Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HADOOP-12559. KMS connection failures should trigger TGT renewal. Contributed by Zhe Zhang. 

(cherry picked from commit 993311e547)
This commit is contained in:
Xiaoyu Yao 2015-12-28 10:41:26 -08:00
parent c60792e6e5
commit beec7a2efb
2 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hadoop-common-project/hadoop-common/CHANGES.txt
View File

@ -886,6 +886,9 @@ Release 2.8.0 - UNRELEASED
HADOOP-12681. start-build-env.sh fails in branch-2. HADOOP-12681. start-build-env.sh fails in branch-2.
(Kengo Seki via aajisaka) (Kengo Seki via aajisaka)
HADOOP-12559. KMS connection failures should trigger TGT renewal.
(Zhe Zhang via xyao)
Release 2.7.3 - UNRELEASED Release 2.7.3 - UNRELEASED
INCOMPATIBLE CHANGES INCOMPATIBLE CHANGES

2
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java
View File

@ -474,6 +474,8 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension,
UserGroupInformation.AuthenticationMethod.PROXY) UserGroupInformation.AuthenticationMethod.PROXY)
? currentUgi.getShortUserName() : null; ? currentUgi.getShortUserName() : null;
// check and renew TGT to handle potential expiration
actualUgi.checkTGTAndReloginFromKeytab();
// creating the HTTP connection using the current UGI at constructor time // creating the HTTP connection using the current UGI at constructor time
conn = actualUgi.doAs(new PrivilegedExceptionAction<HttpURLConnection>() { conn = actualUgi.doAs(new PrivilegedExceptionAction<HttpURLConnection>() {
@Override @Override