HDDS-1355. Only FQDN is accepted for OM rpc address in secure environment. Contributed by Ajay Kumar.

Closes #677
This commit is contained in:
Ajay Kumar 2019-04-01 17:06:42 -07:00 committed by Márton Elek
parent aeb43dfba3
commit bfc90bdc64
No known key found for this signature in database
GPG Key ID: D51EA8F00EE79B28
2 changed files with 24 additions and 3 deletions

View File

@ -51,6 +51,7 @@
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED; import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED;
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_OPEN_KEY_EXPIRE_THRESHOLD_SECONDS; import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_OPEN_KEY_EXPIRE_THRESHOLD_SECONDS;
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_SECURITY_ENABLED_KEY; import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_SECURITY_ENABLED_KEY;
import static org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_OM_ADDRESS_KEY;
import static org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod.KERBEROS; import static org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod.KERBEROS;
import static org.apache.hadoop.test.GenericTestUtils.*; import static org.apache.hadoop.test.GenericTestUtils.*;
@ -221,4 +222,20 @@ public void testSecureOmInitFailures() throws Exception {
omLogs.clearOutput(); omLogs.clearOutput();
} }
/**
* Test om bind socket address.
*/
@Test
public void testSecureOmInitFailure() throws Exception {
OzoneConfiguration config = new OzoneConfiguration(conf);
OMStorage omStorage = new OMStorage(config);
omStorage.setClusterId(clusterId);
omStorage.setScmId(scmId);
omStorage.setOmId(omId);
config.set(OZONE_OM_ADDRESS_KEY, "om-unknown");
LambdaTestUtils.intercept(RuntimeException.class, "Can't get SCM signed" +
" certificate",
() -> OzoneManager.initializeSecurity(config, omStorage));
}
} }

View File

@ -1374,8 +1374,12 @@ private static void getSCMSignedCert(CertificateClient client,
KeyPair keyPair = new KeyPair(client.getPublicKey(), KeyPair keyPair = new KeyPair(client.getPublicKey(),
client.getPrivateKey()); client.getPrivateKey());
InetSocketAddress omRpcAdd; InetSocketAddress omRpcAdd;
omRpcAdd = OmUtils.getOmAddress(config); omRpcAdd = OmUtils.getOmAddress(config);
if (omRpcAdd == null || omRpcAdd.getAddress() == null) {
LOG.error("Incorrect om rpc address. omRpcAdd:{}", omRpcAdd);
throw new RuntimeException("Can't get SCM signed certificate. " +
"omRpcAdd: " + omRpcAdd);
}
// Get host name. // Get host name.
String hostname = omRpcAdd.getAddress().getHostName(); String hostname = omRpcAdd.getAddress().getHostName();
@ -1388,7 +1392,7 @@ private static void getSCMSignedCert(CertificateClient client,
.setScmID(omStore.getScmId()) .setScmID(omStore.getScmId())
.setClusterID(omStore.getClusterID()) .setClusterID(omStore.getClusterID())
.setSubject(subject) .setSubject(subject)
.addIpAddress(omRpcAdd.getAddress().getHostAddress()); .addIpAddress(hostname);
LOG.info("Creating csr for OM->dns:{},ip:{},scmId:{},clusterId:{}," + LOG.info("Creating csr for OM->dns:{},ip:{},scmId:{},clusterId:{}," +
"subject:{}", hostname, omRpcAdd.getAddress().getHostAddress(), "subject:{}", hostname, omRpcAdd.getAddress().getHostAddress(),
@ -1397,7 +1401,7 @@ private static void getSCMSignedCert(CertificateClient client,
HddsProtos.OzoneManagerDetailsProto.Builder omDetailsProtoBuilder = HddsProtos.OzoneManagerDetailsProto.Builder omDetailsProtoBuilder =
HddsProtos.OzoneManagerDetailsProto.newBuilder() HddsProtos.OzoneManagerDetailsProto.newBuilder()
.setHostName(omRpcAdd.getHostName()) .setHostName(omRpcAdd.getHostName())
.setIpAddress(omRpcAdd.getAddress().getHostAddress()) .setIpAddress(hostname)
.setUuid(omStore.getOmId()) .setUuid(omStore.getOmId())
.addPorts(HddsProtos.Port.newBuilder() .addPorts(HddsProtos.Port.newBuilder()
.setName(RPC_PORT) .setName(RPC_PORT)