private void login(Configuration configuration) throws IOException { if (configuration.get(HIVE_KEYTAB_FILE_KEY) == null) { configuration.set(HIVE_KEYTAB_FILE_KEY, hiveKeytab); } if (configuration.get(HIVE_PRINCIPAL_KEY) == null) { configuration.set(HIVE_PRINCIPAL_KEY, hivePrincipal); } SecurityUtil.login(configuration, HIVE_KEYTAB_FILE_KEY, HIVE_PRINCIPAL_KEY); LOG.info("Logged into hive with principal {}", configuration.get(HIVE_PRINCIPAL_KEY)); }
private void login(Configuration configuration) throws IOException { if (configuration.get(STORM_KEYTAB_FILE_KEY) == null) { configuration.set(STORM_KEYTAB_FILE_KEY, hdfsKeyTab); } if (configuration.get(STORM_USER_NAME_KEY) == null) { configuration.set(STORM_USER_NAME_KEY, hdfsPrincipal); } SecurityUtil.login(configuration, STORM_KEYTAB_FILE_KEY, STORM_USER_NAME_KEY); LOG.info("Logged into hdfs with principal {}", configuration.get(STORM_USER_NAME_KEY)); }
protected void doSecureLogin(Configuration conf) throws IOException { InetSocketAddress socAddr = getBindAddress(conf); SecurityUtil.login(conf, XLearningConfiguration.XLEARNING_HISTORY_KEYTAB, XLearningConfiguration.XLEARNING_HISTORY_PRINCIPAL, socAddr.getHostName()); }
public static void login(Map<String, Object> conf, Configuration hdfsConfig) throws IOException { //If AutoHDFS is specified, do not attempt to login using keytabs, only kept for backward compatibility. if(conf.get(TOPOLOGY_AUTO_CREDENTIALS) == null || (!(((List)conf.get(TOPOLOGY_AUTO_CREDENTIALS)).contains(AutoHDFS.class.getName())) && !(((List)conf.get(TOPOLOGY_AUTO_CREDENTIALS)).contains(AutoTGT.class.getName())))) { if (UserGroupInformation.isSecurityEnabled()) { // compareAndSet added because of https://issues.apache.org/jira/browse/STORM-1535 if (isLoggedIn.compareAndSet(false, true)) { LOG.info("Logging in using keytab as AutoHDFS is not specified for " + TOPOLOGY_AUTO_CREDENTIALS); String keytab = (String) conf.get(STORM_KEYTAB_FILE_KEY); if (keytab != null) { hdfsConfig.set(STORM_KEYTAB_FILE_KEY, keytab); } String userName = (String) conf.get(STORM_USER_NAME_KEY); if (userName != null) { hdfsConfig.set(STORM_USER_NAME_KEY, userName); } SecurityUtil.login(hdfsConfig, STORM_KEYTAB_FILE_KEY, STORM_USER_NAME_KEY); } } } } }
/** * Obtain credentials for the current process using the configured * Kerberos keytab file and principal. * @see User#login(org.apache.hadoop.conf.Configuration, String, String, String) * * @param conf the Configuration to use * @param fileConfKey Configuration property key used to store the path * to the keytab file * @param principalConfKey Configuration property key used to store the * principal name to login as * @param localhost the local hostname */ public static void login(Configuration conf, String fileConfKey, String principalConfKey, String localhost) throws IOException { if (isSecurityEnabled()) { SecurityUtil.login(conf, fileConfKey, principalConfKey, localhost); } }
private void login(PropertyKey keytabFileKey, String keytabFile, PropertyKey principalKey, String principal, String hostname) throws IOException { org.apache.hadoop.conf.Configuration conf = new org.apache.hadoop.conf.Configuration(); conf.set(keytabFileKey.toString(), keytabFile); conf.set(principalKey.toString(), principal); SecurityUtil.login(conf, keytabFileKey.toString(), principalKey.toString(), hostname); }
