hive-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ser...@apache.org
Subject [1/2] hive git commit: HIVE-14136 : LLAP ZK SecretManager should resolve _HOST in principal (Sergey Shelukhin, reviewed by Siddharth Seth)
Date Thu, 30 Jun 2016 23:06:10 GMT
Repository: hive
Updated Branches:
  refs/heads/branch-2.1 19192a631 -> e2da0e163
  refs/heads/master 2de64b0b0 -> 4d349dadb


HIVE-14136 : LLAP ZK SecretManager should resolve _HOST in principal (Sergey Shelukhin, reviewed
by Siddharth Seth)


Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/4d349dad
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/4d349dad
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/4d349dad

Branch: refs/heads/master
Commit: 4d349dadb2c6103b8b1f50226f2384b519dcc59b
Parents: 2de64b0
Author: Sergey Shelukhin <sershe@apache.org>
Authored: Thu Jun 30 16:00:04 2016 -0700
Committer: Sergey Shelukhin <sershe@apache.org>
Committed: Thu Jun 30 16:00:04 2016 -0700

----------------------------------------------------------------------
 .../hadoop/hive/llap/security/SecretManager.java     | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hive/blob/4d349dad/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
----------------------------------------------------------------------
diff --git a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
index 9431e4f..f43e74d 100644
--- a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
+++ b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
@@ -34,6 +34,7 @@ import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
 import org.apache.hadoop.hive.llap.LlapUtil;
 import org.apache.hadoop.hive.llap.security.LlapTokenIdentifier;
 import org.apache.hadoop.io.Text;
+import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.security.token.delegation.DelegationKey;
@@ -44,8 +45,6 @@ import org.apache.zookeeper.data.Id;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.google.protobuf.ByteString;
-
 public class SecretManager extends ZKDelegationTokenSecretManager<LlapTokenIdentifier>
   implements SigningSecretManager {
   private static final Logger LOG = LoggerFactory.getLogger(SecretManager.class);
@@ -63,6 +62,7 @@ public class SecretManager extends ZKDelegationTokenSecretManager<LlapTokenIdent
 
   @Override
   public void startThreads() throws IOException {
+    LOG.info("Starting ZK threads as user " + UserGroupInformation.getCurrentUser());
     super.startThreads();
     if (!HiveConf.getBoolVar(conf, ConfVars.LLAP_VALIDATE_ACLS)
       || !UserGroupInformation.isSecurityEnabled()) return;
@@ -154,7 +154,12 @@ public class SecretManager extends ZKDelegationTokenSecretManager<LlapTokenIdent
         conf, ConfVars.LLAP_DELEGATION_TOKEN_LIFETIME, TimeUnit.SECONDS);
     zkConf.setLong(DelegationTokenManager.MAX_LIFETIME, tokenLifetime);
     zkConf.setLong(DelegationTokenManager.RENEW_INTERVAL, tokenLifetime);
-    zkConf.set(SecretManager.ZK_DTSM_ZK_KERBEROS_PRINCIPAL, principal);
+    try {
+      zkConf.set(SecretManager.ZK_DTSM_ZK_KERBEROS_PRINCIPAL,
+          SecurityUtil.getServerPrincipal(principal, "0.0.0.0"));
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
     zkConf.set(SecretManager.ZK_DTSM_ZK_KERBEROS_KEYTAB, keyTab);
     String zkPath = "zkdtsm_" + clusterId;
     LOG.info("Using {} as ZK secret manager path", zkPath);
@@ -172,14 +177,14 @@ public class SecretManager extends ZKDelegationTokenSecretManager<LlapTokenIdent
     return new LlapZkConf(zkConf, zkUgi);
   }
 
-  public static SecretManager createSecretManager(final Configuration conf, String clusterId)
{
+  public static SecretManager createSecretManager(Configuration conf, String clusterId) {
     String llapPrincipal = HiveConf.getVar(conf, ConfVars.LLAP_KERBEROS_PRINCIPAL),
         llapKeytab = HiveConf.getVar(conf, ConfVars.LLAP_KERBEROS_KEYTAB_FILE);
     return SecretManager.createSecretManager(conf, llapPrincipal, llapKeytab, clusterId);
   }
 
   public static SecretManager createSecretManager(
-      final Configuration conf, String llapPrincipal, String llapKeytab, final String clusterId)
{
+      Configuration conf, String llapPrincipal, String llapKeytab, final String clusterId)
{
     assert UserGroupInformation.isSecurityEnabled();
     final LlapZkConf c = createLlapZkConf(conf, llapPrincipal, llapKeytab, clusterId);
     return c.zkUgi.doAs(new PrivilegedAction<SecretManager>() {


Mime
View raw message