You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by xy...@apache.org on 2019/03/11 22:55:36 UTC

[hadoop] branch ozone-0.4 updated: HDDS-596. Add robot test for OM Block Token. Contributed by Ajay Kumar.

This is an automated email from the ASF dual-hosted git repository.

xyao pushed a commit to branch ozone-0.4
in repository https://gitbox.apache.org/repos/asf/hadoop.git


The following commit(s) were added to refs/heads/ozone-0.4 by this push:
     new 6028aef  HDDS-596. Add robot test for OM Block Token. Contributed by Ajay Kumar.
6028aef is described below

commit 6028aefb577f8e59f2af7590455845b767f353e5
Author: Ajay Yadav <78...@users.noreply.github.com>
AuthorDate: Mon Mar 11 15:01:04 2019 -0700

    HDDS-596. Add robot test for OM Block Token. Contributed by Ajay Kumar.
    
    This closes (#581)
    
    (cherry picked from commit 599e926d462134aa3235311feb27f3a8cdff6a51)
---
 .../certificate/authority/DefaultCAServer.java     | 28 +++++++++++++++++-----
 .../main/compose/ozonesecure/docker-compose.yaml   |  1 -
 .../src/main/compose/ozonesecure/docker-config     |  1 +
 .../src/main/smoketest/security/ozone-secure.robot |  5 ++--
 hadoop-ozone/dist/src/main/smoketest/test.sh       |  2 ++
 5 files changed, 28 insertions(+), 9 deletions(-)

diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/authority/DefaultCAServer.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/authority/DefaultCAServer.java
index 901c86c..54fb390 100644
--- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/authority/DefaultCAServer.java
+++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/authority/DefaultCAServer.java
@@ -224,12 +224,16 @@ public class DefaultCAServer implements CertificateServer {
         break;
       case KERBEROS_TRUSTED:
       case TESTING_AUTOMATIC:
-        X509CertificateHolder xcert = approver.sign(config,
-            getCAKeys().getPrivate(),
-            getCACertificate(), java.sql.Date.valueOf(beginDate),
-            java.sql.Date.valueOf(endDate), csr, scmID, clusterID);
-        store.storeValidCertificate(xcert.getSerialNumber(),
-            CertificateCodec.getX509Certificate(xcert));
+        X509CertificateHolder xcert;
+        try {
+          xcert = signAndStoreCertificate(beginDate, endDate, csr);
+        } catch (SCMSecurityException e) {
+          // Certificate with conflicting serial id, retry again may resolve
+          // this issue.
+          LOG.error("Certificate storage failed, retrying one more time.", e);
+          xcert = signAndStoreCertificate(beginDate, endDate, csr);
+        }
+
         xcertHolder.complete(xcert);
         break;
       default:
@@ -242,6 +246,18 @@ public class DefaultCAServer implements CertificateServer {
     return xcertHolder;
   }
 
+  private X509CertificateHolder signAndStoreCertificate(LocalDate beginDate, LocalDate endDate,
+      PKCS10CertificationRequest csr) throws IOException,
+      OperatorCreationException, CertificateException {
+    X509CertificateHolder xcert = approver.sign(config,
+        getCAKeys().getPrivate(),
+        getCACertificate(), java.sql.Date.valueOf(beginDate),
+        java.sql.Date.valueOf(endDate), csr, scmID, clusterID);
+    store.storeValidCertificate(xcert.getSerialNumber(),
+        CertificateCodec.getX509Certificate(xcert));
+    return xcert;
+  }
+
   @Override
   public Future<X509CertificateHolder> requestCertificate(String csr,
       CertificateApprover.ApprovalType type) throws IOException {
diff --git a/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-compose.yaml b/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-compose.yaml
index c005727..62b07b2 100644
--- a/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-compose.yaml
+++ b/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-compose.yaml
@@ -38,7 +38,6 @@ services:
     image: apache/hadoop-runner
     volumes:
       - ../..:/opt/hadoop
-    hostname: datanode
     ports:
       - 9864
     command: ["/opt/hadoop/bin/ozone","datanode"]
diff --git a/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-config b/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-config
index 5031e6c..2c7f816 100644
--- a/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-config
+++ b/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-config
@@ -23,6 +23,7 @@ OZONE-SITE.XML_ozone.scm.block.client.address=scm
 OZONE-SITE.XML_ozone.metadata.dirs=/data/metadata
 OZONE-SITE.XML_ozone.handler.type=distributed
 OZONE-SITE.XML_ozone.scm.client.address=scm
+OZONE-SITE.XML_hdds.block.token.enabled=true
 OZONE-SITE.XML_ozone.replication=1
 OZONE-SITE.XML_hdds.scm.kerberos.principal=scm/scm@EXAMPLE.COM
 OZONE-SITE.XML_hdds.scm.kerberos.keytab.file=/etc/security/keytabs/scm.keytab
diff --git a/hadoop-ozone/dist/src/main/smoketest/security/ozone-secure.robot b/hadoop-ozone/dist/src/main/smoketest/security/ozone-secure.robot
index 457ebaa..5031e00 100644
--- a/hadoop-ozone/dist/src/main/smoketest/security/ozone-secure.robot
+++ b/hadoop-ozone/dist/src/main/smoketest/security/ozone-secure.robot
@@ -23,7 +23,8 @@ Create volume and bucket
     ${rc}              ${output} =                 Run And Return Rc And Output              ozone sh volume create o3://om/fstest --user bilbo --quota 100TB --root
                         Should contain       ${output}       Client cannot authenticate via
                         # Authenticate testuser
-    Execute             kinit -k testuser/datanode@EXAMPLE.COM -t /etc/security/keytabs/testuser.keytab
+    ${hostname}=        Execute                    hostname
+    Execute             kinit -k testuser/${hostname}@EXAMPLE.COM -t /etc/security/keytabs/testuser.keytab
     Execute             ozone sh volume create o3://om/fstest --user bilbo --quota 100TB --root
     Execute             ozone sh volume create o3://om/fstest2 --user bilbo --quota 100TB --root
     Execute             ozone sh bucket create o3://om/fstest/bucket1
@@ -107,5 +108,5 @@ Run ozoneFS tests
                         Execute               ls -l GET.txt
     ${rc}  ${result} =  Run And Return Rc And Output        ozone fs -ls o3fs://abcde.pqrs/
                         Should Be Equal As Integers     ${rc}                1
-                        Should contain    ${result}         VOLUME_NOT_FOUND
+                        Should contain    ${result}         Volume pqrs is not found
 
diff --git a/hadoop-ozone/dist/src/main/smoketest/test.sh b/hadoop-ozone/dist/src/main/smoketest/test.sh
index 582fbdf..41da2f0 100755
--- a/hadoop-ozone/dist/src/main/smoketest/test.sh
+++ b/hadoop-ozone/dist/src/main/smoketest/test.sh
@@ -151,6 +151,8 @@ if [ "$RUN_ALL" = true ]; then
    execute_tests ozone-hdfs "${TESTS[@]}"
    TESTS=("s3")
    execute_tests ozones3 "${TESTS[@]}"
+   TESTS=("security")
+   execute_tests ozonesecure "${TESTS[@]}"
 else
    execute_tests "$DOCKERENV" "${POSITIONAL[@]}"
 fi


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org