use of org.apache.hadoop.hdds.security.x509.certificate.client.DNCertificateClient in project ozone by apache.
the class TestDefaultCertificateClient method testCertificateLoadingOnInit.
@Test
public void testCertificateLoadingOnInit() throws Exception {
KeyPair keyPair = keyGenerator.generateKey();
X509Certificate cert1 = generateX509Cert(keyPair);
X509Certificate cert2 = generateX509Cert(keyPair);
X509Certificate cert3 = generateX509Cert(keyPair);
Path certPath = dnSecurityConfig.getCertificateLocation(DN_COMPONENT);
CertificateCodec codec = new CertificateCodec(dnSecurityConfig, DN_COMPONENT);
// Certificate not found.
LambdaTestUtils.intercept(CertificateException.class, "Error while" + " getting certificate", () -> dnCertClient.getCertificate(cert1.getSerialNumber().toString()));
LambdaTestUtils.intercept(CertificateException.class, "Error while" + " getting certificate", () -> dnCertClient.getCertificate(cert2.getSerialNumber().toString()));
LambdaTestUtils.intercept(CertificateException.class, "Error while" + " getting certificate", () -> dnCertClient.getCertificate(cert3.getSerialNumber().toString()));
codec.writeCertificate(certPath, "1.crt", getPEMEncodedString(cert1), true);
codec.writeCertificate(certPath, "2.crt", getPEMEncodedString(cert2), true);
codec.writeCertificate(certPath, "3.crt", getPEMEncodedString(cert3), true);
// Re instantiate DN client which will load certificates from filesystem.
dnCertClient = new DNCertificateClient(dnSecurityConfig, certSerialId);
assertNotNull(dnCertClient.getCertificate(cert1.getSerialNumber().toString()));
assertNotNull(dnCertClient.getCertificate(cert2.getSerialNumber().toString()));
assertNotNull(dnCertClient.getCertificate(cert3.getSerialNumber().toString()));
}
use of org.apache.hadoop.hdds.security.x509.certificate.client.DNCertificateClient in project ozone by apache.
the class TestCertificateClientInit method setUp.
@Before
public void setUp() throws Exception {
OzoneConfiguration config = new OzoneConfiguration();
final String path = GenericTestUtils.getTempPath(UUID.randomUUID().toString());
metaDirPath = Paths.get(path, "test");
config.set(HDDS_METADATA_DIR_NAME, metaDirPath.toString());
securityConfig = new SecurityConfig(config);
keyGenerator = new HDDSKeyGenerator(securityConfig);
keyPair = keyGenerator.generateKey();
x509Certificate = getX509Certificate();
certSerialId = x509Certificate.getSerialNumber().toString();
dnCertificateClient = new DNCertificateClient(securityConfig, certSerialId);
omCertificateClient = new OMCertificateClient(securityConfig, certSerialId);
dnKeyCodec = new KeyCodec(securityConfig, DN_COMPONENT);
omKeyCodec = new KeyCodec(securityConfig, OM_COMPONENT);
Files.createDirectories(securityConfig.getKeyLocation(DN_COMPONENT));
Files.createDirectories(securityConfig.getKeyLocation(OM_COMPONENT));
}
use of org.apache.hadoop.hdds.security.x509.certificate.client.DNCertificateClient in project ozone by apache.
the class TestHddsSecureDatanodeInit method setUpDNCertClient.
@Before
public void setUpDNCertClient() {
FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(DN_COMPONENT).toString(), securityConfig.getPrivateKeyFileName()).toFile());
FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(DN_COMPONENT).toString(), securityConfig.getPublicKeyFileName()).toFile());
FileUtils.deleteQuietly(Paths.get(securityConfig.getCertificateLocation(DN_COMPONENT).toString(), securityConfig.getCertificateFileName()).toFile());
dnLogs.clearOutput();
client = new DNCertificateClient(securityConfig, certHolder.getSerialNumber().toString());
service.setCertificateClient(client);
}
use of org.apache.hadoop.hdds.security.x509.certificate.client.DNCertificateClient in project ozone by apache.
the class TestContainerServer method setup.
