From bfc90bdc642bb93be1a8ad30cc482d615252bc43 Mon Sep 17 00:00:00 2001 From: Ajay Kumar Date: Mon, 1 Apr 2019 17:06:42 -0700 Subject: [PATCH] HDDS-1355. Only FQDN is accepted for OM rpc address in secure environment. Contributed by Ajay Kumar. Closes #677 --- .../hadoop/ozone/om/TestSecureOzoneManager.java | 17 +++++++++++++++++ .../apache/hadoop/ozone/om/OzoneManager.java | 10 +++++++--- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestSecureOzoneManager.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestSecureOzoneManager.java index 57e697e3a8..888a650773 100644 --- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestSecureOzoneManager.java +++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestSecureOzoneManager.java @@ -51,6 +51,7 @@ import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED; import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_OPEN_KEY_EXPIRE_THRESHOLD_SECONDS; import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_SECURITY_ENABLED_KEY; +import static org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_OM_ADDRESS_KEY; import static org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod.KERBEROS; import static org.apache.hadoop.test.GenericTestUtils.*; @@ -221,4 +222,20 @@ public void testSecureOmInitFailures() throws Exception { omLogs.clearOutput(); } + /** + * Test om bind socket address. + */ + @Test + public void testSecureOmInitFailure() throws Exception { + OzoneConfiguration config = new OzoneConfiguration(conf); + OMStorage omStorage = new OMStorage(config); + omStorage.setClusterId(clusterId); + omStorage.setScmId(scmId); + omStorage.setOmId(omId); + config.set(OZONE_OM_ADDRESS_KEY, "om-unknown"); + LambdaTestUtils.intercept(RuntimeException.class, "Can't get SCM signed" + + " certificate", + () -> OzoneManager.initializeSecurity(config, omStorage)); + } + } diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java index 549e6bd9e4..6f81b10591 100644 --- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java @@ -1374,8 +1374,12 @@ private static void getSCMSignedCert(CertificateClient client, KeyPair keyPair = new KeyPair(client.getPublicKey(), client.getPrivateKey()); InetSocketAddress omRpcAdd; - omRpcAdd = OmUtils.getOmAddress(config); + if (omRpcAdd == null || omRpcAdd.getAddress() == null) { + LOG.error("Incorrect om rpc address. omRpcAdd:{}", omRpcAdd); + throw new RuntimeException("Can't get SCM signed certificate. " + + "omRpcAdd: " + omRpcAdd); + } // Get host name. String hostname = omRpcAdd.getAddress().getHostName(); @@ -1388,7 +1392,7 @@ private static void getSCMSignedCert(CertificateClient client, .setScmID(omStore.getScmId()) .setClusterID(omStore.getClusterID()) .setSubject(subject) - .addIpAddress(omRpcAdd.getAddress().getHostAddress()); + .addIpAddress(hostname); LOG.info("Creating csr for OM->dns:{},ip:{},scmId:{},clusterId:{}," + "subject:{}", hostname, omRpcAdd.getAddress().getHostAddress(), @@ -1397,7 +1401,7 @@ private static void getSCMSignedCert(CertificateClient client, HddsProtos.OzoneManagerDetailsProto.Builder omDetailsProtoBuilder = HddsProtos.OzoneManagerDetailsProto.newBuilder() .setHostName(omRpcAdd.getHostName()) - .setIpAddress(omRpcAdd.getAddress().getHostAddress()) + .setIpAddress(hostname) .setUuid(omStore.getOmId()) .addPorts(HddsProtos.Port.newBuilder() .setName(RPC_PORT)