HADOOP-12752. Improve diagnostics/use of envvar/sysprop credential propagation. Contributed by Steve Loughran.

2016-02-08 09:36:09 -08:00 · 2016-02-08 09:36:09 -08:00 · cf3261570a
parent d37eb828ff
commit cf3261570a
2 changed files with 21 additions and 4 deletions
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@ -1108,6 +1108,9 @@ Release 2.8.0 - UNRELEASED
    HADOOP-12759. RollingFileSystemSink should eagerly rotate directories.
    (Daniel Templeton via wang)

+    HADOOP-12752. Improve diagnostics/use of envvar/sysprop credential
+    propagation (Steve Loughran via cnauroth)
+
  OPTIMIZATIONS

    HADOOP-11785. Reduce the number of listStatus operation in distcp
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
@ -24,6 +24,7 @@
 import static org.apache.hadoop.util.PlatformName.IBM_JAVA;

 import java.io.File;
+import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.lang.reflect.UndeclaredThrowableException;
 import java.security.AccessControlContext;
@ -54,8 +55,6 @@
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;

-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.classification.InterfaceAudience;
 import org.apache.hadoop.classification.InterfaceStability;
 import org.apache.hadoop.conf.Configuration;
@ -75,6 +74,8 @@
 import org.apache.hadoop.util.Time;

 import com.google.common.annotations.VisibleForTesting;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;

 /**
 * User and group information for Hadoop.
@ -85,7 +86,9 @@
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce", "HBase", "Hive", "Oozie"})
@InterfaceStability.Evolving
 public class UserGroupInformation {
-  private static final Log LOG =  LogFactory.getLog(UserGroupInformation.class);
+  private static final Logger LOG = LoggerFactory.getLogger(
+      UserGroupInformation.class);
+
  /**
   * Percentage of the ticket window to use before we renew ticket.
   */
@ -848,8 +851,19 @@ static void loginUserFromSubject(Subject subject) throws IOException {
        // Load the token storage file and put all of the tokens into the
        // user. Don't use the FileSystem API for reading since it has a lock
        // cycle (HADOOP-9212).
+        File source = new File(fileLocation);
+        LOG.debug("Reading credentials from location set in {}: {}",
+            HADOOP_TOKEN_FILE_LOCATION,
+            source.getCanonicalPath());
+        if (!source.isFile()) {
+          throw new FileNotFoundException("Source file "
+              + source.getCanonicalPath() + " from "
+              + HADOOP_TOKEN_FILE_LOCATION
+              + " not found");
+        }
        Credentials cred = Credentials.readTokenStorageFile(
-            new File(fileLocation), conf);
+            source, conf);
+        LOG.debug("Loaded {} tokens", cred.numberOfTokens());
        loginUser.addCredentials(cred);
      }
      loginUser.spawnAutoRenewalThreadForUserCreds();