diff --git a/hadoop-ozone/dist/dev-support/bin/dist-layout-stitching b/hadoop-ozone/dist/dev-support/bin/dist-layout-stitching index 821f534c4a53..a902eab5a97c 100755 --- a/hadoop-ozone/dist/dev-support/bin/dist-layout-stitching +++ b/hadoop-ozone/dist/dev-support/bin/dist-layout-stitching @@ -128,8 +128,7 @@ run cp -p -r "${ROOT}/hadoop-ozone/dist/src/main/smoketest" . run cp -p -r "${ROOT}/hadoop-ozone/dist/target/k8s" kubernetes run cp -p -r "${ROOT}/hadoop-ozone/dist/target/Dockerfile" . -#Copy pre-generated keytabs -run cp -p -R "${ROOT}/hadoop-ozone/dist/src/main/keytabs" compose/_keytabs +run mkdir compose/_keytabs for file in $(find "${ROOT}" -path '*/target/classes/*.classpath' | sort); do # We need to add the artifact manually as it's not part the generated classpath desciptor diff --git a/hadoop-ozone/dist/src/main/compose/common/init-kdc.sh b/hadoop-ozone/dist/src/main/compose/common/init-kdc.sh new file mode 100755 index 000000000000..d5f7fd6d778e --- /dev/null +++ b/hadoop-ozone/dist/src/main/compose/common/init-kdc.sh @@ -0,0 +1,86 @@ +#!/usr/bin/env bash +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -eux -o pipefail + +# This script exports keytabs and starts KDC server. + +export_keytab() { + kadmin.local -q "ktadd -norandkey -k /etc/security/keytabs/$2.keytab $1@EXAMPLE.COM" +} + +rm -f /etc/security/keytabs/*.keytab + +export_keytab scm/scm scm +export_keytab HTTP/scm scm +export_keytab testuser/scm scm +export_keytab testuser2/scm scm + +export_keytab testuser/dn testuser +export_keytab testuser/httpfs testuser +export_keytab testuser/om testuser +export_keytab testuser/recon testuser +export_keytab testuser/s3g testuser +export_keytab testuser/scm testuser + +export_keytab testuser2/dn testuser2 +export_keytab testuser2/httpfs testuser2 +export_keytab testuser2/om testuser2 +export_keytab testuser2/recon testuser2 +export_keytab testuser2/s3g testuser2 +export_keytab testuser2/scm testuser2 + +export_keytab om/om om +export_keytab HTTP/om om +export_keytab testuser/om om +export_keytab testuser2/om om + +export_keytab s3g/s3g s3g +export_keytab HTTP/s3g s3g +export_keytab testuser/s3g s3g +export_keytab testuser2/s3g s3g + +export_keytab httpfs/httpfs httpfs +export_keytab HTTP/httpfs httpfs +export_keytab testuser/httpfs httpfs +export_keytab testuser2/httpfs httpfs + +export_keytab recon/recon recon +export_keytab HTTP/recon recon +export_keytab testuser/recon recon +export_keytab testuser2/recon recon + +export_keytab dn/dn dn +export_keytab HTTP/dn dn +export_keytab testuser/dn dn +export_keytab testuser2/dn dn + +export_keytab HTTP/scm HTTP +export_keytab HTTP/s3g HTTP +export_keytab HTTP/httpfs HTTP +export_keytab HTTP/ozone HTTP + +export_keytab hadoop/rm hadoop + +export_keytab rm/rm rm +export_keytab nm/nm nm +export_keytab jhs/jhs jhs + +chmod 755 /etc/security/keytabs/*.keytab +chown 1000. /etc/security/keytabs/*.keytab + +krb5kdc -n diff --git a/hadoop-ozone/dist/src/main/compose/ozonesecure-ha/docker-compose.yaml b/hadoop-ozone/dist/src/main/compose/ozonesecure-ha/docker-compose.yaml index 354f718ade7b..e48d3cb9b050 100644 --- a/hadoop-ozone/dist/src/main/compose/ozonesecure-ha/docker-compose.yaml +++ b/hadoop-ozone/dist/src/main/compose/ozonesecure-ha/docker-compose.yaml @@ -22,7 +22,7 @@ services: volumes: - ../..:/opt/hadoop - ../_keytabs:/etc/security/keytabs - command: ["krb5kdc","-n"] + command: ["/opt/hadoop/compose/common/init-kdc.sh"] networks: ozone_net: ipv4_address: 172.25.0.100 diff --git a/hadoop-ozone/dist/src/main/compose/ozonesecure-mr/docker-compose.yaml b/hadoop-ozone/dist/src/main/compose/ozonesecure-mr/docker-compose.yaml index f0b094447d0a..4db7576bd223 100644 --- a/hadoop-ozone/dist/src/main/compose/ozonesecure-mr/docker-compose.yaml +++ b/hadoop-ozone/dist/src/main/compose/ozonesecure-mr/docker-compose.yaml @@ -22,7 +22,7 @@ services: volumes: - ../..:/opt/hadoop - ../_keytabs:/etc/security/keytabs - command: ["krb5kdc","-n"] + command: ["/opt/hadoop/compose/common/init-kdc.sh"] kms: image: ${HADOOP_IMAGE}:${HADOOP_VERSION} dns_search: . diff --git a/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-compose.yaml b/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-compose.yaml index f0b4aee1b351..f3e372964bb7 100644 --- a/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-compose.yaml +++ b/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-compose.yaml @@ -22,7 +22,7 @@ services: volumes: - ../..:/opt/hadoop - ../_keytabs:/etc/security/keytabs - command: ["krb5kdc","-n"] + command: ["/opt/hadoop/compose/common/init-kdc.sh"] kms: image: ${HADOOP_IMAGE}:${HADOOP_VERSION} hostname: kms diff --git a/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/docker-compose.yaml b/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/docker-compose.yaml index 86ebcc0c2b0b..8235f2137498 100644 --- a/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/docker-compose.yaml +++ b/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/docker-compose.yaml @@ -67,7 +67,7 @@ x-volumes: services: kdc: - command: ["krb5kdc","-n"] + command: ["/opt/hadoop/compose/common/init-kdc.sh"] hostname: kdc image: ${OZONE_TESTKRB5_IMAGE} networks: diff --git a/hadoop-ozone/dist/src/main/compose/xcompat/new-cluster.yaml b/hadoop-ozone/dist/src/main/compose/xcompat/new-cluster.yaml index 0f7105b8ccfb..275338d7e709 100644 --- a/hadoop-ozone/dist/src/main/compose/xcompat/new-cluster.yaml +++ b/hadoop-ozone/dist/src/main/compose/xcompat/new-cluster.yaml @@ -34,7 +34,7 @@ services: volumes: - ../..:/opt/hadoop - ../_keytabs:/etc/security/keytabs - command: [ "krb5kdc","-n" ] + command: ["/opt/hadoop/compose/common/init-kdc.sh"] kms: image: ${HADOOP_IMAGE}:${HADOOP_VERSION} hostname: kms diff --git a/hadoop-ozone/dist/src/main/compose/xcompat/old-cluster.yaml b/hadoop-ozone/dist/src/main/compose/xcompat/old-cluster.yaml index fceb8e6eb3cc..e3df1b3dda0b 100644 --- a/hadoop-ozone/dist/src/main/compose/xcompat/old-cluster.yaml +++ b/hadoop-ozone/dist/src/main/compose/xcompat/old-cluster.yaml @@ -34,7 +34,7 @@ services: volumes: - ../..:/opt/ozone - ../_keytabs:/etc/security/keytabs - command: [ "krb5kdc","-n" ] + command: ["/opt/ozone/compose/common/init-kdc.sh"] kms: image: ${HADOOP_IMAGE}:${HADOOP_VERSION} hostname: kms diff --git a/hadoop-ozone/dist/src/main/keytabs/HTTP.keytab b/hadoop-ozone/dist/src/main/keytabs/HTTP.keytab deleted file mode 100755 index d1715a750627..000000000000 Binary files a/hadoop-ozone/dist/src/main/keytabs/HTTP.keytab and /dev/null differ diff --git a/hadoop-ozone/dist/src/main/keytabs/dn.keytab b/hadoop-ozone/dist/src/main/keytabs/dn.keytab deleted file mode 100755 index 4b5c8c252e10..000000000000 Binary files a/hadoop-ozone/dist/src/main/keytabs/dn.keytab and /dev/null differ diff --git a/hadoop-ozone/dist/src/main/keytabs/hadoop.keytab b/hadoop-ozone/dist/src/main/keytabs/hadoop.keytab deleted file mode 100755 index ae3cd11e70ff..000000000000 Binary files a/hadoop-ozone/dist/src/main/keytabs/hadoop.keytab and /dev/null differ diff --git a/hadoop-ozone/dist/src/main/keytabs/httpfs.keytab b/hadoop-ozone/dist/src/main/keytabs/httpfs.keytab deleted file mode 100755 index e5eec5375cb9..000000000000 Binary files a/hadoop-ozone/dist/src/main/keytabs/httpfs.keytab and /dev/null differ diff --git a/hadoop-ozone/dist/src/main/keytabs/jhs.keytab b/hadoop-ozone/dist/src/main/keytabs/jhs.keytab deleted file mode 100755 index d7cd324ec560..000000000000 Binary files a/hadoop-ozone/dist/src/main/keytabs/jhs.keytab and /dev/null differ diff --git a/hadoop-ozone/dist/src/main/keytabs/nm.keytab b/hadoop-ozone/dist/src/main/keytabs/nm.keytab deleted file mode 100755 index 7b73f49a0592..000000000000 Binary files a/hadoop-ozone/dist/src/main/keytabs/nm.keytab and /dev/null differ diff --git a/hadoop-ozone/dist/src/main/keytabs/om.keytab b/hadoop-ozone/dist/src/main/keytabs/om.keytab deleted file mode 100755 index f6ef6fcbbca8..000000000000 Binary files a/hadoop-ozone/dist/src/main/keytabs/om.keytab and /dev/null differ diff --git a/hadoop-ozone/dist/src/main/keytabs/recon.keytab b/hadoop-ozone/dist/src/main/keytabs/recon.keytab