hadoop-hdfs-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jgho...@apache.org
Subject svn commit: r962908 - in /hadoop/hdfs/trunk: CHANGES.txt src/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java
Date Sat, 10 Jul 2010 19:44:30 GMT
Author: jghoman
Date: Sat Jul 10 19:44:30 2010
New Revision: 962908

URL: http://svn.apache.org/viewvc?rev=962908&view=rev
Log:
HDFS-1023. Allow http server to start as regular principal if https principal not defined.

Modified:
    hadoop/hdfs/trunk/CHANGES.txt
    hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java

Modified: hadoop/hdfs/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/hdfs/trunk/CHANGES.txt?rev=962908&r1=962907&r2=962908&view=diff
==============================================================================
--- hadoop/hdfs/trunk/CHANGES.txt (original)
+++ hadoop/hdfs/trunk/CHANGES.txt Sat Jul 10 19:44:30 2010
@@ -21,6 +21,9 @@ Trunk (unreleased changes)
     HDFS-1033. In secure clusters, NN and SNN should verify that the remote 
     principal during image and edits transfer. (jghoman)
 
+    HDFS-1023. Allow http server to start as regular principal if https 
+    principal not defined. (jghoman)
+
   IMPROVEMENTS
 
     HDFS-1096. fix for prev. commit. (boryas)

Modified: hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java
URL: http://svn.apache.org/viewvc/hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java?rev=962908&r1=962907&r2=962908&view=diff
==============================================================================
--- hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java (original)
+++ hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java Sat Jul
10 19:44:30 2010
@@ -414,9 +414,20 @@ public class NameNode implements Namenod
   }
 
   private void startHttpServer(final Configuration conf) throws IOException {
-    // Kerberized SSL servers must be run from the host principal...
-    DFSUtil.login(conf, DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY,
-        DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY);
+    if(UserGroupInformation.isSecurityEnabled()) {
+        String httpsUser = conf.get(DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY);
+        if(httpsUser == null) {
+          LOG.warn(DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY + 
+              " not defined in config. Starting http server as " 
+              + conf.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY)
+             + ": Kerberized SSL may be not function correctly.");
+        } else {
+          // Kerberized SSL servers must be run from the host principal...
+          LOG.info("Logging in as " + httpsUser + " to start http server.");
+          DFSUtil.login(conf, DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY, 
+                              DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY);
+        }
+    }
     UserGroupInformation ugi = UserGroupInformation.getLoginUser();
     try {
       this.httpServer = ugi.doAs(new PrivilegedExceptionAction<HttpServer>() {
@@ -483,9 +494,15 @@ public class NameNode implements Namenod
     } catch (InterruptedException e) {
       throw new IOException(e);
     } finally {
-      // Go back to being the correct Namenode principal
-      DFSUtil.login(conf, DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY,
-          DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY);
+      if(UserGroupInformation.isSecurityEnabled() && 
+          conf.get(DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY) != null) {
+        // Go back to being the correct Namenode principal
+        LOG.info("Logging back in as " 
+            + conf.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY) 
+            + " following http server start.");
+        DFSUtil.login(conf, DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY,
+            DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY);
+      }
     }
   }
 



Mime
View raw message