falcon-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From b...@apache.org
Subject falcon git commit: FALCON-2025 Periodic revalidation of kerberos credentials should be done on loginUser
Date Tue, 14 Jun 2016 15:58:19 GMT
Repository: falcon
Updated Branches:
  refs/heads/0.10 df6b53c83 -> 11ca2a0eb


FALCON-2025 Periodic revalidation of kerberos credentials should be done on loginUser

Author: bvellanki <bvellanki@hortonworks.com>

Reviewers: "sandeepSamudrala <sandysmdl@gmail.com>, Praveen Adlakha <adlakha.praveen@gmail.com>,
Sowmya Ramesh <sowmya_kr@apache.org>, Venkat Ranganathan <venkat@hortonworks.com>"

Closes #183 from bvellanki/FALCON-2025

(cherry picked from commit 00a07d561fdee4aba5be24cfe841c438b17a0e69)
Signed-off-by: bvellanki <bvellanki@hortonworks.com>


Project: http://git-wip-us.apache.org/repos/asf/falcon/repo
Commit: http://git-wip-us.apache.org/repos/asf/falcon/commit/11ca2a0e
Tree: http://git-wip-us.apache.org/repos/asf/falcon/tree/11ca2a0e
Diff: http://git-wip-us.apache.org/repos/asf/falcon/diff/11ca2a0e

Branch: refs/heads/0.10
Commit: 11ca2a0eb51821a03bd31b192c89e36530fb0961
Parents: df6b53c
Author: bvellanki <bvellanki@hortonworks.com>
Authored: Tue Jun 14 08:57:51 2016 -0700
Committer: bvellanki <bvellanki@hortonworks.com>
Committed: Tue Jun 14 08:58:13 2016 -0700

----------------------------------------------------------------------
 .../apache/falcon/hadoop/HadoopClientFactory.java |  4 +++-
 .../AuthenticationInitializationService.java      | 18 ++++++++++++------
 2 files changed, 15 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/falcon/blob/11ca2a0e/common/src/main/java/org/apache/falcon/hadoop/HadoopClientFactory.java
----------------------------------------------------------------------
diff --git a/common/src/main/java/org/apache/falcon/hadoop/HadoopClientFactory.java b/common/src/main/java/org/apache/falcon/hadoop/HadoopClientFactory.java
index d70c4b9..e30f51e 100644
--- a/common/src/main/java/org/apache/falcon/hadoop/HadoopClientFactory.java
+++ b/common/src/main/java/org/apache/falcon/hadoop/HadoopClientFactory.java
@@ -262,7 +262,9 @@ public final class HadoopClientFactory {
 
         try {
             if (UserGroupInformation.isSecurityEnabled()) {
-                ugi.checkTGTAndReloginFromKeytab();
+                LOG.debug("Revalidating Auth Token with auth method {}",
+                        UserGroupInformation.getLoginUser().getAuthenticationMethod().name());
+                UserGroupInformation.getLoginUser().checkTGTAndReloginFromKeytab();
             }
         } catch (IOException ioe) {
             throw new FalconException("Exception while getting FileSystem. Unable to check
TGT for user "

http://git-wip-us.apache.org/repos/asf/falcon/blob/11ca2a0e/common/src/main/java/org/apache/falcon/security/AuthenticationInitializationService.java
----------------------------------------------------------------------
diff --git a/common/src/main/java/org/apache/falcon/security/AuthenticationInitializationService.java
b/common/src/main/java/org/apache/falcon/security/AuthenticationInitializationService.java
index f7b2155..31be07a 100644
--- a/common/src/main/java/org/apache/falcon/security/AuthenticationInitializationService.java
+++ b/common/src/main/java/org/apache/falcon/security/AuthenticationInitializationService.java
@@ -67,6 +67,7 @@ public class AuthenticationInitializationService implements FalconService
{
 
     private Timer timer = new Timer();
     private static final String SERVICE_NAME = "Authentication initialization service";
+    private static final long DEFAULT_VALIDATE_FREQUENCY_SECS = 86300;
 
     @Override
     public String getName() {
@@ -83,8 +84,13 @@ public class AuthenticationInitializationService implements FalconService
{
             String authTokenValidity = StartupProperties.get().getProperty(AUTH_TOKEN_VALIDITY_SECONDS);
             long validateFrequency;
             try {
+                // -100 so that revalidation is done before expiry.
                 validateFrequency = (StringUtils.isNotEmpty(authTokenValidity))
-                        ? Long.parseLong(authTokenValidity) : 86400;
+                        ? (Long.parseLong(authTokenValidity) - 100) : DEFAULT_VALIDATE_FREQUENCY_SECS;
+                if (validateFrequency < 0) {
+                    throw new NumberFormatException("Value provided for startup property
\""
+                            + AUTH_TOKEN_VALIDITY_SECONDS + "\" should be greater than 100.");
+                }
             } catch (NumberFormatException nfe) {
                 throw new FalconException("Invalid value provided for startup property \""
                         + AUTH_TOKEN_VALIDITY_SECONDS + "\", please provide a valid long
number", nfe);
@@ -149,12 +155,12 @@ public class AuthenticationInitializationService implements FalconService
{
         @Override
         public void run() {
             try {
-                LOG.info("Validating Auth Token: {}", new Date());
-                initializeKerberos();
+                LOG.debug("Revalidating Auth Token at : {} with auth method {}", new Date(),
+                        UserGroupInformation.getLoginUser().getAuthenticationMethod().name());
+                UserGroupInformation.getLoginUser().checkTGTAndReloginFromKeytab();
             } catch (Throwable t) {
-                LOG.error("Error in Auth Token Validation task: ", t);
-                GenericAlert.initializeKerberosFailed(
-                        "Exception in Auth Token Validation : ", t);
+                LOG.error("Error in Auth Token revalidation task: ", t);
+                GenericAlert.initializeKerberosFailed("Exception in Auth Token revalidation
: ", t);
             }
         }
     }


Mime
View raw message