You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by xy...@apache.org on 2019/03/11 22:55:36 UTC
[hadoop] branch ozone-0.4 updated: HDDS-596. Add robot test for OM
Block Token. Contributed by Ajay Kumar.
This is an automated email from the ASF dual-hosted git repository.
xyao pushed a commit to branch ozone-0.4
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/ozone-0.4 by this push:
new 6028aef HDDS-596. Add robot test for OM Block Token. Contributed by Ajay Kumar.
6028aef is described below
commit 6028aefb577f8e59f2af7590455845b767f353e5
Author: Ajay Yadav <78...@users.noreply.github.com>
AuthorDate: Mon Mar 11 15:01:04 2019 -0700
HDDS-596. Add robot test for OM Block Token. Contributed by Ajay Kumar.
This closes (#581)
(cherry picked from commit 599e926d462134aa3235311feb27f3a8cdff6a51)
---
.../certificate/authority/DefaultCAServer.java | 28 +++++++++++++++++-----
.../main/compose/ozonesecure/docker-compose.yaml | 1 -
.../src/main/compose/ozonesecure/docker-config | 1 +
.../src/main/smoketest/security/ozone-secure.robot | 5 ++--
hadoop-ozone/dist/src/main/smoketest/test.sh | 2 ++
5 files changed, 28 insertions(+), 9 deletions(-)
diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/authority/DefaultCAServer.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/authority/DefaultCAServer.java
index 901c86c..54fb390 100644
--- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/authority/DefaultCAServer.java
+++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/authority/DefaultCAServer.java
@@ -224,12 +224,16 @@ public class DefaultCAServer implements CertificateServer {
break;
case KERBEROS_TRUSTED:
case TESTING_AUTOMATIC:
- X509CertificateHolder xcert = approver.sign(config,
- getCAKeys().getPrivate(),
- getCACertificate(), java.sql.Date.valueOf(beginDate),
- java.sql.Date.valueOf(endDate), csr, scmID, clusterID);
- store.storeValidCertificate(xcert.getSerialNumber(),
- CertificateCodec.getX509Certificate(xcert));
+ X509CertificateHolder xcert;
+ try {
+ xcert = signAndStoreCertificate(beginDate, endDate, csr);
+ } catch (SCMSecurityException e) {
+ // Certificate with conflicting serial id, retry again may resolve
+ // this issue.
+ LOG.error("Certificate storage failed, retrying one more time.", e);
+ xcert = signAndStoreCertificate(beginDate, endDate, csr);
+ }
+
xcertHolder.complete(xcert);
break;
default:
@@ -242,6 +246,18 @@ public class DefaultCAServer implements CertificateServer {
return xcertHolder;
}
+ private X509CertificateHolder signAndStoreCertificate(LocalDate beginDate, LocalDate endDate,
+ PKCS10CertificationRequest csr) throws IOException,
+ OperatorCreationException, CertificateException {
+ X509CertificateHolder xcert = approver.sign(config,
+ getCAKeys().getPrivate(),
+ getCACertificate(), java.sql.Date.valueOf(beginDate),
+ java.sql.Date.valueOf(endDate), csr, scmID, clusterID);
+ store.storeValidCertificate(xcert.getSerialNumber(),
+ CertificateCodec.getX509Certificate(xcert));
+ return xcert;
+ }
+
@Override
public Future<X509CertificateHolder> requestCertificate(String csr,
CertificateApprover.ApprovalType type) throws IOException {
diff --git a/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-compose.yaml b/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-compose.yaml
index c005727..62b07b2 100644
--- a/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-compose.yaml
+++ b/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-compose.yaml
@@ -38,7 +38,6 @@ services:
image: apache/hadoop-runner
volumes:
- ../..:/opt/hadoop
- hostname: datanode
ports:
- 9864
command: ["/opt/hadoop/bin/ozone","datanode"]
diff --git a/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-config b/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-config
index 5031e6c..2c7f816 100644
--- a/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-config
+++ b/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-config
@@ -23,6 +23,7 @@ OZONE-SITE.XML_ozone.scm.block.client.address=scm
OZONE-SITE.XML_ozone.metadata.dirs=/data/metadata
OZONE-SITE.XML_ozone.handler.type=distributed
OZONE-SITE.XML_ozone.scm.client.address=scm
+OZONE-SITE.XML_hdds.block.token.enabled=true
OZONE-SITE.XML_ozone.replication=1
OZONE-SITE.XML_hdds.scm.kerberos.principal=scm/scm@EXAMPLE.COM
OZONE-SITE.XML_hdds.scm.kerberos.keytab.file=/etc/security/keytabs/scm.keytab
diff --git a/hadoop-ozone/dist/src/main/smoketest/security/ozone-secure.robot b/hadoop-ozone/dist/src/main/smoketest/security/ozone-secure.robot
index 457ebaa..5031e00 100644
--- a/hadoop-ozone/dist/src/main/smoketest/security/ozone-secure.robot
+++ b/hadoop-ozone/dist/src/main/smoketest/security/ozone-secure.robot
@@ -23,7 +23,8 @@ Create volume and bucket
${rc} ${output} = Run And Return Rc And Output ozone sh volume create o3://om/fstest --user bilbo --quota 100TB --root
Should contain ${output} Client cannot authenticate via
# Authenticate testuser
- Execute kinit -k testuser/datanode@EXAMPLE.COM -t /etc/security/keytabs/testuser.keytab
+ ${hostname}= Execute hostname
+ Execute kinit -k testuser/${hostname}@EXAMPLE.COM -t /etc/security/keytabs/testuser.keytab
Execute ozone sh volume create o3://om/fstest --user bilbo --quota 100TB --root
Execute ozone sh volume create o3://om/fstest2 --user bilbo --quota 100TB --root
Execute ozone sh bucket create o3://om/fstest/bucket1
@@ -107,5 +108,5 @@ Run ozoneFS tests
Execute ls -l GET.txt
${rc} ${result} = Run And Return Rc And Output ozone fs -ls o3fs://abcde.pqrs/
Should Be Equal As Integers ${rc} 1
- Should contain ${result} VOLUME_NOT_FOUND
+ Should contain ${result} Volume pqrs is not found
diff --git a/hadoop-ozone/dist/src/main/smoketest/test.sh b/hadoop-ozone/dist/src/main/smoketest/test.sh
index 582fbdf..41da2f0 100755
--- a/hadoop-ozone/dist/src/main/smoketest/test.sh
+++ b/hadoop-ozone/dist/src/main/smoketest/test.sh
@@ -151,6 +151,8 @@ if [ "$RUN_ALL" = true ]; then
execute_tests ozone-hdfs "${TESTS[@]}"
TESTS=("s3")
execute_tests ozones3 "${TESTS[@]}"
+ TESTS=("security")
+ execute_tests ozonesecure "${TESTS[@]}"
else
execute_tests "$DOCKERENV" "${POSITIONAL[@]}"
fi
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org