HIVE-14136 : LLAP ZK SecretManager should resolve _HOST in principal (Sergey Shelukhin, reviewed by Siddharth Seth)
Conflicts: llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/e2da0e16 Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/e2da0e16 Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/e2da0e16 Branch: refs/heads/branch-2.1 Commit: e2da0e163dba1ecb58fe66d319df22cf1efd970a Parents: 19192a6 Author: Sergey Shelukhin <ser...@apache.org> Authored: Thu Jun 30 16:00:04 2016 -0700 Committer: Sergey Shelukhin <ser...@apache.org> Committed: Thu Jun 30 16:02:33 2016 -0700 ---------------------------------------------------------------------- .../hadoop/hive/llap/security/SecretManager.java | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/e2da0e16/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java ---------------------------------------------------------------------- diff --git a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java index 8eca946..dc06cc9 100644 --- a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java +++ b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java @@ -34,6 +34,7 @@ import org.apache.hadoop.hive.conf.HiveConf.ConfVars; import org.apache.hadoop.hive.llap.LlapUtil; import org.apache.hadoop.hive.llap.security.LlapTokenIdentifier; import org.apache.hadoop.io.Text; +import org.apache.hadoop.security.SecurityUtil; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.delegation.DelegationKey; @@ -61,6 +62,7 @@ public class SecretManager extends ZKDelegationTokenSecretManager<LlapTokenIdent @Override public void startThreads() throws IOException { + LOG.info("Starting ZK threads as user " + UserGroupInformation.getCurrentUser()); super.startThreads(); if (!HiveConf.getBoolVar(conf, ConfVars.LLAP_VALIDATE_ACLS) || !UserGroupInformation.isSecurityEnabled()) return; @@ -152,7 +154,12 @@ public class SecretManager extends ZKDelegationTokenSecretManager<LlapTokenIdent conf, ConfVars.LLAP_DELEGATION_TOKEN_LIFETIME, TimeUnit.SECONDS); zkConf.setLong(DelegationTokenManager.MAX_LIFETIME, tokenLifetime); zkConf.setLong(DelegationTokenManager.RENEW_INTERVAL, tokenLifetime); - zkConf.set(SecretManager.ZK_DTSM_ZK_KERBEROS_PRINCIPAL, principal); + try { + zkConf.set(SecretManager.ZK_DTSM_ZK_KERBEROS_PRINCIPAL, + SecurityUtil.getServerPrincipal(principal, "0.0.0.0")); + } catch (IOException e) { + throw new RuntimeException(e); + } zkConf.set(SecretManager.ZK_DTSM_ZK_KERBEROS_KEYTAB, keyTab); String zkPath = "zkdtsm_" + clusterId; LOG.info("Using {} as ZK secret manager path", zkPath); @@ -170,14 +177,14 @@ public class SecretManager extends ZKDelegationTokenSecretManager<LlapTokenIdent return new LlapZkConf(zkConf, zkUgi); } - public static SecretManager createSecretManager(final Configuration conf, String clusterId) { + public static SecretManager createSecretManager(Configuration conf, String clusterId) { String llapPrincipal = HiveConf.getVar(conf, ConfVars.LLAP_KERBEROS_PRINCIPAL), llapKeytab = HiveConf.getVar(conf, ConfVars.LLAP_KERBEROS_KEYTAB_FILE); return SecretManager.createSecretManager(conf, llapPrincipal, llapKeytab, clusterId); } public static SecretManager createSecretManager( - final Configuration conf, String llapPrincipal, String llapKeytab, final String clusterId) { + Configuration conf, String llapPrincipal, String llapKeytab, final String clusterId) { final LlapZkConf c = createLlapZkConf(conf, llapPrincipal, llapKeytab, clusterId); return c.zkUgi.doAs(new PrivilegedAction<SecretManager>() { @Override