apex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (APEXCORE-460) Token refresh mechanism not considering keytab specified in command line
Date Thu, 19 May 2016 17:20:13 GMT

    [ https://issues.apache.org/jira/browse/APEXCORE-460?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15291559#comment-15291559
] 

ASF GitHub Bot commented on APEXCORE-460:
-----------------------------------------

Github user gauravgopi123 commented on a diff in the pull request:

    https://github.com/apache/incubator-apex-core/pull/337#discussion_r63919097
  
    --- Diff: engine/src/main/java/com/datatorrent/stram/client/StramAppLauncher.java ---
    @@ -577,17 +604,9 @@ public ApplicationId launchApp(AppFactory appConfig) throws Exception
         dag.setAttribute(LogicalPlan.HDFS_TOKEN_LIFE_TIME, hdfsTokenMaxLifeTime);
         long rmTokenMaxLifeTime = conf.getLong(StramClientUtils.DT_RM_TOKEN_MAX_LIFE_TIME,
conf.getLong(YarnConfiguration.DELEGATION_TOKEN_MAX_LIFETIME_KEY, YarnConfiguration.DELEGATION_TOKEN_MAX_LIFETIME_DEFAULT));
         dag.setAttribute(LogicalPlan.RM_TOKEN_LIFE_TIME, rmTokenMaxLifeTime);
    -    if (conf.get(StramClientUtils.KEY_TAB_FILE) != null) {
    -      dag.setAttribute(LogicalPlan.KEY_TAB_FILE, conf.get(StramClientUtils.KEY_TAB_FILE));
    -    } else if (conf.get(StramUserLogin.DT_AUTH_KEYTAB) != null) {
    -      Path localKeyTabPath = new Path(conf.get(StramUserLogin.DT_AUTH_KEYTAB));
    -      try (FileSystem fs = StramClientUtils.newFileSystemInstance(conf)) {
    -        Path destPath = new Path(StramClientUtils.getDTDFSRootDir(fs, conf), localKeyTabPath.getName());
    -        if (!fs.exists(destPath)) {
    -          fs.copyFromLocalFile(false, false, localKeyTabPath, destPath);
    -        }
    -        dag.setAttribute(LogicalPlan.KEY_TAB_FILE, destPath.toString());
    -      }
    +    // TODO:- Need to see if other token refresh attributes are needed if security is
not enabled
    +    if (UserGroupInformation.isSecurityEnabled()) {
    +      setTokenRefreshKeytab(dag, conf);
    --- End diff --
    
    Is this refactoring required? This function is not used any where else too....
    I don't see any change in the existing code and refactored code other than one new log
message at warn level



> Token refresh mechanism not considering keytab specified in command line
> ------------------------------------------------------------------------
>
>                 Key: APEXCORE-460
>                 URL: https://issues.apache.org/jira/browse/APEXCORE-460
>             Project: Apache Apex Core
>          Issue Type: Bug
>    Affects Versions: 3.4.0
>            Reporter: Pramod Immaneni
>            Assignee: Pramod Immaneni
>
> When a separate keytab isn't specified for token refresh then the keytab specified by
dt.authentication.keytab property is used, however the keytab passed in from command line
isn't considered. It needs to be considered before the looking at the property.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message