Examples with ReconCertificateClient - org.apache.hadoop.hdds.security.x509.certificate.client.ReconCertificateClient

Example 1 with ReconCertificateClient

use of org.apache.hadoop.hdds.security.x509.certificate.client.ReconCertificateClient in project ozone by apache.

the class StorageContainerServiceProviderImpl method getSCMDBSnapshot.

public DBCheckpoint getSCMDBSnapshot() {
    String snapshotFileName = RECON_SCM_SNAPSHOT_DB + "_" + System.currentTimeMillis();
    File targetFile = new File(scmSnapshotDBParentDir, snapshotFileName + ".tar.gz");
    try {
        if (!SCMHAUtils.isSCMHAEnabled(configuration)) {
            SecurityUtil.doAsLoginUser(() -> {
                try (InputStream inputStream = reconUtils.makeHttpCall(connectionFactory, getScmDBSnapshotUrl(), isOmSpnegoEnabled()).getInputStream()) {
                    FileUtils.copyInputStreamToFile(inputStream, targetFile);
                }
                return null;
            });
            LOG.info("Downloaded SCM Snapshot from SCM");
        } else {
            List<String> ratisRoles = scmClient.getScmInfo().getRatisPeerRoles();
            for (String ratisRole : ratisRoles) {
                String[] role = ratisRole.split(":");
                if (role[2].equals(RaftProtos.RaftPeerRole.LEADER.toString())) {
                    String hostAddress = role[4].trim();
                    int grpcPort = configuration.getInt(ScmConfigKeys.OZONE_SCM_GRPC_PORT_KEY, ScmConfigKeys.OZONE_SCM_GRPC_PORT_DEFAULT);
                    try (SCMSnapshotDownloader downloadClient = new InterSCMGrpcClient(hostAddress, grpcPort, configuration, new ReconCertificateClient(new SecurityConfig(configuration), reconStorage.getReconCertSerialId()))) {
                        downloadClient.download(targetFile.toPath()).get();
                    } catch (ExecutionException | InterruptedException e) {
                        LOG.error("Rocks DB checkpoint downloading failed", e);
                        throw new IOException(e);
                    }
                    LOG.info("Downloaded SCM Snapshot from Leader SCM");
                    break;
                }
            }
        }
        Path untarredDbDir = Paths.get(scmSnapshotDBParentDir.getAbsolutePath(), snapshotFileName);
        reconUtils.untarCheckpointFile(targetFile, untarredDbDir);
        FileUtils.deleteQuietly(targetFile);
        return new RocksDBCheckpoint(untarredDbDir);
    } catch (IOException e) {
        LOG.error("Unable to obtain SCM DB Snapshot. ", e);
    }
    return null;
}

Also used : Path(java.nio.file.Path) RocksDBCheckpoint(org.apache.hadoop.hdds.utils.db.RocksDBCheckpoint) InputStream(java.io.InputStream) SCMSnapshotDownloader(org.apache.hadoop.hdds.scm.ha.SCMSnapshotDownloader) InterSCMGrpcClient(org.apache.hadoop.hdds.scm.ha.InterSCMGrpcClient) IOException(java.io.IOException) DBCheckpoint(org.apache.hadoop.hdds.utils.db.DBCheckpoint) RocksDBCheckpoint(org.apache.hadoop.hdds.utils.db.RocksDBCheckpoint) ReconCertificateClient(org.apache.hadoop.hdds.security.x509.certificate.client.ReconCertificateClient) SecurityConfig(org.apache.hadoop.hdds.security.x509.SecurityConfig) ExecutionException(java.util.concurrent.ExecutionException) File(java.io.File)

Example 2 with ReconCertificateClient

use of org.apache.hadoop.hdds.security.x509.certificate.client.ReconCertificateClient in project ozone by apache.

the class ReconServer method initializeCertificateClient.

/**
 * Initializes secure Recon.
 */
private void initializeCertificateClient(OzoneConfiguration conf) throws IOException {
    LOG.info("Initializing secure Recon.");
    certClient = new ReconCertificateClient(new SecurityConfig(configuration), reconStorage.getReconCertSerialId());
    CertificateClient.InitResponse response = certClient.init();
    LOG.info("Init response: {}", response);
    switch(response) {
        case SUCCESS:
            LOG.info("Initialization successful, case:{}.", response);
            break;
        case GETCERT:
            getSCMSignedCert(conf);
            LOG.info("Successfully stored SCM signed certificate, case:{}.", response);
            break;
        case FAILURE:
            LOG.error("Recon security initialization failed, case:{}.", response);
            throw new RuntimeException("Recon security initialization failed.");
        case RECOVER:
            LOG.error("Recon security initialization failed. Recon certificate is " + "missing.");
            throw new RuntimeException("Recon security initialization failed.");
        default:
            LOG.error("Recon security initialization failed. Init response: {}", response);
            throw new RuntimeException("Recon security initialization failed.");
    }
}

Also used : ReconCertificateClient(org.apache.hadoop.hdds.security.x509.certificate.client.ReconCertificateClient) CertificateClient(org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient) ReconCertificateClient(org.apache.hadoop.hdds.security.x509.certificate.client.ReconCertificateClient) SecurityConfig(org.apache.hadoop.hdds.security.x509.SecurityConfig)

Aggregations

SecurityConfig (org.apache.hadoop.hdds.security.x509.SecurityConfig)2 ReconCertificateClient (org.apache.hadoop.hdds.security.x509.certificate.client.ReconCertificateClient)2 File (java.io.File)1 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 Path (java.nio.file.Path)1 ExecutionException (java.util.concurrent.ExecutionException)1 InterSCMGrpcClient (org.apache.hadoop.hdds.scm.ha.InterSCMGrpcClient)1 SCMSnapshotDownloader (org.apache.hadoop.hdds.scm.ha.SCMSnapshotDownloader)1 CertificateClient (org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient)1 DBCheckpoint (org.apache.hadoop.hdds.utils.db.DBCheckpoint)1 RocksDBCheckpoint (org.apache.hadoop.hdds.utils.db.RocksDBCheckpoint)1