HDDS-1901. Fix Ozone HTTP WebConsole Authentication. Contributed by Xiaoyu Yao. (#1228)
This commit is contained in:
parent
7c2042a44d
commit
a63023f261
@ -365,7 +365,7 @@ public final class ScmConfigKeys {
|
||||
"hdds.scm.http.kerberos.principal";
|
||||
public static final String
|
||||
HDDS_SCM_HTTP_KERBEROS_KEYTAB_FILE_KEY =
|
||||
"hdds.scm.http.kerberos.keytab.file";
|
||||
"hdds.scm.http.kerberos.keytab";
|
||||
|
||||
// Network topology
|
||||
public static final String OZONE_SCM_NETWORK_TOPOLOGY_SCHEMA_FILE =
|
||||
|
@ -1819,7 +1819,7 @@
|
||||
<value>HTTP/_HOST@EXAMPLE.COM</value>
|
||||
</property>
|
||||
<property>
|
||||
<name>hdds.scm.http.kerberos.keytab.file</name>
|
||||
<name>hdds.scm.http.kerberos.keytab</name>
|
||||
<value>/etc/security/keytabs/HTTP.keytab</value>
|
||||
</property>
|
||||
|
||||
@ -1831,7 +1831,7 @@
|
||||
</description>
|
||||
</property>
|
||||
<property>
|
||||
<name>ozone.om.http.kerberos.keytab.file</name>
|
||||
<name>ozone.om.http.kerberos.keytab</name>
|
||||
<value>/etc/security/keytabs/HTTP.keytab</value>
|
||||
<description>
|
||||
OzoneManager http server kerberos keytab.
|
||||
|
@ -102,7 +102,7 @@ All these settings should be made in ozone-site.xml.
|
||||
<td>SCM http server service principal.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th scope="row">hdds.scm.http.kerberos.keytab.file</th>
|
||||
<th scope="row">hdds.scm.http.kerberos.keytab</th>
|
||||
<td>The keytab file used by SCM http server to login as its service principal.</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
@ -126,7 +126,7 @@ All these settings should be made in ozone-site.xml.
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<th scope="row">ozone.om.kerberos.principal </th>
|
||||
<th scope="row">ozone.om.kerberos.principal</th>
|
||||
<td>The OzoneManager service principal. e.g. om/_HOST@REALM
|
||||
.COM</td>
|
||||
</tr>
|
||||
@ -139,7 +139,7 @@ All these settings should be made in ozone-site.xml.
|
||||
<td>Ozone Manager http server service principal.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th scope="row"> ozone.om.http.kerberos.keytab.file</th>
|
||||
<th scope="row">ozone.om.http.kerberos.keytab</th>
|
||||
<td>The keytab file used by OM http server to login as its service principal.</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
|
@ -213,7 +213,7 @@ private OMConfigKeys() {
|
||||
public static final String OZONE_OM_KERBEROS_PRINCIPAL_KEY = "ozone.om"
|
||||
+ ".kerberos.principal";
|
||||
public static final String OZONE_OM_HTTP_KERBEROS_KEYTAB_FILE =
|
||||
"ozone.om.http.kerberos.keytab.file";
|
||||
"ozone.om.http.kerberos.keytab";
|
||||
public static final String OZONE_OM_HTTP_KERBEROS_PRINCIPAL_KEY
|
||||
= "ozone.om.http.kerberos.principal";
|
||||
// Delegation token related keys
|
||||
|
@ -35,9 +35,9 @@ OZONE_SITE.XML_ozone.administrators=*
|
||||
|
||||
OZONE-SITE.XML_ozone.security.enabled=true
|
||||
OZONE-SITE.XML_hdds.scm.http.kerberos.principal=HTTP/scm@EXAMPLE.COM
|
