You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ozone.apache.org by bh...@apache.org on 2021/07/28 06:50:36 UTC
[ozone] 03/03: fix docker tests and integration tests
This is an automated email from the ASF dual-hosted git repository.
bharat pushed a commit to branch HDDS-5501
in repository https://gitbox.apache.org/repos/asf/ozone.git
commit 13a0ac02568f94c443cc36c225b6c59f2fe84e2d
Author: Bharat Viswanadham <bh...@apache.org>
AuthorDate: Wed Jul 28 12:19:19 2021 +0530
fix docker tests and integration tests
---
.../common/src/main/resources/ozone-default.xml | 17 +++++++++++
.../java/org/apache/hadoop/ozone/s3/Gateway.java | 34 ++++++++++++----------
2 files changed, 35 insertions(+), 16 deletions(-)
diff --git a/hadoop-hdds/common/src/main/resources/ozone-default.xml b/hadoop-hdds/common/src/main/resources/ozone-default.xml
index 7c75b63..0e8f1c8 100644
--- a/hadoop-hdds/common/src/main/resources/ozone-default.xml
+++ b/hadoop-hdds/common/src/main/resources/ozone-default.xml
@@ -2807,4 +2807,21 @@
will not be allocated a pipeline or container replica.
</description>
</property>
+
+ <property>
+ <name>ozone.s3g.kerberos.keytab.file</name>
+ <value>/etc/security/keytabs/s3g.keytab</value>
+ <tag>OZONE, SECURITY, KERBEROS, S3GATEWAY</tag>
+ <description> The keytab file used by OzoneManager daemon to login as its
+ service principal. The principal name is configured with
+ ozone.om.kerberos.principal.
+ </description>
+ </property>
+ <property>
+ <name>ozone.s3g.kerberos.principal</name>
+ <value>s3g/_HOST@REALM</value>
+ <tag>OZONE, SECURITY, KERBEROS, S3GATEWAY</tag>
+ <description>The S3Gateway service principal.
+ Ex: s3g/_HOST@REALM.COM</description>
+ </property>
</configuration>
diff --git a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/Gateway.java b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/Gateway.java
index 7590802..6b6cad4 100644
--- a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/Gateway.java
+++ b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/Gateway.java
@@ -24,6 +24,7 @@ import org.apache.hadoop.hdds.cli.GenericCli;
import org.apache.hadoop.hdds.cli.HddsVersionProvider;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.tracing.TracingUtil;
+import org.apache.hadoop.ozone.OzoneSecurityUtil;
import org.apache.hadoop.ozone.util.OzoneVersionInfo;
import org.apache.hadoop.ozone.util.ShutdownHookManager;
@@ -92,24 +93,25 @@ public class Gateway extends GenericCli {
private static void loginS3GUser(OzoneConfiguration conf)
throws IOException, AuthenticationException {
-
- if (SecurityUtil.getAuthenticationMethod(conf).equals(
- UserGroupInformation.AuthenticationMethod.KERBEROS)) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("Ozone security is enabled. Attempting login for S3G user. "
- + "Principal: {}, keytab: {}",
- conf.get(OZONE_S3G_KERBEROS_PRINCIPAL_KEY),
- conf.get(OZONE_S3G_KERBEROS_KEYTAB_FILE_KEY));
+ if (OzoneSecurityUtil.isSecurityEnabled(conf)) {
+ if (SecurityUtil.getAuthenticationMethod(conf).equals(
+ UserGroupInformation.AuthenticationMethod.KERBEROS)) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Ozone security is enabled. Attempting login for S3G user. "
+ + "Principal: {}, keytab: {}",
+ conf.get(OZONE_S3G_KERBEROS_PRINCIPAL_KEY),
+ conf.get(OZONE_S3G_KERBEROS_KEYTAB_FILE_KEY));
+ }
+
+ SecurityUtil.login(conf, OZONE_S3G_KERBEROS_KEYTAB_FILE_KEY,
+ OZONE_S3G_KERBEROS_PRINCIPAL_KEY);
+ } else {
+ throw new AuthenticationException(SecurityUtil.getAuthenticationMethod(
+ conf) + " authentication method not supported. S3 user login "
+ + "failed.");
}
-
- SecurityUtil.login(conf, OZONE_S3G_KERBEROS_KEYTAB_FILE_KEY,
- OZONE_S3G_KERBEROS_PRINCIPAL_KEY);
- } else {
- throw new AuthenticationException(SecurityUtil.getAuthenticationMethod(
- conf) + " authentication method not supported. S3 user login "
- + "failed.");
+ LOG.info("S3Gateway login successful.");
}
- LOG.info("S3Gateway login successful.");
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@ozone.apache.org
For additional commands, e-mail: commits-help@ozone.apache.org