|
||||
there is block missing after balancer success (Chen He via kihwal)
|
||||
|
||||
HDFS-6181. Fix the wrong property names in NFS user guide (brandonli)
|
||||
|
||||
Release 2.4.1 - UNRELEASED
|
||||
|
||||
INCOMPATIBLE CHANGES
|
||||
|
||||
@ -480,17 +480,17 @@ public class DFSConfigKeys extends CommonConfigurationKeys {
|
||||
public static final String DFS_WEB_UGI_KEY = "dfs.web.ugi";
|
||||
public static final String DFS_NAMENODE_STARTUP_KEY = "dfs.namenode.startup";
|
||||
public static final String DFS_DATANODE_KEYTAB_FILE_KEY = "dfs.datanode.keytab.file";
|
||||
public static final String DFS_DATANODE_USER_NAME_KEY = "dfs.datanode.kerberos.principal";
|
||||
public static final String DFS_DATANODE_KERBEROS_PRINCIPAL_KEY = "dfs.datanode.kerberos.principal";
|
||||
public static final String DFS_DATANODE_SHARED_FILE_DESCRIPTOR_PATHS = "dfs.datanode.shared.file.descriptor.paths";
|
||||
public static final String DFS_DATANODE_SHARED_FILE_DESCRIPTOR_PATHS_DEFAULT = "/dev/shm,/tmp";
|
||||
public static final String DFS_SHORT_CIRCUIT_SHARED_MEMORY_WATCHER_INTERRUPT_CHECK_MS = "dfs.short.circuit.shared.memory.watcher.interrupt.check.ms";
|
||||
public static final int DFS_SHORT_CIRCUIT_SHARED_MEMORY_WATCHER_INTERRUPT_CHECK_MS_DEFAULT = 60000;
|
||||
public static final String DFS_NAMENODE_KEYTAB_FILE_KEY = "dfs.namenode.keytab.file";
|
||||
public static final String DFS_NAMENODE_USER_NAME_KEY = "dfs.namenode.kerberos.principal";
|
||||
public static final String DFS_NAMENODE_INTERNAL_SPNEGO_USER_NAME_KEY = "dfs.namenode.kerberos.internal.spnego.principal";
|
||||
public static final String DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY = "dfs.namenode.kerberos.principal";
|
||||
public static final String DFS_NAMENODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY = "dfs.namenode.kerberos.internal.spnego.principal";
|
||||
public static final String DFS_SECONDARY_NAMENODE_KEYTAB_FILE_KEY = "dfs.secondary.namenode.keytab.file";
|
||||
public static final String DFS_SECONDARY_NAMENODE_USER_NAME_KEY = "dfs.secondary.namenode.kerberos.principal";
|
||||
public static final String DFS_SECONDARY_NAMENODE_INTERNAL_SPNEGO_USER_NAME_KEY = "dfs.secondary.namenode.kerberos.internal.spnego.principal";
|
||||
public static final String DFS_SECONDARY_NAMENODE_KERBEROS_PRINCIPAL_KEY = "dfs.secondary.namenode.kerberos.principal";
|
||||
public static final String DFS_SECONDARY_NAMENODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY = "dfs.secondary.namenode.kerberos.internal.spnego.principal";
|
||||
public static final String DFS_NAMENODE_NAME_CACHE_THRESHOLD_KEY = "dfs.namenode.name.cache.threshold";
|
||||
public static final int DFS_NAMENODE_NAME_CACHE_THRESHOLD_DEFAULT = 10;
|
||||
|
||||
@ -551,8 +551,8 @@ public class DFSConfigKeys extends CommonConfigurationKeys {
|
||||
public static final String DFS_JOURNALNODE_HTTPS_ADDRESS_DEFAULT = "0.0.0.0:" + DFS_JOURNALNODE_HTTPS_PORT_DEFAULT;
|
||||
|
||||
public static final String DFS_JOURNALNODE_KEYTAB_FILE_KEY = "dfs.journalnode.keytab.file";
|
||||
public static final String DFS_JOURNALNODE_USER_NAME_KEY = "dfs.journalnode.kerberos.principal";
|
||||
public static final String DFS_JOURNALNODE_INTERNAL_SPNEGO_USER_NAME_KEY = "dfs.journalnode.kerberos.internal.spnego.principal";
|
||||
public static final String DFS_JOURNALNODE_KERBEROS_PRINCIPAL_KEY = "dfs.journalnode.kerberos.principal";
|
||||
public static final String DFS_JOURNALNODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY = "dfs.journalnode.kerberos.internal.spnego.principal";
|
||||
|
||||
// Journal-node related configs for the client side.
