HDDS-1788. Fix kerberos principal error in Ozone Recon. (#1201)
This commit is contained in:
parent
8f40856f76
commit
ec1d453846
@ -612,7 +612,7 @@
|
|||||||
<description>
|
<description>
|
||||||
The actual address the OM web server will bind to using HTTPS.
|
The actual address the OM web server will bind to using HTTPS.
|
||||||
If this optional address is set, it overrides only the hostname portion of
|
If this optional address is set, it overrides only the hostname portion of
|
||||||
ozone.om.http-address.
|
ozone.om.https-address.
|
||||||
</description>
|
</description>
|
||||||
</property>
|
</property>
|
||||||
<property>
|
<property>
|
||||||
@ -1040,7 +1040,7 @@
|
|||||||
<description>
|
<description>
|
||||||
The actual address the SCM web server will bind to using HTTPS.
|
The actual address the SCM web server will bind to using HTTPS.
|
||||||
If this optional address is set, it overrides only the hostname portion of
|
If this optional address is set, it overrides only the hostname portion of
|
||||||
ozone.scm.http-address.
|
ozone.scm.https-address.
|
||||||
</description>
|
</description>
|
||||||
</property>
|
</property>
|
||||||
<property>
|
<property>
|
||||||
@ -1525,7 +1525,7 @@
|
|||||||
<value>5m</value>
|
<value>5m</value>
|
||||||
<tag>OZONE, OM</tag>
|
<tag>OZONE, OM</tag>
|
||||||
<description>Time interval used to store the omMetrics in to a
|
<description>Time interval used to store the omMetrics in to a
|
||||||
file. Background thread perodically stores the OM metrics in to a
|
file. Background thread periodically stores the OM metrics in to a
|
||||||
file. Unit could be defined with postfix (ns,ms,s,m,h,d)
|
file. Unit could be defined with postfix (ns,ms,s,m,h,d)
|
||||||
</description>
|
</description>
|
||||||
</property>
|
</property>
|
||||||
|
@ -11,7 +11,7 @@
|
|||||||
# Unless required by applicable law or agreed to in writing, software
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
# See the License lsfor the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
|
|
||||||
|
@ -65,6 +65,19 @@ services:
|
|||||||
env_file:
|
env_file:
|
||||||
- ./docker-config
|
- ./docker-config
|
||||||
command: ["/opt/hadoop/bin/ozone","s3g"]
|
command: ["/opt/hadoop/bin/ozone","s3g"]
|
||||||
|
recon:
|
||||||
|
image: apache/ozone-runner:${HADOOP_RUNNER_VERSION}
|
||||||
|
hostname: recon
|
||||||
|
volumes:
|
||||||
|
- ../..:/opt/hadoop
|
||||||
|
ports:
|
||||||
|
- 9888:9888
|
||||||
|
env_file:
|
||||||
|
- ./docker-config
|
||||||
|
environment:
|
||||||
|
WAITFOR: om:9874
|
||||||
|
ENSURE_OM_INITIALIZED: /data/metadata/om/current/VERSION
|
||||||
|
command: ["/opt/hadoop/bin/ozone","recon"]
|
||||||
scm:
|
scm:
|
||||||
image: apache/ozone-runner:${HADOOP_RUNNER_VERSION}
|
image: apache/ozone-runner:${HADOOP_RUNNER_VERSION}
|
||||||
hostname: scm
|
hostname: scm
|
||||||
|
@ -33,6 +33,10 @@ OZONE-SITE.XML_ozone.om.kerberos.principal=om/om@EXAMPLE.COM
|
|||||||
OZONE-SITE.XML_ozone.om.kerberos.keytab.file=/etc/security/keytabs/om.keytab
|
OZONE-SITE.XML_ozone.om.kerberos.keytab.file=/etc/security/keytabs/om.keytab
|
||||||
OZONE-SITE.XML_ozone.s3g.keytab.file=/etc/security/keytabs/HTTP.keytab
|
OZONE-SITE.XML_ozone.s3g.keytab.file=/etc/security/keytabs/HTTP.keytab
|
||||||
OZONE-SITE.XML_ozone.s3g.authentication.kerberos.principal=HTTP/s3g@EXAMPLE.COM
|
OZONE-SITE.XML_ozone.s3g.authentication.kerberos.principal=HTTP/s3g@EXAMPLE.COM
|
||||||
|
OZONE-SITE.XML_ozone.recon.authentication.kerberos.principal=HTTP/recon@EXAMPLE.COM
|
||||||
|
OZONE-SITE.XML_ozone.recon.keytab.file=/etc/security/keytabs/HTTP.keytab
|
||||||
|
OZONE-SITE.XML_ozone.recon.db.dir=/data/metadata/recon
|
||||||
|
OZONE-SITE.XML_recon.om.snapshot.task.initial.delay=20s
|
||||||
|
|
||||||
OZONE-SITE.XML_ozone.security.enabled=true
|
OZONE-SITE.XML_ozone.security.enabled=true
|
||||||
OZONE-SITE.XML_ozone.acl.enabled=true
|
OZONE-SITE.XML_ozone.acl.enabled=true
|
||||||
|
@ -11,7 +11,7 @@
|
|||||||
# Unless required by applicable law or agreed to in writing, software
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
# See the License lsfor the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
|
|
||||||
|
@ -17,9 +17,9 @@
|
|||||||
*/
|
*/
|
||||||
package org.apache.hadoop.ozone.recon;
|
package org.apache.hadoop.ozone.recon;
|
||||||
|
|
||||||
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
|
|
||||||
|
|
||||||
import com.google.inject.Provider;
|
import com.google.inject.Provider;
|
||||||
|
import org.apache.hadoop.conf.Configuration;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Ozone Configuration Provider.
