use of org.apache.hadoop.hdds.security.x509.certificate.client.ReconCertificateClient in project ozone by apache.
the class StorageContainerServiceProviderImpl method getSCMDBSnapshot.
public DBCheckpoint getSCMDBSnapshot() {
String snapshotFileName = RECON_SCM_SNAPSHOT_DB + "_" + System.currentTimeMillis();
File targetFile = new File(scmSnapshotDBParentDir, snapshotFileName + ".tar.gz");
try {
if (!SCMHAUtils.isSCMHAEnabled(configuration)) {
SecurityUtil.doAsLoginUser(() -> {
try (InputStream inputStream = reconUtils.makeHttpCall(connectionFactory, getScmDBSnapshotUrl(), isOmSpnegoEnabled()).getInputStream()) {
FileUtils.copyInputStreamToFile(inputStream, targetFile);
}
return null;
});
LOG.info("Downloaded SCM Snapshot from SCM");
} else {
List<String> ratisRoles = scmClient.getScmInfo().getRatisPeerRoles();
for (String ratisRole : ratisRoles) {
String[] role = ratisRole.split(":");
if (role[2].equals(RaftProtos.RaftPeerRole.LEADER.toString())) {
String hostAddress = role[4].trim();
int grpcPort = configuration.getInt(ScmConfigKeys.OZONE_SCM_GRPC_PORT_KEY, ScmConfigKeys.OZONE_SCM_GRPC_PORT_DEFAULT);
try (SCMSnapshotDownloader downloadClient = new InterSCMGrpcClient(hostAddress, grpcPort, configuration, new ReconCertificateClient(new SecurityConfig(configuration), reconStorage.getReconCertSerialId()))) {
downloadClient.download(targetFile.toPath()).get();
} catch (ExecutionException | InterruptedException e) {
LOG.error("Rocks DB checkpoint downloading failed", e);
throw new IOException(e);
}
LOG.info("Downloaded SCM Snapshot from Leader SCM");
break;
}
}
}
Path untarredDbDir = Paths.get(scmSnapshotDBParentDir.getAbsolutePath(), snapshotFileName);
reconUtils.untarCheckpointFile(targetFile, untarredDbDir);
FileUtils.deleteQuietly(targetFile);
return new RocksDBCheckpoint(untarredDbDir);
} catch (IOException e) {
LOG.error("Unable to obtain SCM DB Snapshot. ", e);
}
return null;
}
use of org.apache.hadoop.hdds.security.x509.certificate.client.ReconCertificateClient in project ozone by apache.
the class ReconServer method initializeCertificateClient.
/**
* Initializes secure Recon.
*/
private void initializeCertificateClient(OzoneConfiguration conf) throws IOException {
LOG.info("Initializing secure Recon.");
certClient = new ReconCertificateClient(new SecurityConfig(configuration), reconStorage.getReconCertSerialId());
CertificateClient.InitResponse response = certClient.init();
LOG.info("Init response: {}", response);
switch(response) {
case SUCCESS:
LOG.info("Initialization successful, case:{}.", response);
break;
case GETCERT:
getSCMSignedCert(conf);
LOG.info("Successfully stored SCM signed certificate, case:{}.", response);
break;
case FAILURE:
LOG.error("Recon security initialization failed, case:{}.", response);
throw new RuntimeException("Recon security initialization failed.");
case RECOVER:
LOG.error("Recon security initialization failed. Recon certificate is " + "missing.");
throw new RuntimeException("Recon security initialization failed.");
default:
LOG.error("Recon security initialization failed. Init response: {}", response);
throw new RuntimeException("Recon security initialization failed.");
}
}
Aggregations