You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ozone.apache.org by bh...@apache.org on 2021/07/28 06:50:36 UTC

[ozone] 03/03: fix docker tests and integration tests

This is an automated email from the ASF dual-hosted git repository.

bharat pushed a commit to branch HDDS-5501
in repository https://gitbox.apache.org/repos/asf/ozone.git

commit 13a0ac02568f94c443cc36c225b6c59f2fe84e2d
Author: Bharat Viswanadham <bh...@apache.org>
AuthorDate: Wed Jul 28 12:19:19 2021 +0530

    fix docker tests and integration tests
---
 .../common/src/main/resources/ozone-default.xml    | 17 +++++++++++
 .../java/org/apache/hadoop/ozone/s3/Gateway.java   | 34 ++++++++++++----------
 2 files changed, 35 insertions(+), 16 deletions(-)

diff --git a/hadoop-hdds/common/src/main/resources/ozone-default.xml b/hadoop-hdds/common/src/main/resources/ozone-default.xml
index 7c75b63..0e8f1c8 100644
--- a/hadoop-hdds/common/src/main/resources/ozone-default.xml
+++ b/hadoop-hdds/common/src/main/resources/ozone-default.xml
@@ -2807,4 +2807,21 @@
       will not be allocated a pipeline or container replica.
     </description>
   </property>
+
+  <property>
+    <name>ozone.s3g.kerberos.keytab.file</name>
+    <value>/etc/security/keytabs/s3g.keytab</value>
+    <tag>OZONE, SECURITY, KERBEROS, S3GATEWAY</tag>
+    <description> The keytab file used by OzoneManager daemon to login as its
+      service principal. The principal name is configured with
+      ozone.om.kerberos.principal.
+    </description>
+  </property>
+  <property>
+    <name>ozone.s3g.kerberos.principal</name>
+    <value>s3g/_HOST@REALM</value>
+    <tag>OZONE, SECURITY, KERBEROS, S3GATEWAY</tag>
+    <description>The S3Gateway service principal.
+      Ex: s3g/_HOST@REALM.COM</description>
+  </property>
 </configuration>
diff --git a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/Gateway.java b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/Gateway.java
index 7590802..6b6cad4 100644
--- a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/Gateway.java
+++ b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/Gateway.java
@@ -24,6 +24,7 @@ import org.apache.hadoop.hdds.cli.GenericCli;
 import org.apache.hadoop.hdds.cli.HddsVersionProvider;
 import org.apache.hadoop.hdds.conf.OzoneConfiguration;
 import org.apache.hadoop.hdds.tracing.TracingUtil;
+import org.apache.hadoop.ozone.OzoneSecurityUtil;
 import org.apache.hadoop.ozone.util.OzoneVersionInfo;
 
 import org.apache.hadoop.ozone.util.ShutdownHookManager;
@@ -92,24 +93,25 @@ public class Gateway extends GenericCli {
 
   private static void loginS3GUser(OzoneConfiguration conf)
       throws IOException, AuthenticationException {
-
-    if (SecurityUtil.getAuthenticationMethod(conf).equals(
-        UserGroupInformation.AuthenticationMethod.KERBEROS)) {
-      if (LOG.isDebugEnabled()) {
-        LOG.debug("Ozone security is enabled. Attempting login for S3G user. "
-                + "Principal: {}, keytab: {}",
-            conf.get(OZONE_S3G_KERBEROS_PRINCIPAL_KEY),
-            conf.get(OZONE_S3G_KERBEROS_KEYTAB_FILE_KEY));
+    if (OzoneSecurityUtil.isSecurityEnabled(conf)) {
+      if (SecurityUtil.getAuthenticationMethod(conf).equals(
+          UserGroupInformation.AuthenticationMethod.KERBEROS)) {
+        if (LOG.isDebugEnabled()) {
+          LOG.debug("Ozone security is enabled. Attempting login for S3G user. "
+                  + "Principal: {}, keytab: {}",
+              conf.get(OZONE_S3G_KERBEROS_PRINCIPAL_KEY),
+              conf.get(OZONE_S3G_KERBEROS_KEYTAB_FILE_KEY));
+        }
+
+        SecurityUtil.login(conf, OZONE_S3G_KERBEROS_KEYTAB_FILE_KEY,
+            OZONE_S3G_KERBEROS_PRINCIPAL_KEY);
+      } else {
+        throw new AuthenticationException(SecurityUtil.getAuthenticationMethod(
+            conf) + " authentication method not supported. S3 user login "
+            + "failed.");
       }
-
-      SecurityUtil.login(conf, OZONE_S3G_KERBEROS_KEYTAB_FILE_KEY,
-          OZONE_S3G_KERBEROS_PRINCIPAL_KEY);
-    } else {
-      throw new AuthenticationException(SecurityUtil.getAuthenticationMethod(
-          conf) + " authentication method not supported. S3 user login "
-          + "failed.");
+      LOG.info("S3Gateway login successful.");
     }
-    LOG.info("S3Gateway login successful.");
   }
 
 }

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@ozone.apache.org
For additional commands, e-mail: commits-help@ozone.apache.org