|
* Ozone Configuration Provider.
|
||||||
@ -27,17 +27,17 @@ import com.google.inject.Provider;
|
|||||||
* As the OzoneConfiguration is created by the CLI application here we inject
|
* As the OzoneConfiguration is created by the CLI application here we inject
|
||||||
* it via a singleton instance to the Jax-RS/CDI instances.
|
* it via a singleton instance to the Jax-RS/CDI instances.
|
||||||
*/
|
*/
|
||||||
public class OzoneConfigurationProvider implements
|
public class ConfigurationProvider implements
|
||||||
Provider<OzoneConfiguration> {
|
Provider<Configuration> {
|
||||||
|
|
||||||
private static OzoneConfiguration configuration;
|
private static Configuration configuration;
|
||||||
|
|
||||||
static void setConfiguration(OzoneConfiguration conf) {
|
static void setConfiguration(Configuration conf) {
|
||||||
OzoneConfigurationProvider.configuration = conf;
|
ConfigurationProvider.configuration = conf;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public OzoneConfiguration get() {
|
public Configuration get() {
|
||||||
return configuration;
|
return configuration;
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -29,6 +29,7 @@ import static org.apache.hadoop.ozone.recon.ReconServerConfigKeys.OZONE_RECON_SQ
|
|||||||
import static org.apache.hadoop.ozone.recon.ReconServerConfigKeys.OZONE_RECON_SQL_MAX_IDLE_CONNECTION_AGE;
|
import static org.apache.hadoop.ozone.recon.ReconServerConfigKeys.OZONE_RECON_SQL_MAX_IDLE_CONNECTION_AGE;
|
||||||
import static org.apache.hadoop.ozone.recon.ReconServerConfigKeys.OZONE_RECON_SQL_MAX_IDLE_CONNECTION_TEST_STMT;
|
import static org.apache.hadoop.ozone.recon.ReconServerConfigKeys.OZONE_RECON_SQL_MAX_IDLE_CONNECTION_TEST_STMT;
|
||||||
|
|
||||||
|
import org.apache.hadoop.conf.Configuration;
|
||||||
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
|
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
|
||||||
import org.apache.hadoop.ozone.recon.persistence.DataSourceConfiguration;
|
import org.apache.hadoop.ozone.recon.persistence.DataSourceConfiguration;
|
||||||
import org.apache.hadoop.ozone.recon.persistence.JooqPersistenceModule;
|
import org.apache.hadoop.ozone.recon.persistence.JooqPersistenceModule;
|
||||||
@ -53,7 +54,7 @@ import com.google.inject.Singleton;
|
|||||||
public class ReconControllerModule extends AbstractModule {
|
public class ReconControllerModule extends AbstractModule {
|
||||||
@Override
|
@Override
|
||||||
protected void configure() {
|
protected void configure() {
|
||||||
bind(OzoneConfiguration.class).toProvider(OzoneConfigurationProvider.class);
|
bind(Configuration.class).toProvider(ConfigurationProvider.class);
|
||||||
bind(ReconHttpServer.class).in(Singleton.class);
|
bind(ReconHttpServer.class).in(Singleton.class);
|
||||||
bind(DBStore.class)
|
bind(DBStore.class)
|
||||||
.toProvider(ReconContainerDBProvider.class).in(Singleton.class);
|
.toProvider(ReconContainerDBProvider.class).in(Singleton.class);
|
||||||
|
@ -64,7 +64,7 @@ public class ReconServer extends GenericCli {
|
|||||||
@Override
|
@Override
|
||||||
public Void call() throws Exception {
|
public Void call() throws Exception {
|
||||||
OzoneConfiguration ozoneConfiguration = createOzoneConfiguration();
|
OzoneConfiguration ozoneConfiguration = createOzoneConfiguration();
|
||||||
OzoneConfigurationProvider.setConfiguration(ozoneConfiguration);
|
ConfigurationProvider.setConfiguration(ozoneConfiguration);
|
||||||
|
|
||||||
injector = Guice.createInjector(new
|
injector = Guice.createInjector(new
|
||||||
ReconControllerModule(), new ReconRestServletModule() {
|
ReconControllerModule(), new ReconRestServletModule() {
|
||||||
|
@ -18,7 +18,6 @@
|
|||||||
|
|
||||||
package org.apache.hadoop.ozone.recon.spi.impl;