|
||||
public static final String DFS_QJOURNAL_QUEUE_SIZE_LIMIT_KEY = "dfs.qjournal.queued-edits.limit.mb";
|
||||
@ -628,5 +628,5 @@ public class DFSConfigKeys extends CommonConfigurationKeys {
|
||||
"dfs.client.hedged.read.threadpool.size";
|
||||
public static final int DEFAULT_DFSCLIENT_HEDGED_READ_THREADPOOL_SIZE = 0;
|
||||
public static final String DFS_NFS_KEYTAB_FILE_KEY = "dfs.nfs.keytab.file";
|
||||
public static final String DFS_NFS_USER_NAME_KEY = "dfs.nfs.kerberos.principal";
|
||||
public static final String DFS_NFS_KERBEROS_PRINCIPAL_KEY = "dfs.nfs.kerberos.principal";
|
||||
}
|
||||
|
||||
@ -680,7 +680,7 @@ public static Set<String> getAllNnPrincipals(Configuration conf) throws IOExcept
|
||||
Configuration confForNn = new Configuration(conf);
|
||||
NameNode.initializeGenericKeys(confForNn, nsId, nnId);
|
||||
String principal = SecurityUtil.getServerPrincipal(confForNn
|
||||
.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY),
|
||||
.get(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY),
|
||||
NameNode.getAddress(confForNn).getHostName());
|
||||
principals.add(principal);
|
||||
}
|
||||
@ -688,7 +688,7 @@ public static Set<String> getAllNnPrincipals(Configuration conf) throws IOExcept
|
||||
Configuration confForNn = new Configuration(conf);
|
||||
NameNode.initializeGenericKeys(confForNn, nsId, null);
|
||||
String principal = SecurityUtil.getServerPrincipal(confForNn
|
||||
.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY),
|
||||
.get(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY),
|
||||
NameNode.getAddress(confForNn).getHostName());
|
||||
principals.add(principal);
|
||||
}
|
||||
|
||||
@ -34,7 +34,7 @@
|
||||
@InterfaceAudience.Private
|
||||
@InterfaceStability.Evolving
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_DATANODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@TokenInfo(BlockTokenSelector.class)
|
||||
public interface ClientDatanodeProtocol {
|
||||
/**
|
||||
|
||||
@ -64,7 +64,7 @@
|
||||
@InterfaceAudience.Private
|
||||
@InterfaceStability.Evolving
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@TokenInfo(DelegationTokenSelector.class)
|
||||
public interface ClientProtocol {
|
||||
|
||||
|
||||
@ -26,7 +26,7 @@
|
||||
import org.apache.hadoop.security.token.TokenInfo;
|
||||
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_DATANODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@TokenInfo(BlockTokenSelector.class)
|
||||
@ProtocolInfo(protocolName =
|
||||
"org.apache.hadoop.hdfs.protocol.ClientDatanodeProtocol",
|
||||
|
||||
@ -31,7 +31,7 @@
|
||||
@InterfaceAudience.Private
|
||||
@InterfaceStability.Stable
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@TokenInfo(DelegationTokenSelector.class)
|
||||
@ProtocolInfo(protocolName = HdfsConstants.CLIENT_NAMENODE_PROTOCOL_NAME,
|
||||
protocolVersion = 1)
|
||||
|
||||
@ -25,8 +25,8 @@
|
||||
import org.apache.hadoop.security.KerberosInfo;
|
||||
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_DATANODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@ProtocolInfo(
|
||||
protocolName = "org.apache.hadoop.hdfs.server.protocol.DatanodeProtocol",
|
||||
protocolVersion = 1)
|
||||
|
||||
@ -24,8 +24,8 @@
|
||||
import org.apache.hadoop.security.KerberosInfo;
|
||||
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_DATANODE_USER_NAME_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_DATANODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@ProtocolInfo(protocolName =
|
||||
"org.apache.hadoop.hdfs.server.protocol.InterDatanodeProtocol",
|
||||
protocolVersion = 1)
|
||||
|
||||
@ -31,8 +31,8 @@
|
||||
* add annotations required for security.