/** * Login as a principal specified in config. Substitute $host in * user's Kerberos principal name with a dynamically looked-up fully-qualified * domain name of the current host. * * @param conf * conf to use * @param keytabFileKey * the key to look for keytab file in conf * @param userNameKey * the key to look for user's Kerberos principal name in conf * @throws IOException if login fails */ @InterfaceAudience.Public @InterfaceStability.Evolving public static void login(final Configuration conf, final String keytabFileKey, final String userNameKey) throws IOException { login(conf, keytabFileKey, userNameKey, getLocalHostName(conf)); }
@Override public void init(SubsetConfiguration metrics2Properties) { properties = metrics2Properties; basePath = new Path(properties.getString(BASEPATH_KEY, BASEPATH_DEFAULT)); source = properties.getString(SOURCE_KEY, SOURCE_DEFAULT); ignoreError = properties.getBoolean(IGNORE_ERROR_KEY, DEFAULT_IGNORE_ERROR); allowAppend = properties.getBoolean(ALLOW_APPEND_KEY, DEFAULT_ALLOW_APPEND); rollOffsetIntervalMillis = getNonNegative(ROLL_OFFSET_INTERVAL_MILLIS_KEY, DEFAULT_ROLL_OFFSET_INTERVAL_MILLIS); rollIntervalMillis = getRollInterval(); conf = loadConf(); UserGroupInformation.setConfiguration(conf); // Don't do secure setup if it's not needed. if (UserGroupInformation.isSecurityEnabled()) { // Validate config so that we don't get an NPE checkIfPropertyExists(KEYTAB_PROPERTY_KEY); checkIfPropertyExists(USERNAME_PROPERTY_KEY); try { // Login as whoever we're supposed to be and let the hostname be pulled // from localhost. If security isn't enabled, this does nothing. SecurityUtil.login(conf, properties.getString(KEYTAB_PROPERTY_KEY), properties.getString(USERNAME_PROPERTY_KEY)); } catch (IOException ex) { throw new MetricsException("Error logging in securely: [" + ex.toString() + "]", ex); } } }
@Override public void loginAsFCUser() throws IOException { InetSocketAddress socAddr = DFSUtilClient.getNNAddress(conf); SecurityUtil.login(conf, DFS_NAMENODE_KEYTAB_FILE_KEY, DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName()); }
/** * Login as the configured user for the NameNode. */ void loginAsNameNodeUser(Configuration conf) throws IOException { InetSocketAddress socAddr = getRpcServerAddress(conf); SecurityUtil.login(conf, DFS_NAMENODE_KEYTAB_FILE_KEY, DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName()); }
private static void secureLogin(Configuration conf) throws IOException { UserGroupInformation.setConfiguration(conf); String addr = conf.get(DFSConfigKeys.DFS_SPS_ADDRESS_KEY, DFSConfigKeys.DFS_SPS_ADDRESS_DEFAULT); InetSocketAddress socAddr = NetUtils.createSocketAddr(addr, 0, DFSConfigKeys.DFS_SPS_ADDRESS_KEY); SecurityUtil.login(conf, DFSConfigKeys.DFS_SPS_KEYTAB_FILE_KEY, DFSConfigKeys.DFS_SPS_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName()); }