||||
OZONE-SITE.XML_hdds.scm.http.kerberos.keytab.file=/etc/security/keytabs/HTTP.keytab
|
||||
OZONE-SITE.XML_hdds.scm.http.kerberos.keytab=/etc/security/keytabs/HTTP.keytab
|
||||
OZONE-SITE.XML_ozone.om.http.kerberos.principal=HTTP/om@EXAMPLE.COM
|
||||
OZONE-SITE.XML_ozone.om.http.kerberos.keytab.file=/etc/security/keytabs/HTTP.keytab
|
||||
OZONE-SITE.XML_ozone.om.http.kerberos.keytab=/etc/security/keytabs/HTTP.keytab
|
||||
HDFS-SITE.XML_dfs.datanode.kerberos.principal=dn/_HOST@EXAMPLE.COM
|
||||
HDFS-SITE.XML_dfs.datanode.keytab.file=/etc/security/keytabs/dn.keytab
|
||||
HDFS-SITE.XML_dfs.web.authentication.kerberos.principal=HTTP/_HOST@EXAMPLE.COM
|
||||
|
@ -43,9 +43,9 @@ OZONE-SITE.XML_ozone.acl.enabled=true
|
||||
OZONE-SITE.XML_ozone.acl.authorizer.class=org.apache.hadoop.ozone.security.acl.OzoneNativeAuthorizer
|
||||
OZONE-SITE.XML_ozone.administrators=*
|
||||
OZONE-SITE.XML_hdds.scm.http.kerberos.principal=HTTP/scm@EXAMPLE.COM
|
||||
OZONE-SITE.XML_hdds.scm.http.kerberos.keytab.file=/etc/security/keytabs/HTTP.keytab
|
||||
OZONE-SITE.XML_hdds.scm.http.kerberos.keytab=/etc/security/keytabs/HTTP.keytab
|
||||
OZONE-SITE.XML_ozone.om.http.kerberos.principal=HTTP/om@EXAMPLE.COM
|
||||
OZONE-SITE.XML_ozone.om.http.kerberos.keytab.file=/etc/security/keytabs/HTTP.keytab
|
||||
OZONE-SITE.XML_ozone.om.http.kerberos.keytab=/etc/security/keytabs/HTTP.keytab
|
||||
HDFS-SITE.XML_dfs.datanode.kerberos.principal=dn/_HOST@EXAMPLE.COM
|
||||
HDFS-SITE.XML_dfs.datanode.keytab.file=/etc/security/keytabs/dn.keytab
|
||||
HDFS-SITE.XML_dfs.web.authentication.kerberos.principal=HTTP/_HOST@EXAMPLE.COM
|
||||
@ -58,6 +58,21 @@ CORE-SITE.XML_hadoop.security.authentication=kerberos
|
||||
CORE-SITE.XML_hadoop.security.auth_to_local=RULE:[2:$1@$0](.*)s/.*/root/
|
||||
CORE-SITE.XML_hadoop.security.key.provider.path=kms://http@kms:9600/kms
|
||||
|
||||
CORE-SITE.XML_hadoop.http.authentication.simple.anonymous.allowed=false
|
||||
CORE-SITE.XML_hadoop.http.authentication.signature.secret.file=/etc/security/http_secret
|
||||
CORE-SITE.XML_hadoop.http.authentication.type=kerberos
|
||||
CORE-SITE.XML_hadoop.http.authentication.kerberos.principal=HTTP/_HOST@EXAMPLE.COM
|
||||
CORE-SITE.XML_hadoop.http.authentication.kerberos.keytab=/etc/security/keytabs/HTTP.keytab
|
||||
CORE-SITE.XML_hadoop.http.filter.initializers=org.apache.hadoop.security.AuthenticationFilterInitializer
|
||||
|
||||
LOG4J.PROPERTIES_log4j.logger.org.apache.hadoop.security.authentication.server
|
||||
.AuthenticationFilter=DEBUG
|
||||
LOG4J.PROPERTIES_log4j.logger.org.apache.hadoop.security.authentication.server
|
||||
.KerberosAuthenticationHandler=TRACE
|
||||
LOG4J.PROPERTIES_log4j.logger.org.apache.hadoop.http.HttpServer2=TRACE
|
||||
|
||||
|
||||
|
||||
CORE-SITE.XML_hadoop.security.authorization=true
|
||||
HADOOP-POLICY.XML_ozone.om.security.client.protocol.acl=*
|
||||
HADOOP-POLICY.XML_hdds.security.client.datanode.container.protocol.acl=*
|
||||
|
Loading…
Reference in New Issue
Block a user