|
||||
*/
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@ProtocolInfo(protocolName =
|
||||
"org.apache.hadoop.hdfs.server.protocol.JournalProtocol",
|
||||
protocolVersion = 1)
|
||||
|
||||
@ -32,8 +32,8 @@
|
||||
* add annotations required for security.
|
||||
*/
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@ProtocolInfo(protocolName =
|
||||
"org.apache.hadoop.hdfs.server.protocol.NamenodeProtocol",
|
||||
protocolVersion = 1)
|
||||
|
||||
@ -43,8 +43,8 @@
|
||||
* recovery of the nodes.
|
||||
*/
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_JOURNALNODE_USER_NAME_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_JOURNALNODE_KERBEROS_PRINCIPAL_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@InterfaceAudience.Private
|
||||
public interface QJournalProtocol {
|
||||
public static final long versionID = 1L;
|
||||
|
||||
@ -30,8 +30,8 @@
|
||||
* add annotations required for security.
|
||||
*/
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_JOURNALNODE_USER_NAME_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_JOURNALNODE_KERBEROS_PRINCIPAL_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@ProtocolInfo(protocolName =
|
||||
"org.apache.hadoop.hdfs.qjournal.protocol.QJournalProtocol",
|
||||
protocolVersion = 1)
|
||||
|
||||
@ -93,7 +93,7 @@ protected boolean isValidRequestor(HttpServletRequest request, Configuration con
|
||||
validRequestors.addAll(DFSUtil.getAllNnPrincipals(conf));
|
||||
validRequestors.add(
|
||||
SecurityUtil.getServerPrincipal(conf
|
||||
.get(DFSConfigKeys.DFS_SECONDARY_NAMENODE_USER_NAME_KEY),
|
||||
.get(DFSConfigKeys.DFS_SECONDARY_NAMENODE_KERBEROS_PRINCIPAL_KEY),
|
||||
SecondaryNameNode.getHttpAddress(conf).getHostName()));
|
||||
|
||||
// Check the full principal name of all the configured valid requestors.
|
||||
|
||||
@ -140,7 +140,7 @@ public void start() throws IOException {
|
||||
|
||||
InetSocketAddress socAddr = JournalNodeRpcServer.getAddress(conf);
|
||||
SecurityUtil.login(conf, DFSConfigKeys.DFS_JOURNALNODE_KEYTAB_FILE_KEY,
|
||||
DFSConfigKeys.DFS_JOURNALNODE_USER_NAME_KEY, socAddr.getHostName());
|
||||
DFSConfigKeys.DFS_JOURNALNODE_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName());
|
||||
|
||||
registerJNMXBean();
|
||||
|
||||
|
||||
@ -58,7 +58,7 @@ void start() throws IOException {
|
||||
|
||||
HttpServer2.Builder builder = DFSUtil.httpServerTemplateForNNAndJN(conf,
|
||||
httpAddr, httpsAddr, "journal",
|
||||
DFSConfigKeys.DFS_JOURNALNODE_INTERNAL_SPNEGO_USER_NAME_KEY,
|
||||
DFSConfigKeys.DFS_JOURNALNODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY,
|
||||
DFSConfigKeys.DFS_JOURNALNODE_KEYTAB_FILE_KEY);
|
||||
|
||||
httpServer = builder.build();
|
||||
|
||||
@ -1761,7 +1761,7 @@ public static DataNode instantiateDataNode(String args [], Configuration conf,
|
||||
Collection<StorageLocation> dataLocations = getStorageLocations(conf);
|
||||
UserGroupInformation.setConfiguration(conf);
|
||||
SecurityUtil.login(conf, DFS_DATANODE_KEYTAB_FILE_KEY,
|
||||
DFS_DATANODE_USER_NAME_KEY);
|
||||
DFS_DATANODE_KERBEROS_PRINCIPAL_KEY);
|
||||
return makeInstance(dataLocations, conf, resources);
|
||||
}
|
||||
|
||||
|
||||
@ -235,16 +235,16 @@ static boolean isValidRequestor(ServletContext context, String remoteUser,
|
||||
Set<String> validRequestors = new HashSet<String>();
|
||||
