Example 6 with SCMSecurityProtocolClientSideTranslatorPB
use of org.apache.hadoop.hdds.protocolPB.SCMSecurityProtocolClientSideTranslatorPB in project ozone by apache.
the class HAUtils method buildCAList.
/**
* Build CA list which need to be passed to client.
*
* If certificate client is null, obtain the list of CA using SCM security
* client, else it uses certificate client.
* @param certClient
* @param configuration
* @return list of CA
* @throws IOException
*/
public static List<String> buildCAList(CertificateClient certClient, ConfigurationSource configuration) throws IOException {
long waitDuration = configuration.getTimeDuration(OZONE_SCM_CA_LIST_RETRY_INTERVAL, OZONE_SCM_CA_LIST_RETRY_INTERVAL_DEFAULT, TimeUnit.SECONDS);
if (certClient != null) {
if (!SCMHAUtils.isSCMHAEnabled(configuration)) {
return generateCAList(certClient);
} else {
Collection<String> scmNodes = SCMHAUtils.getSCMNodeIds(configuration);
int expectedCount = scmNodes.size() + 1;
if (scmNodes.size() > 1) {
// First check if cert client has ca list initialized.
// This is being done, when this method is called multiple times we
// don't make call to SCM, we return from in-memory.
List<String> caCertPemList = certClient.getCAList();
if (caCertPemList != null && caCertPemList.size() == expectedCount) {
return caCertPemList;
}
return getCAListWithRetry(() -> waitForCACerts(certClient::updateCAList, expectedCount), waitDuration);
} else {
return generateCAList(certClient);
}
}
} else {
SCMSecurityProtocolClientSideTranslatorPB scmSecurityProtocolClient = HddsServerUtil.getScmSecurityClient(configuration);
if (!SCMHAUtils.isSCMHAEnabled(configuration)) {
List<String> caCertPemList = new ArrayList<>();
SCMGetCertResponseProto scmGetCertResponseProto = scmSecurityProtocolClient.getCACert();
if (scmGetCertResponseProto.hasX509Certificate()) {
caCertPemList.add(scmGetCertResponseProto.getX509Certificate());
}
if (scmGetCertResponseProto.hasX509RootCACertificate()) {
caCertPemList.add(scmGetCertResponseProto.getX509RootCACertificate());
}
return caCertPemList;
} else {
Collection<String> scmNodes = SCMHAUtils.getSCMNodeIds(configuration);
int expectedCount = scmNodes.size() + 1;
if (scmNodes.size() > 1) {
return getCAListWithRetry(() -> waitForCACerts(scmSecurityProtocolClient::listCACertificate, expectedCount), waitDuration);
} else {
return scmSecurityProtocolClient.listCACertificate();
}
}
}
}
Also used :
SCMSecurityProtocolClientSideTranslatorPB(org.apache.hadoop.hdds.protocolPB.SCMSecurityProtocolClientSideTranslatorPB)
SCMGetCertResponseProto(org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetCertResponseProto)
ArrayList(java.util.ArrayList)
Example 7 with SCMSecurityProtocolClientSideTranslatorPB
use of org.apache.hadoop.hdds.protocolPB.SCMSecurityProtocolClientSideTranslatorPB in project ozone by apache.
the class HddsServerUtil method getScmSecurityClientWithMaxRetry.
public static SCMSecurityProtocolClientSideTranslatorPB getScmSecurityClientWithMaxRetry(OzoneConfiguration conf) throws IOException {
// Certificate from SCM is required for DN startup to succeed, so retry
// for ever. In this way DN start up is resilient to SCM service running
// status.
OzoneConfiguration configuration = new OzoneConfiguration(conf);
SCMClientConfig scmClientConfig = conf.getObject(SCMClientConfig.class);
int retryCount = Integer.MAX_VALUE;
scmClientConfig.setRetryCount(retryCount);
configuration.setFromObject(scmClientConfig);
return new SCMSecurityProtocolClientSideTranslatorPB(new SCMSecurityProtocolFailoverProxyProvider(configuration, UserGroupInformation.getCurrentUser()));
}
Also used :
SCMClientConfig(org.apache.hadoop.hdds.scm.proxy.SCMClientConfig)
SCMSecurityProtocolClientSideTranslatorPB(org.apache.hadoop.hdds.protocolPB.SCMSecurityProtocolClientSideTranslatorPB)
SCMSecurityProtocolFailoverProxyProvider(org.apache.hadoop.hdds.scm.proxy.SCMSecurityProtocolFailoverProxyProvider)
OzoneConfiguration(org.apache.hadoop.hdds.conf.OzoneConfiguration)
DBCheckpoint(org.apache.hadoop.hdds.utils.db.DBCheckpoint)
Aggregations
SCMSecurityProtocolClientSideTranslatorPB (org.apache.hadoop.hdds.protocolPB.SCMSecurityProtocolClientSideTranslatorPB)7
IOException (java.io.IOException)4
CertificateException (java.security.cert.CertificateException)4
SCMGetCertResponseProto (org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetCertResponseProto)4
CertificateSignRequest.getEncodedString (org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest.getEncodedString)4
PKCS10CertificationRequest (org.bouncycastle.pkcs.PKCS10CertificationRequest)4
OzoneConfiguration (org.apache.hadoop.hdds.conf.OzoneConfiguration)2
SCMClientConfig (org.apache.hadoop.hdds.scm.proxy.SCMClientConfig)2
SCMSecurityProtocolFailoverProxyProvider (org.apache.hadoop.hdds.scm.proxy.SCMSecurityProtocolFailoverProxyProvider)2
DBCheckpoint (org.apache.hadoop.hdds.utils.db.DBCheckpoint)2
UncheckedIOException (java.io.UncheckedIOException)1
InetSocketAddress (java.net.InetSocketAddress)1
KeyPair (java.security.KeyPair)1
X509Certificate (java.security.cert.X509Certificate)1
ArrayList (java.util.ArrayList)1
HddsProtos (org.apache.hadoop.hdds.protocol.proto.HddsProtos)1
ScmNodeDetailsProto (org.apache.hadoop.hdds.protocol.proto.HddsProtos.ScmNodeDetailsProto)1
SCMSecurityProtocolProtos (org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos)1
SecurityConfig (org.apache.hadoop.hdds.security.x509.SecurityConfig)1
DNCertificateClient (org.apache.hadoop.hdds.security.x509.certificate.client.DNCertificateClient)1