|
package org.apache.hadoop.ozone.recon.spi.impl;
|
||||||
|
|
||||||
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_SECURITY_ENABLED_KEY;
|
|
||||||
import static org.apache.hadoop.ozone.OzoneConsts.OZONE_DB_CHECKPOINT_REQUEST_FLUSH;
|
import static org.apache.hadoop.ozone.OzoneConsts.OZONE_DB_CHECKPOINT_REQUEST_FLUSH;
|
||||||
import static org.apache.hadoop.ozone.OzoneConsts.OZONE_OM_DB_CHECKPOINT_HTTP_ENDPOINT;
|
import static org.apache.hadoop.ozone.OzoneConsts.OZONE_OM_DB_CHECKPOINT_HTTP_ENDPOINT;
|
||||||
import static org.apache.hadoop.ozone.recon.ReconConstants.RECON_OM_SNAPSHOT_DB;
|
import static org.apache.hadoop.ozone.recon.ReconConstants.RECON_OM_SNAPSHOT_DB;
|
||||||
@ -45,7 +44,9 @@ import javax.inject.Inject;
|
|||||||
import javax.inject.Singleton;
|
import javax.inject.Singleton;
|
||||||
|
|
||||||
import org.apache.commons.io.FileUtils;
|
import org.apache.commons.io.FileUtils;
|
||||||
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
|
import org.apache.hadoop.hdfs.DFSUtil;
|
||||||
|
import org.apache.hadoop.http.HttpConfig;
|
||||||
import org.apache.hadoop.ozone.om.OMConfigKeys;
|
import org.apache.hadoop.ozone.om.OMConfigKeys;
|
||||||
import org.apache.hadoop.ozone.om.OMMetadataManager;
|
import org.apache.hadoop.ozone.om.OMMetadataManager;
|
||||||
import org.apache.hadoop.ozone.recon.recovery.ReconOMMetadataManager;
|
import org.apache.hadoop.ozone.recon.recovery.ReconOMMetadataManager;
|
||||||
@ -74,14 +75,11 @@ public class OzoneManagerServiceProviderImpl
|
|||||||
private File omSnapshotDBParentDir = null;
|
private File omSnapshotDBParentDir = null;
|
||||||
private String omDBSnapshotUrl;
|
private String omDBSnapshotUrl;
|
||||||
|
|
||||||
@Inject
|
|
||||||
private OzoneConfiguration configuration;
|
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
private ReconOMMetadataManager omMetadataManager;
|
private ReconOMMetadataManager omMetadataManager;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
public OzoneManagerServiceProviderImpl(OzoneConfiguration configuration) {
|
public OzoneManagerServiceProviderImpl(Configuration configuration) {
|
||||||
|
|
||||||
String ozoneManagerHttpAddress = configuration.get(OMConfigKeys
|
String ozoneManagerHttpAddress = configuration.get(OMConfigKeys
|
||||||
.OZONE_OM_HTTP_ADDRESS_KEY);
|
.OZONE_OM_HTTP_ADDRESS_KEY);
|
||||||
@ -92,8 +90,7 @@ public class OzoneManagerServiceProviderImpl
|
|||||||
omSnapshotDBParentDir = getReconDbDir(configuration,
|
omSnapshotDBParentDir = getReconDbDir(configuration,
|
||||||
OZONE_RECON_OM_SNAPSHOT_DB_DIR);
|
OZONE_RECON_OM_SNAPSHOT_DB_DIR);
|
||||||
|
|
||||||
boolean ozoneSecurityEnabled = configuration.getBoolean(
|
HttpConfig.Policy policy = DFSUtil.getHttpPolicy(configuration);
|
||||||
OZONE_SECURITY_ENABLED_KEY, false);
|
|
||||||
|
|
||||||
int socketTimeout = (int) configuration.getTimeDuration(
|
int socketTimeout = (int) configuration.getTimeDuration(
|
||||||
RECON_OM_SOCKET_TIMEOUT, RECON_OM_SOCKET_TIMEOUT_DEFAULT,
|
RECON_OM_SOCKET_TIMEOUT, RECON_OM_SOCKET_TIMEOUT_DEFAULT,
|
||||||
@ -118,7 +115,7 @@ public class OzoneManagerServiceProviderImpl
|
|||||||
omDBSnapshotUrl = "http://" + ozoneManagerHttpAddress +
|
omDBSnapshotUrl = "http://" + ozoneManagerHttpAddress +
|
||||||
OZONE_OM_DB_CHECKPOINT_HTTP_ENDPOINT;
|
OZONE_OM_DB_CHECKPOINT_HTTP_ENDPOINT;
|
||||||
|
|
||||||
if (ozoneSecurityEnabled) {
|
if (policy.isHttpsEnabled()) {
|
||||||
omDBSnapshotUrl = "https://" + ozoneManagerHttpsAddress +
|
omDBSnapshotUrl = "https://" + ozoneManagerHttpsAddress +
|
||||||
OZONE_OM_DB_CHECKPOINT_HTTP_ENDPOINT;
|
OZONE_OM_DB_CHECKPOINT_HTTP_ENDPOINT;
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user