|
||||
validRequestors.add(SecurityUtil.getServerPrincipal(conf
|
||||
.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY),
|
||||
.get(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY),
|
||||
NameNode.getAddress(conf).getHostName()));
|
||||
validRequestors.add(SecurityUtil.getServerPrincipal(
|
||||
conf.get(DFSConfigKeys.DFS_SECONDARY_NAMENODE_USER_NAME_KEY),
|
||||
conf.get(DFSConfigKeys.DFS_SECONDARY_NAMENODE_KERBEROS_PRINCIPAL_KEY),
|
||||
SecondaryNameNode.getHttpAddress(conf).getHostName()));
|
||||
|
||||
if (HAUtil.isHAEnabled(conf, DFSUtil.getNamenodeNameServiceId(conf))) {
|
||||
Configuration otherNnConf = HAUtil.getConfForOtherNode(conf);
|
||||
validRequestors.add(SecurityUtil.getServerPrincipal(otherNnConf
|
||||
.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY),
|
||||
.get(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY),
|
||||
NameNode.getAddress(otherNnConf).getHostName()));
|
||||
}
|
||||
|
||||
|
||||
@ -182,8 +182,8 @@ public static enum OperationCategory {
|
||||
DFS_NAMENODE_BACKUP_ADDRESS_KEY,
|
||||
DFS_NAMENODE_BACKUP_HTTP_ADDRESS_KEY,
|
||||
DFS_NAMENODE_BACKUP_SERVICE_RPC_ADDRESS_KEY,
|
||||
DFS_NAMENODE_USER_NAME_KEY,
|
||||
DFS_NAMENODE_INTERNAL_SPNEGO_USER_NAME_KEY,
|
||||
DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY,
|
||||
DFS_NAMENODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY,
|
||||
DFS_HA_FENCE_METHODS_KEY,
|
||||
DFS_HA_ZKFC_PORT_KEY,
|
||||
DFS_HA_FENCE_METHODS_KEY
|
||||
@ -483,7 +483,7 @@ public static UserGroupInformation getRemoteUser() throws IOException {
|
||||
void loginAsNameNodeUser(Configuration conf) throws IOException {
|
||||
InetSocketAddress socAddr = getRpcServerAddress(conf);
|
||||
SecurityUtil.login(conf, DFS_NAMENODE_KEYTAB_FILE_KEY,
|
||||
DFS_NAMENODE_USER_NAME_KEY, socAddr.getHostName());
|
||||
DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName());
|
||||
}
|
||||
|
||||
/**
|
||||
@ -815,7 +815,7 @@ private static boolean format(Configuration conf, boolean force,
|
||||
if (UserGroupInformation.isSecurityEnabled()) {
|
||||
InetSocketAddress socAddr = getAddress(conf);
|
||||
SecurityUtil.login(conf, DFS_NAMENODE_KEYTAB_FILE_KEY,
|
||||
DFS_NAMENODE_USER_NAME_KEY, socAddr.getHostName());
|
||||
DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName());
|
||||
}
|
||||
|
||||
Collection<URI> nameDirsToFormat = FSNamesystem.getNamespaceDirs(conf);
|
||||
@ -918,7 +918,7 @@ private static boolean initializeSharedEdits(Configuration conf,
|
||||
if (UserGroupInformation.isSecurityEnabled()) {
|
||||
InetSocketAddress socAddr = getAddress(conf);
|
||||
SecurityUtil.login(conf, DFS_NAMENODE_KEYTAB_FILE_KEY,
|
||||
DFS_NAMENODE_USER_NAME_KEY, socAddr.getHostName());
|
||||
DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName());
|
||||
}
|
||||
|
||||
NNStorage existingStorage = null;
|
||||
|
||||
@ -110,7 +110,7 @@ void start() throws IOException {
|
||||
|
||||
HttpServer2.Builder builder = DFSUtil.httpServerTemplateForNNAndJN(conf,
|
||||
httpAddr, httpsAddr, "hdfs",
|
||||
DFSConfigKeys.DFS_NAMENODE_INTERNAL_SPNEGO_USER_NAME_KEY,
|
||||
DFSConfigKeys.DFS_NAMENODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY,
|
||||
DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY);
|
||||
|
||||
httpServer = builder.build();
|
||||
|
||||
