LIVY-310. Kinit should be called before doing recovery check. (#285)
Project: http://git-wip-us.apache.org/repos/asf/incubator-livy/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-livy/commit/807036af Tree: http://git-wip-us.apache.org/repos/asf/incubator-livy/tree/807036af Diff: http://git-wip-us.apache.org/repos/asf/incubator-livy/diff/807036af Branch: refs/heads/master Commit: 807036afe2d5aa8ff64ffb8f70632e993b626fcb Parents: 9575d8f Author: Saisai Shao <sai.sai.s...@gmail.com> Authored: Mon Feb 13 10:28:06 2017 +0800 Committer: Alex Man <tc.technet...@gmail.com> Committed: Sun Feb 12 21:28:06 2017 -0500 ---------------------------------------------------------------------- .../com/cloudera/livy/server/LivyServer.scala | 55 +++++++++++--------- 1 file changed, 29 insertions(+), 26 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-livy/blob/807036af/server/src/main/scala/com/cloudera/livy/server/LivyServer.scala ---------------------------------------------------------------------- diff --git a/server/src/main/scala/com/cloudera/livy/server/LivyServer.scala b/server/src/main/scala/com/cloudera/livy/server/LivyServer.scala index 71d7bea..938f3a6 100644 --- a/server/src/main/scala/com/cloudera/livy/server/LivyServer.scala +++ b/server/src/main/scala/com/cloudera/livy/server/LivyServer.scala @@ -25,7 +25,7 @@ import javax.servlet._ import scala.concurrent.ExecutionContext.Implicits.global import scala.concurrent.Future -import org.apache.hadoop.security.SecurityUtil +import org.apache.hadoop.security.{SecurityUtil, UserGroupInformation} import org.apache.hadoop.security.authentication.server._ import org.eclipse.jetty.servlet.FilterHolder import org.scalatra.metrics.MetricsBootstrap @@ -86,6 +86,33 @@ class LivyServer extends Logging { livyConf.set(LIVY_SPARK_SCALA_VERSION.key, sparkScalaVersion(formattedSparkVersion, scalaVersionFromSparkSubmit, livyConf)) + if (UserGroupInformation.isSecurityEnabled) { + // If Hadoop security is enabled, run kinit periodically. runKinit() should be called + // before any Hadoop operation, otherwise Kerberos exception will be thrown. + executor = Executors.newScheduledThreadPool(1, + new ThreadFactory() { + override def newThread(r: Runnable): Thread = { + val thread = new Thread(r) + thread.setName("kinit-thread") + thread.setDaemon(true) + thread + } + } + ) + val launch_keytab = livyConf.get(LAUNCH_KERBEROS_KEYTAB) + val launch_principal = SecurityUtil.getServerPrincipal( + livyConf.get(LAUNCH_KERBEROS_PRINCIPAL), server.host) + require(launch_keytab != null, + s"Kerberos requires ${LAUNCH_KERBEROS_KEYTAB.key} to be provided.") + require(launch_principal != null, + s"Kerberos requires ${LAUNCH_KERBEROS_PRINCIPAL.key} to be provided.") + if (!runKinit(launch_keytab, launch_principal)) { + error("Failed to run kinit, stopping the server.") + sys.exit(1) + } + startKinitThread(launch_keytab, launch_principal) + } + testRecovery(livyConf) // Initialize YarnClient ASAP to save time. @@ -171,31 +198,7 @@ class LivyServer extends Logging { server.context.addFilter(holder, "/*", EnumSet.allOf(classOf[DispatcherType])) info(s"SPNEGO auth enabled (principal = $principal)") - // run kinit periodically - executor = Executors.newScheduledThreadPool(1, - new ThreadFactory() { - override def newThread(r: Runnable): Thread = { - val thread = new Thread(r) - thread.setName("kinit-thread") - thread.setDaemon(true) - thread - } - } - ) - val launch_keytab = livyConf.get(LAUNCH_KERBEROS_KEYTAB) - val launch_principal = SecurityUtil.getServerPrincipal( - livyConf.get(LAUNCH_KERBEROS_PRINCIPAL), server.host) - require(launch_keytab != null, - s"Kerberos requires ${LAUNCH_KERBEROS_KEYTAB.key} to be provided.") - require(launch_principal != null, - s"Kerberos requires ${LAUNCH_KERBEROS_PRINCIPAL.key} to be provided.") - if (!runKinit(launch_keytab, launch_principal)) { - error("Failed to run kinit, stopping the server.") - sys.exit(1) - } - startKinitThread(launch_keytab, launch_principal) - - case null => + case null => // Nothing to do. case other =>
