HADOOP-12752. Improve diagnostics/use of envvar/sysprop credential propagation. Contributed by Steve Loughran.

This commit is contained in:
cnauroth 2016-02-08 09:36:09 -08:00
parent d37eb828ff
commit cf3261570a
2 changed files with 21 additions and 4 deletions

View File

@ -1108,6 +1108,9 @@ Release 2.8.0 - UNRELEASED
HADOOP-12759. RollingFileSystemSink should eagerly rotate directories. HADOOP-12759. RollingFileSystemSink should eagerly rotate directories.
(Daniel Templeton via wang) (Daniel Templeton via wang)
HADOOP-12752. Improve diagnostics/use of envvar/sysprop credential
propagation (Steve Loughran via cnauroth)
OPTIMIZATIONS OPTIMIZATIONS
HADOOP-11785. Reduce the number of listStatus operation in distcp HADOOP-11785. Reduce the number of listStatus operation in distcp

View File

@ -24,6 +24,7 @@ import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_TOKEN_FI
import static org.apache.hadoop.util.PlatformName.IBM_JAVA; import static org.apache.hadoop.util.PlatformName.IBM_JAVA;
import java.io.File; import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException; import java.io.IOException;
import java.lang.reflect.UndeclaredThrowableException; import java.lang.reflect.UndeclaredThrowableException;
import java.security.AccessControlContext; import java.security.AccessControlContext;
@ -54,8 +55,6 @@ import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException; import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule; import javax.security.auth.spi.LoginModule;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
@ -75,6 +74,8 @@ import org.apache.hadoop.util.StringUtils;
import org.apache.hadoop.util.Time; import org.apache.hadoop.util.Time;
import com.google.common.annotations.VisibleForTesting; import com.google.common.annotations.VisibleForTesting;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/** /**
* User and group information for Hadoop. * User and group information for Hadoop.
@ -85,7 +86,9 @@ import com.google.common.annotations.VisibleForTesting;
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce", "HBase", "Hive", "Oozie"}) @InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce", "HBase", "Hive", "Oozie"})
@InterfaceStability.Evolving @InterfaceStability.Evolving
public class UserGroupInformation { public class UserGroupInformation {
private static final Log LOG = LogFactory.getLog(UserGroupInformation.class); private static final Logger LOG = LoggerFactory.getLogger(
UserGroupInformation.class);
/** /**
* Percentage of the ticket window to use before we renew ticket. * Percentage of the ticket window to use before we renew ticket.
*/ */
@ -848,8 +851,19 @@ public class UserGroupInformation {
// Load the token storage file and put all of the tokens into the // Load the token storage file and put all of the tokens into the
// user. Don't use the FileSystem API for reading since it has a lock // user. Don't use the FileSystem API for reading since it has a lock
// cycle (HADOOP-9212). // cycle (HADOOP-9212).
File source = new File(fileLocation);
LOG.debug("Reading credentials from location set in {}: {}",
HADOOP_TOKEN_FILE_LOCATION,
source.getCanonicalPath());
if (!source.isFile()) {
throw new FileNotFoundException("Source file "
+ source.getCanonicalPath() + " from "
+ HADOOP_TOKEN_FILE_LOCATION
+ " not found");
}
Credentials cred = Credentials.readTokenStorageFile( Credentials cred = Credentials.readTokenStorageFile(
new File(fileLocation), conf); source, conf);
LOG.debug("Loaded {} tokens", cred.numberOfTokens());
loginUser.addCredentials(cred); loginUser.addCredentials(cred);
} }
loginUser.spawnAutoRenewalThreadForUserCreds(); loginUser.spawnAutoRenewalThreadForUserCreds();