@ -219,7 +219,7 @@ private void initialize(final Configuration conf,
|
||||
if (UserGroupInformation.isSecurityEnabled()) {
|
||||
SecurityUtil.login(conf,
|
||||
DFSConfigKeys.DFS_SECONDARY_NAMENODE_KEYTAB_FILE_KEY,
|
||||
DFSConfigKeys.DFS_SECONDARY_NAMENODE_USER_NAME_KEY, infoBindAddress);
|
||||
DFSConfigKeys.DFS_SECONDARY_NAMENODE_KERBEROS_PRINCIPAL_KEY, infoBindAddress);
|
||||
}
|
||||
// initiate Java VM metrics
|
||||
DefaultMetricsSystem.initialize("SecondaryNameNode");
|
||||
@ -263,7 +263,7 @@ private void initialize(final Configuration conf,
|
||||
|
||||
HttpServer2.Builder builder = DFSUtil.httpServerTemplateForNNAndJN(conf,
|
||||
httpAddr, httpsAddr, "secondary",
|
||||
DFSConfigKeys.DFS_SECONDARY_NAMENODE_INTERNAL_SPNEGO_USER_NAME_KEY,
|
||||
DFSConfigKeys.DFS_SECONDARY_NAMENODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY,
|
||||
DFSConfigKeys.DFS_SECONDARY_NAMENODE_KEYTAB_FILE_KEY);
|
||||
|
||||
infoServer = builder.build();
|
||||
|
||||
@ -18,7 +18,7 @@
|
||||
package org.apache.hadoop.hdfs.server.namenode.ha;
|
||||
|
||||
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY;
|
||||
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY;
|
||||
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.InetSocketAddress;
|
||||
@ -97,7 +97,7 @@ public int run(String[] args) throws Exception {
|
||||
|
||||
InetSocketAddress myAddr = NameNode.getAddress(conf);
|
||||
SecurityUtil.login(conf, DFS_NAMENODE_KEYTAB_FILE_KEY,
|
||||
DFS_NAMENODE_USER_NAME_KEY, myAddr.getHostName());
|
||||
DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, myAddr.getHostName());
|
||||
|
||||
return SecurityUtil.doAsLoginUserOrFatal(new PrivilegedAction<Integer>() {
|
||||
@Override
|
||||
|
||||
@ -39,8 +39,8 @@
|
||||
*
|
||||
**********************************************************************/
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_DATANODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@InterfaceAudience.Private
|
||||
public interface DatanodeProtocol {
|
||||
/**
|
||||
|
||||
@ -31,8 +31,8 @@
|
||||
/** An inter-datanode protocol for updating generation stamp
|
||||
*/
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_DATANODE_USER_NAME_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_DATANODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@InterfaceAudience.Private
|
||||
public interface InterDatanodeProtocol {
|
||||
public static final Log LOG = LogFactory.getLog(InterDatanodeProtocol.class);
|
||||
|
||||
@ -28,8 +28,8 @@
|
||||
* this is used to publish edits from the NameNode to a BackupNode.
|
||||
*/
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY,
|
||||
clientPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@InterfaceAudience.Private
|
||||
public interface JournalProtocol {
|
||||
/**
|
||||
|
||||
@ -34,7 +34,7 @@
|
||||
* It's used to get part of the name node state
|
||||
*****************************************************************************/
|
||||
@KerberosInfo(
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY)
|
||||
serverPrincipal = DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY)
|
||||
@InterfaceAudience.Private
|
||||
public interface NamenodeProtocol {
|
||||
/**
|
||||
|
||||
@ -975,7 +975,7 @@ public int refreshServiceAcl() throws IOException {
|
||||
// server principal for this call
|
||||
// should be NN's one.
