You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Bharat Viswanadham (Jira)" <ji...@apache.org> on 2021/05/10 12:19:00 UTC

[jira] [Updated] (HDDS-5205) Make admin check work for SCM HA cluster

     [ https://issues.apache.org/jira/browse/HDDS-5205?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bharat Viswanadham updated HDDS-5205:
-------------------------------------
    Description: 
By default, the user started principal is added to scmAdminUsernames.


{code:java}
    String scmUsername = UserGroupInformation.getCurrentUser().getUserName();
    if (!scmAdminUsernames.contains(scmUsername)) {
      scmAdminUsernames.add(scmUsername);
    }
{code}


In HA cluster, when kinit with scm2 principal when scm1 is leader, we get access denied as we check getUserName() and also when adding to adminlist we use getUserName.

In OM we don't have this kind of issue, as getShortUserName() is used.


{code:java}
  String omSPN = UserGroupInformation.getCurrentUser().getShortUserName();
    if (!ozAdmins.contains(omSPN)) {
      ozAdmins.add(omSPN);
    }
{code}


  was:
By default, the user started principal is added to scmAdminUsernames.

    String scmUsername = UserGroupInformation.getCurrentUser().getUserName();
    if (!scmAdminUsernames.contains(scmUsername)) {
      scmAdminUsernames.add(scmUsername);
    }

In HA cluster, when kinit with scm2 principal when scm1 is leader, we get access denied as we check getUserName() and also when adding to adminlist we use getUserName.

In OM we don't have this kind of issue, as getShortUserName() is used.


{code:java}
  String omSPN = UserGroupInformation.getCurrentUser().getShortUserName();
    if (!ozAdmins.contains(omSPN)) {
      ozAdmins.add(omSPN);
    }
{code}



> Make admin check work for SCM HA cluster
> ----------------------------------------
>
>                 Key: HDDS-5205
>                 URL: https://issues.apache.org/jira/browse/HDDS-5205
>             Project: Apache Ozone
>          Issue Type: Task
>            Reporter: Bharat Viswanadham
>            Assignee: Bharat Viswanadham
>            Priority: Major
>
> By default, the user started principal is added to scmAdminUsernames.
> {code:java}
>     String scmUsername = UserGroupInformation.getCurrentUser().getUserName();
>     if (!scmAdminUsernames.contains(scmUsername)) {
>       scmAdminUsernames.add(scmUsername);
>     }
> {code}
> In HA cluster, when kinit with scm2 principal when scm1 is leader, we get access denied as we check getUserName() and also when adding to adminlist we use getUserName.
> In OM we don't have this kind of issue, as getShortUserName() is used.
> {code:java}
>   String omSPN = UserGroupInformation.getCurrentUser().getShortUserName();
>     if (!ozAdmins.contains(omSPN)) {
>       ozAdmins.add(omSPN);
>     }
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org