Search in sources :

Example 1 with DatanodeCRLStoreImpl

use of org.apache.hadoop.hdds.datanode.metadata.DatanodeCRLStoreImpl in project ozone by apache.

the class HddsDatanodeService method start.

public void start() {
    serviceRuntimeInfo.setStartTime();
    RatisDropwizardExports.registerRatisMetricReporters(ratisMetricsMap);
    OzoneConfiguration.activate();
    HddsServerUtil.initializeMetrics(conf, "HddsDatanode");
    try {
        String hostname = HddsUtils.getHostName(conf);
        String ip = InetAddress.getByName(hostname).getHostAddress();
        datanodeDetails = initializeDatanodeDetails();
        datanodeDetails.setHostName(hostname);
        datanodeDetails.setIpAddress(ip);
        datanodeDetails.setVersion(HddsVersionInfo.HDDS_VERSION_INFO.getVersion());
        datanodeDetails.setSetupTime(Time.now());
        datanodeDetails.setRevision(HddsVersionInfo.HDDS_VERSION_INFO.getRevision());
        datanodeDetails.setBuildDate(HddsVersionInfo.HDDS_VERSION_INFO.getDate());
        datanodeDetails.setCurrentVersion(DatanodeVersions.CURRENT_VERSION);
        TracingUtil.initTracing("HddsDatanodeService." + datanodeDetails.getUuidString().substring(0, 8), conf);
        LOG.info("HddsDatanodeService host:{} ip:{}", hostname, ip);
        // Authenticate Hdds Datanode service if security is enabled
        if (OzoneSecurityUtil.isSecurityEnabled(conf)) {
            component = "dn-" + datanodeDetails.getUuidString();
            dnCertClient = new DNCertificateClient(new SecurityConfig(conf), datanodeDetails.getCertSerialId());
            if (SecurityUtil.getAuthenticationMethod(conf).equals(UserGroupInformation.AuthenticationMethod.KERBEROS)) {
                LOG.info("Ozone security is enabled. Attempting login for Hdds " + "Datanode user. Principal: {},keytab: {}", conf.get(DFSConfigKeysLegacy.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY), conf.get(DFSConfigKeysLegacy.DFS_DATANODE_KERBEROS_KEYTAB_FILE_KEY));
                UserGroupInformation.setConfiguration(conf);
                SecurityUtil.login(conf, DFSConfigKeysLegacy.DFS_DATANODE_KERBEROS_KEYTAB_FILE_KEY, DFSConfigKeysLegacy.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY, hostname);
            } else {
                throw new AuthenticationException(SecurityUtil.getAuthenticationMethod(conf) + " authentication method not " + "supported. Datanode user" + " login " + "failed.");
            }
            LOG.info("Hdds Datanode login successful.");
        }
        DatanodeLayoutStorage layoutStorage = new DatanodeLayoutStorage(conf, datanodeDetails.getUuidString());
        if (layoutStorage.getState() != INITIALIZED) {
            layoutStorage.initialize();
        }
        // initialize datanode CRL store
        dnCRLStore = new DatanodeCRLStoreImpl(conf);
        if (OzoneSecurityUtil.isSecurityEnabled(conf)) {
            initializeCertificateClient(conf);
        }
        datanodeStateMachine = new DatanodeStateMachine(datanodeDetails, conf, dnCertClient, this::terminateDatanode, dnCRLStore);
        try {
            httpServer = new HddsDatanodeHttpServer(conf);
            httpServer.start();
        } catch (Exception ex) {
            LOG.error("HttpServer failed to start.", ex);
        }
        startPlugins();
        // Starting HDDS Daemons
        datanodeStateMachine.startDaemon();
        if ("follower".equalsIgnoreCase(System.getenv("OZONE_DATANODE_STANDALONE_TEST"))) {
            startRatisForTest();
        }
        registerMXBean();
    } catch (IOException e) {
        throw new RuntimeException("Can't start the HDDS datanode plugin", e);
    } catch (AuthenticationException ex) {
        throw new RuntimeException("Fail to authentication when starting" + " HDDS datanode plugin", ex);
    }
}
Also used : DNCertificateClient(org.apache.hadoop.hdds.security.x509.certificate.client.DNCertificateClient) SecurityConfig(org.apache.hadoop.hdds.security.x509.SecurityConfig) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) DatanodeLayoutStorage(org.apache.hadoop.ozone.container.common.DatanodeLayoutStorage) DatanodeStateMachine(org.apache.hadoop.ozone.container.common.statemachine.DatanodeStateMachine) CertificateSignRequest.getEncodedString(org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest.getEncodedString) IOException(java.io.IOException) DatanodeCRLStoreImpl(org.apache.hadoop.hdds.datanode.metadata.DatanodeCRLStoreImpl) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException)

Aggregations

IOException (java.io.IOException)1 CertificateException (java.security.cert.CertificateException)1 DatanodeCRLStoreImpl (org.apache.hadoop.hdds.datanode.metadata.DatanodeCRLStoreImpl)1 SecurityConfig (org.apache.hadoop.hdds.security.x509.SecurityConfig)1 DNCertificateClient (org.apache.hadoop.hdds.security.x509.certificate.client.DNCertificateClient)1 CertificateSignRequest.getEncodedString (org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest.getEncodedString)1 DatanodeLayoutStorage (org.apache.hadoop.ozone.container.common.DatanodeLayoutStorage)1 DatanodeStateMachine (org.apache.hadoop.ozone.container.common.statemachine.DatanodeStateMachine)1 AuthenticationException (org.apache.hadoop.security.authentication.client.AuthenticationException)1