|
||||
conf.set(CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_USER_NAME_KEY,
|
||||
conf.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY, ""));
|
||||
conf.get(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, ""));
|
||||
|
||||
// Create the client
|
||||
RefreshAuthorizationPolicyProtocol refreshProtocol =
|
||||
@ -1001,7 +1001,7 @@ public int refreshUserToGroupsMappings() throws IOException {
|
||||
// server principal for this call
|
||||
// should be NN's one.
|
||||
conf.set(CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_USER_NAME_KEY,
|
||||
conf.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY, ""));
|
||||
conf.get(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, ""));
|
||||
|
||||
// Create the client
|
||||
RefreshUserMappingsProtocol refreshProtocol =
|
||||
@ -1028,7 +1028,7 @@ public int refreshSuperUserGroupsConfiguration() throws IOException {
|
||||
// server principal for this call
|
||||
// should be NAMENODE's one.
|
||||
conf.set(CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_USER_NAME_KEY,
|
||||
conf.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY, ""));
|
||||
conf.get(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, ""));
|
||||
|
||||
// Create the client
|
||||
RefreshUserMappingsProtocol refreshProtocol =
|
||||
@ -1049,7 +1049,7 @@ public int refreshCallQueue() throws IOException {
|
||||
// server principal for this call
|
||||
// should be NN's one.
|
||||
conf.set(CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_USER_NAME_KEY,
|
||||
conf.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY, ""));
|
||||
conf.get(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, ""));
|
||||
|
||||
// Create the client
|
||||
RefreshCallQueueProtocol refreshProtocol =
|
||||
@ -1415,7 +1415,7 @@ private ClientDatanodeProtocol getDataNodeProxy(String datanode)
|
||||
|
||||
// For datanode proxy the server principal should be DN's one.
|
||||
conf.set(CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_USER_NAME_KEY,
|
||||
conf.get(DFSConfigKeys.DFS_DATANODE_USER_NAME_KEY, ""));
|
||||
conf.get(DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY, ""));
|
||||
|
||||
// Create the client
|
||||
ClientDatanodeProtocol dnProtocol =
|
||||
|
||||
@ -66,7 +66,7 @@ public static Configuration addSecurityConfiguration(Configuration conf) {
|
||||
// force loading of hdfs-site.xml.
|
||||
conf = new HdfsConfiguration(conf);
|
||||
String nameNodePrincipal = conf.get(
|
||||
DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY, "");
|
||||
DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, "");
|
||||
if (LOG.isDebugEnabled()) {
|
||||
LOG.debug("Using NN principal: " + nameNodePrincipal);
|
||||
}
|
||||
|
||||
@ -18,7 +18,7 @@
|
||||
package org.apache.hadoop.hdfs.tools;
|
||||
|
||||
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY;
|
||||
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY;
|
||||
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.InetSocketAddress;
|
||||
@ -152,7 +152,7 @@ protected void initRPC() throws IOException {
|
||||
public void loginAsFCUser() throws IOException {
|
||||
InetSocketAddress socAddr = NameNode.getAddress(conf);
|
||||
SecurityUtil.login(conf, DFS_NAMENODE_KEYTAB_FILE_KEY,
|
||||
DFS_NAMENODE_USER_NAME_KEY, socAddr.getHostName());
|
||||
DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -70,7 +70,7 @@ protected InetSocketAddress getProtocolAddress(Configuration conf)
|
||||
public void setConf(Configuration conf) {
|
||||
conf = new HdfsConfiguration(conf);
|
||||
String nameNodePrincipal = conf.get(
|
||||
DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY, "");
|
||||
DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, "");
|
||||
|
||||
if (LOG.isDebugEnabled()) {
|
||||
