/** * Setup the security configuration for hdfs. */ private static void setHdfsSecuredConfiguration(Configuration conf) throws Exception { // Set principal+keytab configuration for HDFS conf.set(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, SERVICE_PRINCIPAL + "@" + KDC.getRealm()); conf.set(DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY, KEYTAB.getAbsolutePath()); conf.set(DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY, SERVICE_PRINCIPAL + "@" + KDC.getRealm()); conf.set(DFSConfigKeys.DFS_DATANODE_KEYTAB_FILE_KEY, KEYTAB.getAbsolutePath()); conf.set(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY, SPNEGO_PRINCIPAL + "@" + KDC.getRealm()); // Enable token access for HDFS blocks conf.setBoolean(DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY, true); // Only use HTTPS (required because we aren't using "secure" ports) conf.set(DFSConfigKeys.DFS_HTTP_POLICY_KEY, HttpConfig.Policy.HTTPS_ONLY.name()); // Bind on localhost for spnego to have a chance at working conf.set(DFSConfigKeys.DFS_NAMENODE_HTTPS_ADDRESS_KEY, "localhost:0"); conf.set(DFSConfigKeys.DFS_DATANODE_HTTPS_ADDRESS_KEY, "localhost:0"); // Generate SSL certs File keystoresDir = new File(UTIL.getDataTestDir("keystore").toUri().getPath()); keystoresDir.mkdirs(); String sslConfDir = KeyStoreTestUtil.getClasspathDir(HttpParamImpersonationQueryServerIT.class); KeyStoreTestUtil.setupSSLConfig(keystoresDir.getAbsolutePath(), sslConfDir, conf, false); // Magic flag to tell hdfs to not fail on using ports above 1024 conf.setBoolean("ignore.secure.ports.for.testing", true); }
/** * Get http policy. */ public static HttpConfig.Policy getHttpPolicy(Configuration conf) { String policyStr = conf.get(DFSConfigKeys.DFS_HTTP_POLICY_KEY, DFSConfigKeys.DFS_HTTP_POLICY_DEFAULT); HttpConfig.Policy policy = HttpConfig.Policy.fromString(policyStr); if (policy == null) { throw new HadoopIllegalArgumentException("Unregonized value '" + policyStr + "' for " + DFSConfigKeys.DFS_HTTP_POLICY_KEY); } conf.set(DFSConfigKeys.DFS_HTTP_POLICY_KEY, policy.name()); return policy; }
HttpConfig.Policy policy = DFSUtil.getHttpPolicy(conf); if (policy.isHttpEnabled()) { this.httpServer = new ServerBootstrap().group(bossGroup, workerGroup) .childHandler(new ChannelInitializer<SocketChannel>() { if (policy.isHttpsEnabled()) { this.sslFactory = new SSLFactory(SSLFactory.Mode.SERVER, conf); try {
HttpConfig.Policy.HTTPS_ONLY.toString()); conf.setBoolean(YarnConfiguration.RM_HA_ENABLED, true); conf.set(YarnConfiguration.RM_HA_IDS, "rm1,rm2,rm3,dummy"); HttpConfig.Policy.HTTPS_ONLY.toString()); conf.setBoolean(YarnConfiguration.RM_HA_ENABLED, true); conf.set(YarnConfiguration.RM_HA_IDS, "rm1,rm2,rm3");
HttpConfig.Policy policy = DFSUtil.getHttpPolicy(conf); if (policy.isHttpEnabled()) { this.httpServer = new ServerBootstrap().group(bossGroup, workerGroup) .childHandler(new ChannelInitializer<SocketChannel>() { if (policy.isHttpsEnabled()) { this.sslFactory = new SSLFactory(SSLFactory.Mode.SERVER, conf); try {
conf = new Configuration(false); conf.set(YarnConfiguration.YARN_HTTP_POLICY_KEY, HttpConfig.Policy.HTTPS_ONLY.toString()); conf.setBoolean(YarnConfiguration.RM_HA_ENABLED, true); conf.set(YarnConfiguration.RM_HA_IDS, "rm1,rm2");
if (policy.isHttpEnabled()) { InetSocketAddress httpAddress = infoServer.getConnectorAddress(connIdx++); conf.set(DFSConfigKeys.DFS_NAMENODE_SECONDARY_HTTP_ADDRESS_KEY, if (policy.isHttpsEnabled()) { InetSocketAddress httpsAddress = infoServer.getConnectorAddress(connIdx); conf.set(DFSConfigKeys.DFS_NAMENODE_SECONDARY_HTTPS_ADDRESS_KEY,
