@Override public void configureMiniCluster(MiniAccumuloConfigImpl cfg, Configuration hadoopCoreSite) { Map<String, String> siteConfig = cfg.getSiteConfig(); cfg.setNumTservers(1); siteConfig.put(Property.TSERV_SESSION_MAXIDLE.getKey(), getMaxIdleTimeString()); siteConfig.put(Property.TSERV_READ_AHEAD_MAXCONCURRENT.getKey(), "11"); cfg.setSiteConfig(siteConfig); }
/** * Use the same SSL and credential provider configuration that is set up by AbstractMacIT for the * other MAC used for replication */ private void updatePeerConfigFromPrimary( MiniAccumuloConfigImpl primaryCfg, MiniAccumuloConfigImpl peerCfg) { // Set the same SSL information from the primary when present Map<String, String> primarySiteConfig = primaryCfg.getSiteConfig(); if ("true".equals(primarySiteConfig.get(Property.INSTANCE_RPC_SSL_ENABLED.getKey()))) { Map<String, String> peerSiteConfig = new HashMap<String, String>(); peerSiteConfig.put(Property.INSTANCE_RPC_SSL_ENABLED.getKey(), "true"); String keystorePath = primarySiteConfig.get(Property.RPC_SSL_KEYSTORE_PATH.getKey()); Assert.assertNotNull("Keystore Path was null", keystorePath); peerSiteConfig.put(Property.RPC_SSL_KEYSTORE_PATH.getKey(), keystorePath); String truststorePath = primarySiteConfig.get(Property.RPC_SSL_TRUSTSTORE_PATH.getKey()); Assert.assertNotNull("Truststore Path was null", truststorePath); peerSiteConfig.put(Property.RPC_SSL_TRUSTSTORE_PATH.getKey(), truststorePath); // Passwords might be stored in CredentialProvider String keystorePassword = primarySiteConfig.get(Property.RPC_SSL_KEYSTORE_PASSWORD.getKey()); if (null != keystorePassword) { peerSiteConfig.put(Property.RPC_SSL_KEYSTORE_PASSWORD.getKey(), keystorePassword); } String truststorePassword = primarySiteConfig.get(Property.RPC_SSL_TRUSTSTORE_PASSWORD.getKey()); if (null != truststorePassword) { peerSiteConfig.put(Property.RPC_SSL_TRUSTSTORE_PASSWORD.getKey(), truststorePassword); } System.out.println("Setting site configuration for peer " + peerSiteConfig); peerCfg.setSiteConfig(peerSiteConfig); } // Use the CredentialProvider if the primary also uses one String credProvider = primarySiteConfig.get(Property.GENERAL_SECURITY_CREDENTIAL_PROVIDER_PATHS.getKey()); if (null != credProvider) { Map<String, String> peerSiteConfig = peerCfg.getSiteConfig(); peerSiteConfig.put( Property.GENERAL_SECURITY_CREDENTIAL_PROVIDER_PATHS.getKey(), credProvider); peerCfg.setSiteConfig(peerSiteConfig); } }
protected void configureForKerberos( MiniAccumuloConfigImpl cfg, File folder, Configuration coreSite, TestingKdc kdc) throws Exception { Map<String, String> siteConfig = cfg.getSiteConfig(); if (TRUE.equals(siteConfig.get(Property.INSTANCE_RPC_SSL_ENABLED.getKey()))) { throw new RuntimeException("Cannot use both SSL and SASL/Kerberos"); } if (TRUE.equals(siteConfig.get(Property.INSTANCE_RPC_SASL_ENABLED.getKey()))) { // already enabled return; } if (null == kdc) { throw new IllegalStateException("MiniClusterKdc was null"); } log.info("Enabling Kerberos/SASL for minicluster"); // Turn on SASL and set the keytab/principal information cfg.setProperty(Property.INSTANCE_RPC_SASL_ENABLED, "true"); ClusterUser serverUser = kdc.getAccumuloServerUser(); cfg.setProperty(Property.GENERAL_KERBEROS_KEYTAB, serverUser.getKeytab().getAbsolutePath()); cfg.setProperty(Property.GENERAL_KERBEROS_PRINCIPAL, serverUser.getPrincipal()); cfg.setProperty( Property.INSTANCE_SECURITY_AUTHENTICATOR, KerberosAuthenticator.class.getName()); cfg.setProperty(Property.INSTANCE_SECURITY_AUTHORIZOR, KerberosAuthorizor.class.getName()); cfg.setProperty( Property.INSTANCE_SECURITY_PERMISSION_HANDLER, KerberosPermissionHandler.class.getName()); // Piggy-back on the "system user" credential, but use it as a normal KerberosToken, not the // SystemToken. cfg.setProperty(Property.TRACE_USER, serverUser.getPrincipal()); cfg.setProperty(Property.TRACE_TOKEN_TYPE, KerberosToken.CLASS_NAME); // Pass down some KRB5 debug properties Map<String, String> systemProperties = cfg.getSystemProperties(); systemProperties.put(JAVA_SECURITY_KRB5_CONF, System.getProperty(JAVA_SECURITY_KRB5_CONF, "")); systemProperties.put( SUN_SECURITY_KRB5_DEBUG, System.getProperty(SUN_SECURITY_KRB5_DEBUG, "false")); cfg.setSystemProperties(systemProperties); // Make sure UserGroupInformation will do the correct login coreSite.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); cfg.setRootUserName(kdc.getRootUser().getPrincipal()); }
protected void configureForSsl(MiniAccumuloConfigImpl cfg, File folder) { Map<String, String> siteConfig = cfg.getSiteConfig(); if (TRUE.equals(siteConfig.get(Property.INSTANCE_RPC_SSL_ENABLED.getKey()))) { // already enabled; don't mess with it return; } File sslDir = new File(folder, "ssl"); assertTrue(sslDir.mkdirs() || sslDir.isDirectory()); File rootKeystoreFile = new File(sslDir, "root-" + cfg.getInstanceName() + ".jks"); File localKeystoreFile = new File(sslDir, "local-" + cfg.getInstanceName() + ".jks"); File publicTruststoreFile = new File(sslDir, "public-" + cfg.getInstanceName() + ".jks"); final String rootKeystorePassword = "******", truststorePassword = "******"; try { new CertUtils( Property.RPC_SSL_KEYSTORE_TYPE.getDefaultValue(), "o=Apache Accumulo,cn=MiniAccumuloCluster", "RSA", 2048, "sha1WithRSAEncryption") .createAll( rootKeystoreFile, localKeystoreFile, publicTruststoreFile, cfg.getInstanceName(), rootKeystorePassword, cfg.getRootPassword(), truststorePassword); } catch (Exception e) { throw new RuntimeException("error creating MAC keystore", e); } siteConfig.put(Property.INSTANCE_RPC_SSL_ENABLED.getKey(), "true"); siteConfig.put(Property.RPC_SSL_KEYSTORE_PATH.getKey(), localKeystoreFile.getAbsolutePath()); siteConfig.put(Property.RPC_SSL_KEYSTORE_PASSWORD.getKey(), cfg.getRootPassword()); siteConfig.put( Property.RPC_SSL_TRUSTSTORE_PATH.getKey(), publicTruststoreFile.getAbsolutePath()); siteConfig.put(Property.RPC_SSL_TRUSTSTORE_PASSWORD.getKey(), truststorePassword); cfg.setSiteConfig(siteConfig); }