LOG.debug("Using NN principal: " + nameNodePrincipal);
|
||||
|
||||
@ -78,14 +78,14 @@ HDFS NFS Gateway
|
||||
|
||||
----
|
||||
<property>
|
||||
<name>dfs.nfsgateway.keytab.file</name>
|
||||
<name>dfs.nfs.keytab.file</name>
|
||||
<value>/etc/hadoop/conf/nfsserver.keytab</value> <!-- path to the nfs gateway keytab -->
|
||||
</property>
|
||||
----
|
||||
|
||||
----
|
||||
<property>
|
||||
<name>dfs.nfsgateway.kerberos.principal</name>
|
||||
<name>dfs.nfs.kerberos.principal</name>
|
||||
<value>nfsserver/_HOST@YOUR-REALM.COM</value>
|
||||
</property>
|
||||
----
|
||||
|
||||
@ -78,11 +78,11 @@ public void testSecureNameNode() throws Exception {
|
||||
Configuration conf = new HdfsConfiguration();
|
||||
conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION,
|
||||
"kerberos");
|
||||
conf.set(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY, nnPrincipal);
|
||||
conf.set(DFSConfigKeys.DFS_NAMENODE_INTERNAL_SPNEGO_USER_NAME_KEY,
|
||||
conf.set(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, nnPrincipal);
|
||||
conf.set(DFSConfigKeys.DFS_NAMENODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY,
|
||||
nnSpnegoPrincipal);
|
||||
conf.set(DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY, nnKeyTab);
|
||||
conf.set(DFSConfigKeys.DFS_DATANODE_USER_NAME_KEY, dnPrincipal);
|
||||
conf.set(DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY, dnPrincipal);
|
||||
conf.set(DFSConfigKeys.DFS_DATANODE_KEYTAB_FILE_KEY, dnKeyTab);
|
||||
// Secure DataNode requires using ports lower than 1024.
|
||||
conf.set(DFSConfigKeys.DFS_DATANODE_ADDRESS_KEY, "127.0.0.1:1004");
|
||||
|
||||
@ -51,13 +51,13 @@ public void testIsValidRequestor() throws IOException {
|
||||
// Set up NN1 HA configs.
|
||||
conf.set(DFSUtil.addKeySuffixes(DFSConfigKeys.DFS_NAMENODE_RPC_ADDRESS_KEY,
|
||||
"ns1", "nn1"), "host1:1234");
|
||||
conf.set(DFSUtil.addKeySuffixes(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY,
|
||||
conf.set(DFSUtil.addKeySuffixes(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY,
|
||||
"ns1", "nn1"), "hdfs/_HOST@TEST-REALM.COM");
|
||||
|
||||
// Set up NN2 HA configs.
|
||||
conf.set(DFSUtil.addKeySuffixes(DFSConfigKeys.DFS_NAMENODE_RPC_ADDRESS_KEY,
|
||||
"ns1", "nn2"), "host2:1234");
|
||||
conf.set(DFSUtil.addKeySuffixes(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY,
|
||||
conf.set(DFSUtil.addKeySuffixes(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY,
|
||||
"ns1", "nn2"), "hdfs/_HOST@TEST-REALM.COM");
|
||||
|
||||
// Initialize this conf object as though we're running on NN1.
|
||||
|
||||
@ -58,7 +58,7 @@ public void testName() throws IOException, InterruptedException {
|
||||
Configuration conf = new HdfsConfiguration();
|
||||
conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION,
|
||||
"kerberos");
|
||||
conf.set(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY,
|
||||
conf.set(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY,
|
||||
"nn1/localhost@EXAMPLE.COM");
|
||||
conf.set(DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY, nn1KeytabPath);
|
||||
|
||||
|
||||
@ -80,8 +80,8 @@ public void testSecureNameNode() throws IOException, InterruptedException {
|
||||
Configuration conf = new HdfsConfiguration();
|
||||
conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION,
|
||||
"kerberos");
|
||||
conf.set(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY, nnPrincipal);
|
||||
conf.set(DFSConfigKeys.DFS_NAMENODE_INTERNAL_SPNEGO_USER_NAME_KEY,
|
||||
conf.set(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, nnPrincipal);
|
||||
conf.set(DFSConfigKeys.DFS_NAMENODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY,
|
||||
nnSpnegoPrincipal);
|
||||
conf.set(DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY, nnKeyTab);
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user