You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by GitBox <gi...@apache.org> on 2020/04/02 17:18:26 UTC

[GitHub] [hadoop-ozone] vivekratnavel opened a new pull request #758: HDDS-3280. Ozone BaseHTTPServer should honor ozone.security.enabled c…

vivekratnavel opened a new pull request #758: HDDS-3280. Ozone BaseHTTPServer should honor ozone.security.enabled c…
URL: https://github.com/apache/hadoop-ozone/pull/758
 
 
   …onfig
   
   ## What changes were proposed in this pull request?
   
    - Base HTTP server should start with SPNEGO username and keytab only if "ozone.security.enabled" and "ozone.security.kerberos.http.enabled" configs are set to true. 
   
   ## What is the link to the Apache JIRA
   
   https://issues.apache.org/jira/browse/HDDS-3280
   
   ## How was this patch tested?
   This patch was tested in a cluster with Kerberos and auto-TLS enabled under different configurations:
    - Both "ozone.security.enabled" and "ozone.security.kerberos.http.enabled" set to false
    - "ozone.security.enabled" set to true
    - Both "ozone.security.enabled" and "ozone.security.kerberos.http.enabled" set to true

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org

[GitHub] [hadoop-ozone] vivekratnavel commented on issue #758: HDDS-3280. Ozone BaseHTTPServer should honor ozone.security.enabled c…

Posted by GitBox <gi...@apache.org>.

vivekratnavel commented on issue #758: HDDS-3280. Ozone BaseHTTPServer should honor ozone.security.enabled c…
URL: https://github.com/apache/hadoop-ozone/pull/758#issuecomment-607979836
 
 
   @xiaoyuyao Please review

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org

[GitHub] [hadoop-ozone] xiaoyuyao commented on a change in pull request #758: HDDS-3280. Ozone BaseHTTPServer should honor ozone.security.enabled c…

Posted by GitBox <gi...@apache.org>.

xiaoyuyao commented on a change in pull request #758: HDDS-3280. Ozone BaseHTTPServer should honor ozone.security.enabled c…
URL: https://github.com/apache/hadoop-ozone/pull/758#discussion_r404315137
 
 

 ##########
 File path: hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConfigKeys.java
 ##########
 @@ -347,6 +347,10 @@
       "ozone.security.enabled";
   public static final boolean OZONE_SECURITY_ENABLED_DEFAULT = false;
 
+  public static final String OZONE_HTTP_SECURITY_ENABLED_KEY =
+      "ozone.security.kerberos.http.enabled";
 
 Review comment:
   This should be better named like ozone.security.http.kerberos.enabled to have a common prefix for http related settings as there will be ozone.security.http.simple.* as well.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org

[GitHub] [hadoop-ozone] xiaoyuyao merged pull request #758: HDDS-3280. Ozone BaseHTTPServer should honor ozone.security.enabled c…

Posted by GitBox <gi...@apache.org>.

xiaoyuyao merged pull request #758: HDDS-3280. Ozone BaseHTTPServer should honor ozone.security.enabled c…
URL: https://github.com/apache/hadoop-ozone/pull/758
 
 
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org

[GitHub] [hadoop-ozone] xiaoyuyao commented on a change in pull request #758: HDDS-3280. Ozone BaseHTTPServer should honor ozone.security.enabled c…

Posted by GitBox <gi...@apache.org>.

xiaoyuyao commented on a change in pull request #758: HDDS-3280. Ozone BaseHTTPServer should honor ozone.security.enabled c…
URL: https://github.com/apache/hadoop-ozone/pull/758#discussion_r404315888
 
 

 ##########
 File path: hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/http/BaseHttpServer.java
 ##########
 @@ -145,16 +146,19 @@ public BaseHttpServer(Configuration conf, String name) throws IOException {
       final InetSocketAddress httpsAddr, String name, String spnegoUserNameKey,
       String spnegoKeytabFileKey) throws IOException {
     HttpConfig.Policy policy = getHttpPolicy(conf);
+    boolean isSecurityEnabled = OzoneSecurityUtil.isSecurityEnabled(conf) &&
 
 Review comment:
   NIT: can we wrap this into OzoneSecurityUtil as isHttpSecurityEnabled?

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org