@Override
public void configureMiniCluster(MiniAccumuloConfigImpl cfg, Configuration hadoopCoreSite) {
Map<String, String> siteConfig = cfg.getSiteConfig();
cfg.setNumTservers(1);
siteConfig.put(Property.TSERV_SESSION_MAXIDLE.getKey(), getMaxIdleTimeString());
siteConfig.put(Property.TSERV_READ_AHEAD_MAXCONCURRENT.getKey(), "11");
cfg.setSiteConfig(siteConfig);
}
/**
* Use the same SSL and credential provider configuration that is set up by AbstractMacIT for the
* other MAC used for replication
*/
private void updatePeerConfigFromPrimary(
MiniAccumuloConfigImpl primaryCfg, MiniAccumuloConfigImpl peerCfg) {
// Set the same SSL information from the primary when present
Map<String, String> primarySiteConfig = primaryCfg.getSiteConfig();
if ("true".equals(primarySiteConfig.get(Property.INSTANCE_RPC_SSL_ENABLED.getKey()))) {
Map<String, String> peerSiteConfig = new HashMap<String, String>();
peerSiteConfig.put(Property.INSTANCE_RPC_SSL_ENABLED.getKey(), "true");
String keystorePath = primarySiteConfig.get(Property.RPC_SSL_KEYSTORE_PATH.getKey());
Assert.assertNotNull("Keystore Path was null", keystorePath);
peerSiteConfig.put(Property.RPC_SSL_KEYSTORE_PATH.getKey(), keystorePath);
String truststorePath = primarySiteConfig.get(Property.RPC_SSL_TRUSTSTORE_PATH.getKey());
Assert.assertNotNull("Truststore Path was null", truststorePath);
peerSiteConfig.put(Property.RPC_SSL_TRUSTSTORE_PATH.getKey(), truststorePath);
// Passwords might be stored in CredentialProvider
String keystorePassword = primarySiteConfig.get(Property.RPC_SSL_KEYSTORE_PASSWORD.getKey());
if (null != keystorePassword) {
peerSiteConfig.put(Property.RPC_SSL_KEYSTORE_PASSWORD.getKey(), keystorePassword);
}
String truststorePassword =
primarySiteConfig.get(Property.RPC_SSL_TRUSTSTORE_PASSWORD.getKey());
if (null != truststorePassword) {
peerSiteConfig.put(Property.RPC_SSL_TRUSTSTORE_PASSWORD.getKey(), truststorePassword);
}
System.out.println("Setting site configuration for peer " + peerSiteConfig);
peerCfg.setSiteConfig(peerSiteConfig);
}
// Use the CredentialProvider if the primary also uses one
String credProvider =
primarySiteConfig.get(Property.GENERAL_SECURITY_CREDENTIAL_PROVIDER_PATHS.getKey());
if (null != credProvider) {
Map<String, String> peerSiteConfig = peerCfg.getSiteConfig();
peerSiteConfig.put(
Property.GENERAL_SECURITY_CREDENTIAL_PROVIDER_PATHS.getKey(), credProvider);
peerCfg.setSiteConfig(peerSiteConfig);
}
}
protected void configureForKerberos(
MiniAccumuloConfigImpl cfg, File folder, Configuration coreSite, TestingKdc kdc)
throws Exception {
Map<String, String> siteConfig = cfg.getSiteConfig();
if (TRUE.equals(siteConfig.get(Property.INSTANCE_RPC_SSL_ENABLED.getKey()))) {
throw new RuntimeException("Cannot use both SSL and SASL/Kerberos");
}
if (TRUE.equals(siteConfig.get(Property.INSTANCE_RPC_SASL_ENABLED.getKey()))) {
// already enabled
return;
}
if (null == kdc) {
throw new IllegalStateException("MiniClusterKdc was null");
}
log.info("Enabling Kerberos/SASL for minicluster");
// Turn on SASL and set the keytab/principal information
cfg.setProperty(Property.INSTANCE_RPC_SASL_ENABLED, "true");
ClusterUser serverUser = kdc.getAccumuloServerUser();
cfg.setProperty(Property.GENERAL_KERBEROS_KEYTAB, serverUser.getKeytab().getAbsolutePath());
cfg.setProperty(Property.GENERAL_KERBEROS_PRINCIPAL, serverUser.getPrincipal());
cfg.setProperty(
Property.INSTANCE_SECURITY_AUTHENTICATOR, KerberosAuthenticator.class.getName());
cfg.setProperty(Property.INSTANCE_SECURITY_AUTHORIZOR, KerberosAuthorizor.class.getName());
cfg.setProperty(
Property.INSTANCE_SECURITY_PERMISSION_HANDLER, KerberosPermissionHandler.class.getName());
// Piggy-back on the "system user" credential, but use it as a normal KerberosToken, not the
// SystemToken.
cfg.setProperty(Property.TRACE_USER, serverUser.getPrincipal());
cfg.setProperty(Property.TRACE_TOKEN_TYPE, KerberosToken.CLASS_NAME);
// Pass down some KRB5 debug properties
Map<String, String> systemProperties = cfg.getSystemProperties();
systemProperties.put(JAVA_SECURITY_KRB5_CONF, System.getProperty(JAVA_SECURITY_KRB5_CONF, ""));
systemProperties.put(
SUN_SECURITY_KRB5_DEBUG, System.getProperty(SUN_SECURITY_KRB5_DEBUG, "false"));
cfg.setSystemProperties(systemProperties);
// Make sure UserGroupInformation will do the correct login
coreSite.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
cfg.setRootUserName(kdc.getRootUser().getPrincipal());
}
protected void configureForSsl(MiniAccumuloConfigImpl cfg, File folder) {
Map<String, String> siteConfig = cfg.getSiteConfig();
if (TRUE.equals(siteConfig.get(Property.INSTANCE_RPC_SSL_ENABLED.getKey()))) {
// already enabled; don't mess with it
return;
}
File sslDir = new File(folder, "ssl");
assertTrue(sslDir.mkdirs() || sslDir.isDirectory());
File rootKeystoreFile = new File(sslDir, "root-" + cfg.getInstanceName() + ".jks");
File localKeystoreFile = new File(sslDir, "local-" + cfg.getInstanceName() + ".jks");
File publicTruststoreFile = new File(sslDir, "public-" + cfg.getInstanceName() + ".jks");
final String rootKeystorePassword = "******",
truststorePassword = "******";
try {
new CertUtils(
Property.RPC_SSL_KEYSTORE_TYPE.getDefaultValue(),
"o=Apache Accumulo,cn=MiniAccumuloCluster",
"RSA",
2048,
"sha1WithRSAEncryption")
.createAll(
rootKeystoreFile,
localKeystoreFile,
publicTruststoreFile,
cfg.getInstanceName(),
rootKeystorePassword,
cfg.getRootPassword(),
truststorePassword);
} catch (Exception e) {
throw new RuntimeException("error creating MAC keystore", e);
}
siteConfig.put(Property.INSTANCE_RPC_SSL_ENABLED.getKey(), "true");
siteConfig.put(Property.RPC_SSL_KEYSTORE_PATH.getKey(), localKeystoreFile.getAbsolutePath());
siteConfig.put(Property.RPC_SSL_KEYSTORE_PASSWORD.getKey(), cfg.getRootPassword());
siteConfig.put(
Property.RPC_SSL_TRUSTSTORE_PATH.getKey(), publicTruststoreFile.getAbsolutePath());
siteConfig.put(Property.RPC_SSL_TRUSTSTORE_PASSWORD.getKey(), truststorePassword);
cfg.setSiteConfig(siteConfig);
}