@BeforeClass
public static void setup() {
CONF.set(HddsConfigKeys.HDDS_METADATA_DIR_NAME, TEST_DIR);
caClient = new DNCertificateClient(new SecurityConfig(CONF));
}
use of org.apache.hadoop.hdds.security.x509.certificate.client.DNCertificateClient in project ozone by apache.
the class HddsDatanodeService method start.
public void start() {
serviceRuntimeInfo.setStartTime();
RatisDropwizardExports.registerRatisMetricReporters(ratisMetricsMap);
OzoneConfiguration.activate();
HddsServerUtil.initializeMetrics(conf, "HddsDatanode");
try {
String hostname = HddsUtils.getHostName(conf);
String ip = InetAddress.getByName(hostname).getHostAddress();
datanodeDetails = initializeDatanodeDetails();
datanodeDetails.setHostName(hostname);
datanodeDetails.setIpAddress(ip);
datanodeDetails.setVersion(HddsVersionInfo.HDDS_VERSION_INFO.getVersion());
datanodeDetails.setSetupTime(Time.now());
datanodeDetails.setRevision(HddsVersionInfo.HDDS_VERSION_INFO.getRevision());
datanodeDetails.setBuildDate(HddsVersionInfo.HDDS_VERSION_INFO.getDate());
datanodeDetails.setCurrentVersion(DatanodeVersions.CURRENT_VERSION);
TracingUtil.initTracing("HddsDatanodeService." + datanodeDetails.getUuidString().substring(0, 8), conf);
LOG.info("HddsDatanodeService host:{} ip:{}", hostname, ip);
// Authenticate Hdds Datanode service if security is enabled
if (OzoneSecurityUtil.isSecurityEnabled(conf)) {
component = "dn-" + datanodeDetails.getUuidString();
dnCertClient = new DNCertificateClient(new SecurityConfig(conf), datanodeDetails.getCertSerialId());
if (SecurityUtil.getAuthenticationMethod(conf).equals(UserGroupInformation.AuthenticationMethod.KERBEROS)) {
LOG.info("Ozone security is enabled. Attempting login for Hdds " + "Datanode user. Principal: {},keytab: {}", conf.get(DFSConfigKeysLegacy.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY), conf.get(DFSConfigKeysLegacy.DFS_DATANODE_KERBEROS_KEYTAB_FILE_KEY));
UserGroupInformation.setConfiguration(conf);
SecurityUtil.login(conf, DFSConfigKeysLegacy.DFS_DATANODE_KERBEROS_KEYTAB_FILE_KEY, DFSConfigKeysLegacy.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY, hostname);
} else {
throw new AuthenticationException(SecurityUtil.getAuthenticationMethod(conf) + " authentication method not " + "supported. Datanode user" + " login " + "failed.");
}
LOG.info("Hdds Datanode login successful.");
}
DatanodeLayoutStorage layoutStorage = new DatanodeLayoutStorage(conf, datanodeDetails.getUuidString());
if (layoutStorage.getState() != INITIALIZED) {
layoutStorage.initialize();
}
// initialize datanode CRL store
dnCRLStore = new DatanodeCRLStoreImpl(conf);
if (OzoneSecurityUtil.isSecurityEnabled(conf)) {
initializeCertificateClient(conf);
}
datanodeStateMachine = new DatanodeStateMachine(datanodeDetails, conf, dnCertClient, this::terminateDatanode, dnCRLStore);
try {
httpServer = new HddsDatanodeHttpServer(conf);
httpServer.start();
} catch (Exception ex) {
LOG.error("HttpServer failed to start.", ex);
}
startPlugins();
// Starting HDDS Daemons
datanodeStateMachine.startDaemon();
if ("follower".equalsIgnoreCase(System.getenv("OZONE_DATANODE_STANDALONE_TEST"))) {
startRatisForTest();
}
registerMXBean();
} catch (IOException e) {
throw new RuntimeException("Can't start the HDDS datanode plugin", e);
} catch (AuthenticationException ex) {
throw new RuntimeException("Fail to authentication when starting" + " HDDS datanode plugin", ex);
}
}
Aggregations