deleted file mode 100755 index 7d0bd3cc3a21..000000000000 Binary files a/hadoop-ozone/dist/src/main/keytabs/recon.keytab and /dev/null differ diff --git a/hadoop-ozone/dist/src/main/keytabs/rm.keytab b/hadoop-ozone/dist/src/main/keytabs/rm.keytab deleted file mode 100755 index 546b4a476d21..000000000000 Binary files a/hadoop-ozone/dist/src/main/keytabs/rm.keytab and /dev/null differ diff --git a/hadoop-ozone/dist/src/main/keytabs/s3g.keytab b/hadoop-ozone/dist/src/main/keytabs/s3g.keytab deleted file mode 100755 index 1361eecee61b..000000000000 Binary files a/hadoop-ozone/dist/src/main/keytabs/s3g.keytab and /dev/null differ diff --git a/hadoop-ozone/dist/src/main/keytabs/scm.keytab b/hadoop-ozone/dist/src/main/keytabs/scm.keytab deleted file mode 100755 index 531f97a1b79d..000000000000 Binary files a/hadoop-ozone/dist/src/main/keytabs/scm.keytab and /dev/null differ diff --git a/hadoop-ozone/dist/src/main/keytabs/testuser.keytab b/hadoop-ozone/dist/src/main/keytabs/testuser.keytab deleted file mode 100755 index c373cf5019ee..000000000000 Binary files a/hadoop-ozone/dist/src/main/keytabs/testuser.keytab and /dev/null differ diff --git a/hadoop-ozone/dist/src/main/keytabs/testuser2.keytab b/hadoop-ozone/dist/src/main/keytabs/testuser2.keytab deleted file mode 100755 index da5d6a99e532..000000000000 Binary files a/hadoop-ozone/dist/src/main/keytabs/testuser2.keytab and /dev/null differ diff --git a/hadoop-ozone/dist/src/main/keytabs/update-keytabs.sh b/hadoop-ozone/dist/src/main/keytabs/update-keytabs.sh deleted file mode 100755 index 5094a6bf8570..000000000000 --- a/hadoop-ozone/dist/src/main/keytabs/update-keytabs.sh +++ /dev/null @@ -1,98 +0,0 @@ -#!/usr/bin/env bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -SCRIPT_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd ) -set -ex - -export_keytab() { - kadmin.local -q "ktadd -norandkey -k /etc/security/keytabs/$2.keytab $1@EXAMPLE.COM" -} - -#this section supposed to be executed inside a docker image which already -#has these credentials -# -# the rest of the code executes this part inside a container -# -if [ "$1" == "internal" ]; then - rm /etc/security/keytabs/*.keytab - - export_keytab scm/scm scm - export_keytab HTTP/scm scm - export_keytab testuser/scm scm - export_keytab testuser2/scm scm - - export_keytab testuser/dn testuser - export_keytab testuser/httpfs testuser - export_keytab testuser/om testuser - export_keytab testuser/recon testuser - export_keytab testuser/s3g testuser - export_keytab testuser/scm testuser - - export_keytab testuser2/dn testuser2 - export_keytab testuser2/httpfs testuser2 - export_keytab testuser2/om testuser2 - export_keytab testuser2/recon testuser2 - export_keytab testuser2/s3g testuser2 - export_keytab testuser2/scm testuser2 - - export_keytab om/om om - export_keytab HTTP/om om - export_keytab testuser/om om - export_keytab testuser2/om om - - export_keytab s3g/s3g s3g - export_keytab HTTP/s3g s3g - export_keytab testuser/s3g s3g - export_keytab testuser2/s3g s3g - - export_keytab httpfs/httpfs httpfs - export_keytab HTTP/httpfs httpfs - export_keytab testuser/httpfs httpfs - export_keytab testuser2/httpfs httpfs - - export_keytab recon/recon recon - export_keytab HTTP/recon recon - export_keytab testuser/recon recon - export_keytab testuser2/recon recon - - export_keytab dn/dn dn - export_keytab HTTP/dn dn - export_keytab testuser/dn dn - export_keytab testuser2/dn dn - - export_keytab HTTP/scm HTTP - export_keytab HTTP/s3g HTTP - export_keytab HTTP/httpfs HTTP - export_keytab HTTP/ozone HTTP - - export_keytab hadoop/rm hadoop - - export_keytab rm/rm rm - export_keytab nm/nm nm - export_keytab jhs/jhs jhs - - - - chmod 755 /etc/security/keytabs/*.keytab - chown 1000. /etc/security/keytabs/*.keytab - exit 0 -fi - -TESTKRB5_IMAGE=$(mvn -f "$SCRIPT_DIR"/../../../pom.xml help:evaluate -Dexpression=docker.ozone-testkr5b.image -q -DforceStdout -Dscan=false) - -docker run -it --entrypoint=/etc/security/keytabs/update-keytabs.sh -v "$SCRIPT_DIR":/etc/security/keytabs $TESTKRB5_IMAGE internal - -