private static void checkKeytabAndInit(Configuration conf) throws IOException { if (conf.getBoolean(DFSConfigKeys.DFS_BALANCER_KEYTAB_ENABLED_KEY, DFSConfigKeys.DFS_BALANCER_KEYTAB_ENABLED_DEFAULT)) { LOG.info("Keytab is configured, will login using keytab."); UserGroupInformation.setConfiguration(conf); String addr = conf.get(DFSConfigKeys.DFS_BALANCER_ADDRESS_KEY, DFSConfigKeys.DFS_BALANCER_ADDRESS_DEFAULT); InetSocketAddress socAddr = NetUtils.createSocketAddr(addr, 0, DFSConfigKeys.DFS_BALANCER_ADDRESS_KEY); SecurityUtil.login(conf, DFSConfigKeys.DFS_BALANCER_KEYTAB_FILE_KEY, DFSConfigKeys.DFS_BALANCER_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName()); } }
private static void checkKeytabAndInit(Configuration conf) throws IOException { if (conf.getBoolean(DFSConfigKeys.DFS_MOVER_KEYTAB_ENABLED_KEY, DFSConfigKeys.DFS_MOVER_KEYTAB_ENABLED_DEFAULT)) { LOG.info("Keytab is configured, will login using keytab."); UserGroupInformation.setConfiguration(conf); String addr = conf.get(DFSConfigKeys.DFS_MOVER_ADDRESS_KEY, DFSConfigKeys.DFS_MOVER_ADDRESS_DEFAULT); InetSocketAddress socAddr = NetUtils.createSocketAddr(addr, 0, DFSConfigKeys.DFS_MOVER_ADDRESS_KEY); SecurityUtil.login(conf, DFSConfigKeys.DFS_MOVER_KEYTAB_FILE_KEY, DFSConfigKeys.DFS_MOVER_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName()); } }
@Override public int run(String[] args) throws Exception { parseArgs(args); parseConfAndFindOtherNN(); NameNode.checkAllowFormat(conf); InetSocketAddress myAddr = DFSUtilClient.getNNAddress(conf); SecurityUtil.login(conf, DFS_NAMENODE_KEYTAB_FILE_KEY, DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, myAddr.getHostName()); return SecurityUtil.doAsLoginUserOrFatal(new PrivilegedAction<Integer>() { @Override public Integer run() { try { return doRun(); } catch (IOException e) { throw new RuntimeException(e); } } }); }
SecurityUtil.login(conf, DFSConfigKeys.DFS_JOURNALNODE_KEYTAB_FILE_KEY, DFSConfigKeys.DFS_JOURNALNODE_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName());
QueryServices.QUERY_SERVER_KERBEROS_PRINCIPAL_ATTRIB) + "."); SecurityUtil.login(getConf(), QueryServices.QUERY_SERVER_KEYTAB_FILENAME_ATTRIB, QueryServices.QUERY_SERVER_KERBEROS_PRINCIPAL_ATTRIB, hostname); LOG.info("Login successful.");
SecurityUtil.login(conf, DFS_NAMENODE_KEYTAB_FILE_KEY, DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName());
UserGroupInformation.setConfiguration(conf); if (UserGroupInformation.isSecurityEnabled()) { SecurityUtil.login(conf, DFSConfigKeys.DFS_SECONDARY_NAMENODE_KEYTAB_FILE_KEY, DFSConfigKeys.DFS_SECONDARY_NAMENODE_KERBEROS_PRINCIPAL_KEY, infoBindAddress);
/** Instantiate a single datanode object, along with its secure resources. * This must be run by invoking{@link DataNode#runDatanodeDaemon()} * subsequently. */ public static DataNode instantiateDataNode(String args [], Configuration conf, SecureResources resources) throws IOException { if (conf == null) conf = new HdfsConfiguration(); if (args != null) { // parse generic hadoop options GenericOptionsParser hParser = new GenericOptionsParser(conf, args); args = hParser.getRemainingArgs(); } if (!parseArguments(args, conf)) { printUsage(System.err); return null; } Collection<StorageLocation> dataLocations = getStorageLocations(conf); UserGroupInformation.setConfiguration(conf); SecurityUtil.login(conf, DFS_DATANODE_KEYTAB_FILE_KEY, DFS_DATANODE_KERBEROS_PRINCIPAL_KEY, getHostName(conf)); return makeInstance(dataLocations, conf, resources); }
SecurityUtil.login(conf, DFS_NAMENODE_KEYTAB_FILE_KEY, DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName());