From 855462aa5a6a76e91c3ea3e14172658bc8da0bea Mon Sep 17 00:00:00 2001 From: Bharat Viswanadham Date: Thu, 8 Apr 2021 16:47:47 +0530 Subject: [PATCH 1/2] HDDS-5075. [SCM HA Security] Remove code of not starting ozone services when Security is enabled on SCM HA cluster. --- .../org/apache/hadoop/hdds/scm/ScmConfigKeys.java | 8 -------- .../apache/hadoop/ozone/HddsDatanodeService.java | 2 -- .../java/org/apache/hadoop/hdds/utils/HAUtils.java | 14 -------------- .../hdds/scm/server/StorageContainerManager.java | 4 ---- .../src/main/compose/ozonesecure-ha/docker-config | 1 - .../hadoop/ozone/TestOzoneConfigurationFields.java | 3 +-- .../hadoop/ozone/om/OzoneManagerStarter.java | 4 ---- .../org/apache/hadoop/ozone/recon/ReconServer.java | 2 -- 8 files changed, 1 insertion(+), 37 deletions(-) diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/ScmConfigKeys.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/ScmConfigKeys.java index 723712c4471f..e8c1b97f2248 100644 --- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/ScmConfigKeys.java +++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/ScmConfigKeys.java @@ -519,14 +519,6 @@ public final class ScmConfigKeys { public static final boolean HDDS_DATANODE_UPGRADE_LAYOUT_INLINE_DEFAULT = true; - - // Temporary config which will be used only for test only purposes until - // SCM HA Security work is completed. This config should not be modified by - // users. - public static final String OZONE_SCM_HA_SECURITY_SUPPORTED = - "hdds.scm.ha.security.enable"; - public static final boolean OZONE_SCM_HA_SECURITY_SUPPORTED_DEFAULT = false; - public static final String OZONE_SCM_INFO_WAIT_DURATION = "ozone.scm.info.wait.duration"; public static final long OZONE_SCM_INFO_WAIT_DURATION_DEFAULT = diff --git a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/HddsDatanodeService.java b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/HddsDatanodeService.java index 12f95c773e2f..47cbd04fdd98 100644 --- a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/HddsDatanodeService.java +++ b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/HddsDatanodeService.java @@ -69,7 +69,6 @@ import com.sun.jmx.mbeanserver.Introspector; import static org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec.getX509Certificate; import static org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest.getEncodedString; -import static org.apache.hadoop.hdds.utils.HAUtils.checkSecurityAndSCMHAEnabled; import static org.apache.hadoop.ozone.OzoneConfigKeys.HDDS_DATANODE_PLUGINS_KEY; import static org.apache.hadoop.util.ExitUtil.terminate; import org.bouncycastle.pkcs.PKCS10CertificationRequest; @@ -188,7 +187,6 @@ public void start(Object service) { public void start(OzoneConfiguration configuration) { setConfiguration(configuration); - checkSecurityAndSCMHAEnabled(conf); start(); } diff --git a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/utils/HAUtils.java b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/utils/HAUtils.java index f9f88eff5e48..0ed6037052e1 100644 --- a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/utils/HAUtils.java +++ b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/utils/HAUtils.java @@ -357,20 +357,6 @@ public static boolean isAccessControlException(Exception ex) { return false; } - public static void checkSecurityAndSCMHAEnabled(OzoneConfiguration conf) { - boolean enable = - conf.getBoolean(ScmConfigKeys.OZONE_SCM_HA_SECURITY_SUPPORTED, - ScmConfigKeys.OZONE_SCM_HA_SECURITY_SUPPORTED_DEFAULT); - if (OzoneSecurityUtil.isSecurityEnabled(conf) && !enable) { - List scmNodeInfo = SCMNodeInfo.buildNodeInfo(conf); - if (scmNodeInfo.size() > 1) { - System.err.println("Ozone Services cannot be started on a secure SCM " + - "HA enabled cluster"); - System.exit(1); - } - } - } - /** * Build CA list which need to be passed to client. * diff --git a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java index 0e0f95c3fa12..f904039cb504 100644 --- a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java +++ b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java @@ -143,7 +143,6 @@ import static org.apache.hadoop.hdds.scm.ScmConfigKeys.HDDS_SCM_WATCHER_TIMEOUT_DEFAULT; import static org.apache.hadoop.hdds.security.x509.certificate.authority.CertificateStore.CertType.VALID_CERTS; -import static org.apache.hadoop.hdds.utils.HAUtils.checkSecurityAndSCMHAEnabled; import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS_WILDCARD; import static org.apache.hadoop.ozone.OzoneConsts.CRL_SEQUENCE_ID_KEY; import static org.apache.hadoop.ozone.OzoneConsts.SCM_SUB_CA_PREFIX; @@ -270,8 +269,6 @@ private StorageContainerManager(OzoneConfiguration conf, Objects.requireNonNull(configurator, "configurator cannot not be null"); Objects.requireNonNull(conf, "configuration cannot not be null"); - checkSecurityAndSCMHAEnabled(conf); - scmHANodeDetails = SCMHANodeDetails.loadSCMHAConfig(conf); configuration = conf; @@ -895,7 +892,6 @@ public static boolean scmBootstrap(OzoneConfiguration conf) */ public static boolean scmInit(OzoneConfiguration conf, String clusterId) throws IOException { - checkSecurityAndSCMHAEnabled(conf); SCMStorageConfig scmStorageConfig = new SCMStorageConfig(conf); StorageState state = scmStorageConfig.getState(); final SCMHANodeDetails haDetails = SCMHANodeDetails.loadSCMHAConfig(conf); diff --git a/hadoop-ozone/dist/src/main/compose/ozonesecure-ha/docker-config b/hadoop-ozone/dist/src/main/compose/ozonesecure-ha/docker-config index c67e5799cba7..6e67b4072f7c 100644 --- a/hadoop-ozone/dist/src/main/compose/ozonesecure-ha/docker-config +++ b/hadoop-ozone/dist/src/main/compose/ozonesecure-ha/docker-config @@ -33,7 +33,6 @@ OZONE-SITE.XML_ozone.scm.address.scmservice.scm1=scm1.org OZONE-SITE.XML_ozone.scm.address.scmservice.scm2=scm2.org OZONE-SITE.XML_ozone.scm.address.scmservice.scm3=scm3.org OZONE-SITE.XML_ozone.scm.ratis.enable=true -OZONE-SITE.XML_hdds.scm.ha.security.enable=true OZONE-SITE.XML_ozone.om.volume.listall.allowed=false diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestOzoneConfigurationFields.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestOzoneConfigurationFields.java index 6301a5f64db8..53b1a99c799a 100644 --- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestOzoneConfigurationFields.java +++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestOzoneConfigurationFields.java @@ -86,8 +86,7 @@ private void addPropertiesNotInXml() { ReconServerConfigKeys.RECON_OM_SNAPSHOT_TASK_INTERVAL_DELAY, ReconServerConfigKeys.RECON_OM_SNAPSHOT_TASK_FLUSH_PARAM, OMConfigKeys.OZONE_OM_RATIS_SNAPSHOT_AUTO_TRIGGER_THRESHOLD_KEY, - OMConfigKeys.OZONE_OM_HA_PREFIX, - ScmConfigKeys.OZONE_SCM_HA_SECURITY_SUPPORTED + OMConfigKeys.OZONE_OM_HA_PREFIX // TODO HDDS-2856 )); } diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManagerStarter.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManagerStarter.java index e2afa5bd801e..99dc3e60dced 100644 --- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManagerStarter.java +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManagerStarter.java @@ -31,8 +31,6 @@ import java.io.IOException; -import static org.apache.hadoop.hdds.utils.HAUtils.checkSecurityAndSCMHAEnabled; - /** * This class provides a command line interface to start the OM * using Picocli. @@ -124,7 +122,6 @@ static class OMStarterHelper implements OMStarterInterface{ @Override public void start(OzoneConfiguration conf) throws IOException, AuthenticationException { - checkSecurityAndSCMHAEnabled(conf); OzoneManager om = OzoneManager.createOm(conf); om.start(); om.join(); @@ -133,7 +130,6 @@ public void start(OzoneConfiguration conf) throws IOException, @Override public boolean init(OzoneConfiguration conf) throws IOException, AuthenticationException { - checkSecurityAndSCMHAEnabled(conf); return OzoneManager.omInit(conf); } } diff --git a/hadoop-ozone/recon/src/main/java/org/apache/hadoop/ozone/recon/ReconServer.java b/hadoop-ozone/recon/src/main/java/org/apache/hadoop/ozone/recon/ReconServer.java index 596935f3cb7e..c2b1c5fdd1bd 100644 --- a/hadoop-ozone/recon/src/main/java/org/apache/hadoop/ozone/recon/ReconServer.java +++ b/hadoop-ozone/recon/src/main/java/org/apache/hadoop/ozone/recon/ReconServer.java @@ -20,7 +20,6 @@ import static org.apache.hadoop.hdds.recon.ReconConfig.ConfigStrings.OZONE_RECON_KERBEROS_KEYTAB_FILE_KEY; import static org.apache.hadoop.hdds.recon.ReconConfig.ConfigStrings.OZONE_RECON_KERBEROS_PRINCIPAL_KEY; -import static org.apache.hadoop.hdds.utils.HAUtils.checkSecurityAndSCMHAEnabled; import org.apache.hadoop.hdds.HddsUtils; import org.apache.hadoop.hdds.StringUtils; @@ -76,7 +75,6 @@ public Void call() throws Exception { ReconServer.class, originalArgs, LOG); configuration = createOzoneConfiguration(); - checkSecurityAndSCMHAEnabled(configuration); ConfigurationProvider.setConfiguration(configuration); injector = Guice.createInjector(new From 95dd3dfcf1a06b5667a8c0edd7e0e32916dd1907 Mon Sep 17 00:00:00 2001 From: Bharat Viswanadham Date: Thu, 8 Apr 2021 17:02:35 +0530 Subject: [PATCH 2/2] fix cs --- .../src/main/java/org/apache/hadoop/hdds/utils/HAUtils.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/utils/HAUtils.java b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/utils/HAUtils.java index 0ed6037052e1..df573104c57e 100644 --- a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/utils/HAUtils.java +++ b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/utils/HAUtils.java @@ -24,10 +24,8 @@ import org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetCertResponseProto; import org.apache.hadoop.hdds.protocolPB.SCMSecurityProtocolClientSideTranslatorPB; import org.apache.hadoop.hdds.scm.AddSCMRequest; -import org.apache.hadoop.hdds.scm.ScmConfigKeys; import org.apache.hadoop.hdds.scm.ScmInfo; import org.apache.hadoop.hdds.scm.ha.SCMHAUtils; -import org.apache.hadoop.hdds.scm.ha.SCMNodeInfo; import org.apache.hadoop.hdds.scm.protocol.ScmBlockLocationProtocol; import org.apache.hadoop.hdds.scm.protocol.StorageContainerLocationProtocol; import org.apache.hadoop.hdds.scm.protocolPB.ScmBlockLocationProtocolClientSideTranslatorPB;