if (policy.isHttpEnabled()) { InetSocketAddress httpAddress = infoServer.getConnectorAddress(connIdx++); conf.set(DFSConfigKeys.DFS_NAMENODE_SECONDARY_HTTP_ADDRESS_KEY, if (policy.isHttpsEnabled()) { InetSocketAddress httpsAddress = infoServer.getConnectorAddress(connIdx); conf.set(DFSConfigKeys.DFS_NAMENODE_SECONDARY_HTTPS_ADDRESS_KEY,
HttpConfig.Policy policy = DFSUtil.getHttpPolicy(conf); if (policy.isHttpEnabled()) { this.httpServer = new ServerBootstrap().group(bossGroup, workerGroup) .childHandler(new ChannelInitializer<SocketChannel>() { if (policy.isHttpsEnabled()) { this.sslFactory = new SSLFactory(SSLFactory.Mode.SERVER, conf); try {
conf = new Configuration(false); conf.set(YarnConfiguration.YARN_HTTP_POLICY_KEY, HttpConfig.Policy.HTTPS_ONLY.toString()); conf.setBoolean(YarnConfiguration.RM_HA_ENABLED, true); conf.set(YarnConfiguration.RM_HA_IDS, "rm1,rm2");
conf.setString(WebConfigKey.HAS_HTTPS_ADDRESS_KEY, hasHttpsAddress); conf.setString(WebConfigKey.HAS_HTTP_POLICY_KEY, HttpConfig.Policy.HTTP_AND_HTTPS.name()); conf.setString(WebConfigKey.HAS_SERVER_HTTPS_KEYSTORE_RESOURCE_KEY, hasConfig.getSslServerConf());
conf.getString(WebConfigKey.HAS_HTTPS_BIND_HOST_KEY); InetSocketAddress httpAddr = null; if (policy.isHttpEnabled()) { final String httpAddrString = conf.getString( WebConfigKey.HAS_HTTP_ADDRESS_KEY, if (policy.isHttpsEnabled()) { final String httpsAddrString = conf.getString( WebConfigKey.HAS_HTTPS_ADDRESS_KEY, if (policy.isHttpEnabled()) { httpAddress = httpServer.getConnectorAddress(connIdx++); if (httpAddress != null) { if (policy.isHttpsEnabled()) { httpsAddress = httpServer.getConnectorAddress(connIdx); if (httpsAddress != null) {
conf.setString(WebConfigKey.HAS_HTTPS_ADDRESS_KEY, hasHttpsAddress); conf.setString(WebConfigKey.HAS_HTTP_POLICY_KEY, HttpConfig.Policy.HTTP_AND_HTTPS.name()); conf.setString(WebConfigKey.HAS_SERVER_HTTPS_KEYSTORE_RESOURCE_KEY, hasConfig.getSslServerConf());
if (policy.isHttpsEnabled()) { if (policy.isHttpEnabled()) { httpAddress = httpServer.getConnectorAddress(connIdx++); conf.set(DFSConfigKeys.DFS_NAMENODE_HTTP_ADDRESS_KEY, if (policy.isHttpsEnabled()) { httpsAddress = httpServer.getConnectorAddress(connIdx); conf.set(DFSConfigKeys.DFS_NAMENODE_HTTPS_ADDRESS_KEY,
HttpConfig.Policy.HTTPS_ONLY.toString()); conf.setBoolean(YarnConfiguration.RM_HA_ENABLED, true); conf.set(YarnConfiguration.RM_HA_IDS, "rm1,rm2,rm3,dummy");
conf.getString(WebConfigKey.HAS_HTTPS_BIND_HOST_KEY); InetSocketAddress httpAddr = null; if (policy.isHttpEnabled()) { final String httpAddrString = conf.getString( WebConfigKey.HAS_HTTP_ADDRESS_KEY, if (policy.isHttpsEnabled()) { final String httpsAddrString = conf.getString( WebConfigKey.HAS_HTTPS_ADDRESS_KEY, if (policy.isHttpEnabled()) { httpAddress = httpServer.getConnectorAddress(connIdx++); if (httpAddress != null) { if (policy.isHttpsEnabled()) { httpsAddress = httpServer.getConnectorAddress(connIdx); if (httpsAddress != null) {
if (policy.isHttpEnabled()) { httpChannel = ServerSocketChannel.open(); InetSocketAddress infoSocAddr = DataNode.getInfoAddr(conf);
if (policy.isHttpEnabled()) { httpChannel = ServerSocketChannel.open(); InetSocketAddress infoSocAddr = DataNode.getInfoAddr(conf);
HttpConfig.Policy.HTTPS_ONLY.name()); File base = new File(BASEDIR); FileUtil.fullyDelete(base);
conf.set(DFS_HTTP_POLICY_KEY, HttpConfig.Policy.HTTPS_ONLY.name());