HIVE-14136 : LLAP ZK SecretManager should resolve _HOST in principal (Sergey
Shelukhin, reviewed by Siddharth Seth)
Conflicts:
llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/e2da0e16
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/e2da0e16
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/e2da0e16
Branch: refs/heads/branch-2.1
Commit: e2da0e163dba1ecb58fe66d319df22cf1efd970a
Parents: 19192a6
Author: Sergey Shelukhin <ser...@apache.org>
Authored: Thu Jun 30 16:00:04 2016 -0700
Committer: Sergey Shelukhin <ser...@apache.org>
Committed: Thu Jun 30 16:02:33 2016 -0700
----------------------------------------------------------------------
.../hadoop/hive/llap/security/SecretManager.java | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hive/blob/e2da0e16/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
----------------------------------------------------------------------
diff --git
a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
index 8eca946..dc06cc9 100644
---
a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
+++
b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
@@ -34,6 +34,7 @@ import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
import org.apache.hadoop.hive.llap.LlapUtil;
import org.apache.hadoop.hive.llap.security.LlapTokenIdentifier;
import org.apache.hadoop.io.Text;
+import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.delegation.DelegationKey;
@@ -61,6 +62,7 @@ public class SecretManager extends
ZKDelegationTokenSecretManager<LlapTokenIdent
@Override
public void startThreads() throws IOException {
+ LOG.info("Starting ZK threads as user " +
UserGroupInformation.getCurrentUser());
super.startThreads();
if (!HiveConf.getBoolVar(conf, ConfVars.LLAP_VALIDATE_ACLS)
|| !UserGroupInformation.isSecurityEnabled()) return;
@@ -152,7 +154,12 @@ public class SecretManager extends
ZKDelegationTokenSecretManager<LlapTokenIdent
conf, ConfVars.LLAP_DELEGATION_TOKEN_LIFETIME, TimeUnit.SECONDS);
zkConf.setLong(DelegationTokenManager.MAX_LIFETIME, tokenLifetime);
zkConf.setLong(DelegationTokenManager.RENEW_INTERVAL, tokenLifetime);
- zkConf.set(SecretManager.ZK_DTSM_ZK_KERBEROS_PRINCIPAL, principal);
+ try {
+ zkConf.set(SecretManager.ZK_DTSM_ZK_KERBEROS_PRINCIPAL,
+ SecurityUtil.getServerPrincipal(principal, "0.0.0.0"));
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
zkConf.set(SecretManager.ZK_DTSM_ZK_KERBEROS_KEYTAB, keyTab);
String zkPath = "zkdtsm_" + clusterId;
LOG.info("Using {} as ZK secret manager path", zkPath);
@@ -170,14 +177,14 @@ public class SecretManager extends
ZKDelegationTokenSecretManager<LlapTokenIdent
return new LlapZkConf(zkConf, zkUgi);
}
- public static SecretManager createSecretManager(final Configuration conf,
String clusterId) {
+ public static SecretManager createSecretManager(Configuration conf, String
clusterId) {
String llapPrincipal = HiveConf.getVar(conf,
ConfVars.LLAP_KERBEROS_PRINCIPAL),
llapKeytab = HiveConf.getVar(conf, ConfVars.LLAP_KERBEROS_KEYTAB_FILE);
return SecretManager.createSecretManager(conf, llapPrincipal, llapKeytab,
clusterId);
}
public static SecretManager createSecretManager(
- final Configuration conf, String llapPrincipal, String llapKeytab, final
String clusterId) {
+ Configuration conf, String llapPrincipal, String llapKeytab, final
String clusterId) {
final LlapZkConf c = createLlapZkConf(conf, llapPrincipal, llapKeytab,
clusterId);
return c.zkUgi.doAs(new PrivilegedAction<SecretManager>() {
@Override
