You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by el...@apache.org on 2018/08/15 08:55:07 UTC
hadoop git commit: HADOOP-15456. create base image for running secure
ozone cluster. Contributed by Ajay Kumar.
Repository: hadoop
Updated Branches:
refs/heads/docker-hadoop-runner a63c65476 -> 44f08ef7c
HADOOP-15456. create base image for running secure ozone cluster. Contributed by Ajay Kumar.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/44f08ef7
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/44f08ef7
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/44f08ef7
Branch: refs/heads/docker-hadoop-runner
Commit: 44f08ef7c28bddfc98d84bb2f5a5c73985caa3c9
Parents: a63c654
Author: Márton Elek <el...@apache.org>
Authored: Wed Aug 15 10:53:15 2018 +0200
Committer: Márton Elek <el...@apache.org>
Committed: Wed Aug 15 10:54:04 2018 +0200
----------------------------------------------------------------------
Dockerfile | 5 +++--
scripts/krb5.conf | 41 +++++++++++++++++++++++++++++++++++++++++
scripts/starter.sh | 34 +++++++++++++++++++++++++++++++---
scripts/transformation.py | 0
4 files changed, 75 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/44f08ef7/Dockerfile
----------------------------------------------------------------------
diff --git a/Dockerfile b/Dockerfile
index 28956097..11e6da8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,11 +18,12 @@ FROM openjdk:8-jdk
RUN apt-get update && apt-get install -y jq curl python sudo && apt-get clean
RUN wget -O /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.0/dumb-init_1.2.0_amd64
RUN chmod +x /usr/local/bin/dumb-init
-
+RUN mkdir -p /etc/security/keytabs && chmod -R a+wr /etc/security/keytabs
ENV JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/
ENV PATH $PATH:/opt/hadoop/bin
-
+RUN apt-get install -y jsvc
+ENV JSVC_HOME=/usr/bin
RUN addgroup --gid 1000 hadoop
RUN adduser --disabled-password --gecos "" --uid 1000 hadoop --gid 100 --home /opt/hadoop
http://git-wip-us.apache.org/repos/asf/hadoop/blob/44f08ef7/scripts/krb5.conf
----------------------------------------------------------------------
diff --git a/scripts/krb5.conf b/scripts/krb5.conf
new file mode 100644
index 0000000..0e03a6f
--- /dev/null
+++ b/scripts/krb5.conf
@@ -0,0 +1,41 @@
+##
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##
+
+[logging]
+default = FILE:/var/log/krb5libs.log
+kdc = FILE:/var/log/krb5kdc.log
+admin_server = FILE:/var/log/kadmind.log
+
+[libdefaults]
+ dns_canonicalize_hostname = false
+ dns_lookup_realm = false
+ ticket_lifetime = 24h
+ renew_lifetime = 7d
+ forwardable = true
+ rdns = false
+ default_realm = EXAMPLE.COM
+
+[realms]
+ EXAMPLE.COM = {
+ kdc = SERVER
+ admin_server = SERVER
+ }
+
+[domain_realm]
+ .example.com = EXAMPLE.COM
+ example.com = EXAMPLE.COM
http://git-wip-us.apache.org/repos/asf/hadoop/blob/44f08ef7/scripts/starter.sh
----------------------------------------------------------------------
diff --git a/scripts/starter.sh b/scripts/starter.sh
index 7c51826..90fdc92 100755
--- a/scripts/starter.sh
+++ b/scripts/starter.sh
@@ -24,12 +24,43 @@ sudo chmod o+rwx /data
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
$DIR/envtoconf.py --destination /opt/hadoop/etc/hadoop
+echo "Setting up environment!"
if [ -n "$SLEEP_SECONDS" ]; then
echo "Sleeping for $SLEEP_SECONDS seconds"
sleep $SLEEP_SECONDS
fi
+if [ -n "$KERBEROS_ENABLED" ]; then
+ echo "Setting up kerberos!!"
+ KERBEROS_SERVER=${KERBEROS_SERVER:-krb5}
+ ISSUER_SERVER=${ISSUER_SERVER:-$KERBEROS_SERVER\:8081}
+ echo "KDC ISSUER_SERVER => $ISSUER_SERVER"
+
+ while true
+ do
+ STATUS=$(curl -s -o /dev/null -w '%{http_code}' http://$ISSUER_SERVER/keytab/test/test)
+ if [ $STATUS -eq 200 ]; then
+ echo "Got 200, KDC service ready!!"
+ break
+ else
+ echo "Got $STATUS :( KDC service not ready yet..."
+ fi
+ sleep 5
+ done
+
+ export HOST_NAME=`hostname -f`
+ for NAME in ${KERBEROS_KEYTABS}; do
+ echo "Download $NAME/$HOSTNAME@EXAMPLE.COM keytab file to $CONF_DIR/$NAME.keytab"
+ wget http://$ISSUER_SERVER/keytab/$HOST_NAME/$NAME -O $CONF_DIR/$NAME.keytab
+ KERBEROS_ENABLED=true
+ done
+
+ cat $DIR/krb5.conf | sed "s/SERVER/$KERBEROS_SERVER/g" | sudo tee /etc/krb5.conf
+fi
+
+#To avoid docker volume permission problems
+sudo chmod o+rwx /data
if [ -n "$ENSURE_NAMENODE_DIR" ]; then
CLUSTERID_OPTS=""
@@ -41,14 +72,12 @@ if [ -n "$ENSURE_NAMENODE_DIR" ]; then
fi
fi
-
if [ -n "$ENSURE_STANDBY_NAMENODE_DIR" ]; then
if [ ! -d "$ENSURE_STANDBY_NAMENODE_DIR" ]; then
/opt/hadoop/bin/hdfs namenode -bootstrapStandby
fi
fi
-
if [ -n "$ENSURE_SCM_INITIALIZED" ]; then
if [ ! -f "$ENSURE_SCM_INITIALIZED" ]; then
/opt/hadoop/bin/ozone scm -init
@@ -80,5 +109,4 @@ if [ -n "$ENSURE_KSM_INITIALIZED" ]; then
fi
fi
-
$@
http://git-wip-us.apache.org/repos/asf/hadoop/blob/44f08ef7/scripts/transformation.py
----------------------------------------------------------------------
diff --git a/scripts/transformation.py b/scripts/transformation.py
old mode 100644
new mode 100755
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org