SLIDER-416 substitute hostname for _HOST in principals
Project: http://git-wip-us.apache.org/repos/asf/incubator-slider/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-slider/commit/e24060b9 Tree: http://git-wip-us.apache.org/repos/asf/incubator-slider/tree/e24060b9 Diff: http://git-wip-us.apache.org/repos/asf/incubator-slider/diff/e24060b9 Branch: refs/heads/feature/SLIDER-149_Support_a_YARN_service_registry Commit: e24060b93751f9a73592be0ca628d3a403d044a3 Parents: ce0c052 Author: Billie Rinaldi <billie.rina...@gmail.com> Authored: Tue Sep 9 20:17:30 2014 -0700 Committer: Billie Rinaldi <billie.rina...@gmail.com> Committed: Tue Sep 9 20:17:30 2014 -0700 ---------------------------------------------------------------------- .../java/org/apache/slider/core/launch/AppMasterLauncher.java | 6 +++++- .../server/services/security/FsDelegationTokenManager.java | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/e24060b9/slider-core/src/main/java/org/apache/slider/core/launch/AppMasterLauncher.java ---------------------------------------------------------------------- diff --git a/slider-core/src/main/java/org/apache/slider/core/launch/AppMasterLauncher.java b/slider-core/src/main/java/org/apache/slider/core/launch/AppMasterLauncher.java index bd8a0a5..c9ac20c 100644 --- a/slider-core/src/main/java/org/apache/slider/core/launch/AppMasterLauncher.java +++ b/slider-core/src/main/java/org/apache/slider/core/launch/AppMasterLauncher.java @@ -20,6 +20,7 @@ package org.apache.slider.core.launch; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.FileSystem; +import org.apache.hadoop.security.SecurityUtil; import org.apache.hadoop.yarn.api.records.ApplicationId; import org.apache.hadoop.yarn.api.records.ApplicationSubmissionContext; import org.apache.hadoop.yarn.api.records.Priority; @@ -35,6 +36,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.IOException; +import java.net.InetAddress; import java.util.Map; import java.util.Set; @@ -196,7 +198,9 @@ public class AppMasterLauncher extends AbstractLauncher { */ private void addSecurityTokens() throws IOException { - String tokenRenewer = getConf().get(YarnConfiguration.RM_PRINCIPAL); + String tokenRenewer = SecurityUtil.getServerPrincipal( + getConf().get(YarnConfiguration.RM_PRINCIPAL), + InetAddress.getLocalHost().getCanonicalHostName()); if (SliderUtils.isUnset(tokenRenewer)) { throw new IOException( "Can't get Master Kerberos principal for the RM to use as renewer: " http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/e24060b9/slider-core/src/main/java/org/apache/slider/server/services/security/FsDelegationTokenManager.java ---------------------------------------------------------------------- diff --git a/slider-core/src/main/java/org/apache/slider/server/services/security/FsDelegationTokenManager.java b/slider-core/src/main/java/org/apache/slider/server/services/security/FsDelegationTokenManager.java index cce2de0..c892b10 100644 --- a/slider-core/src/main/java/org/apache/slider/server/services/security/FsDelegationTokenManager.java +++ b/slider-core/src/main/java/org/apache/slider/server/services/security/FsDelegationTokenManager.java @@ -20,6 +20,7 @@ import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.FileSystem; import org.apache.hadoop.hdfs.DFSConfigKeys; import org.apache.hadoop.io.Text; +import org.apache.hadoop.security.SecurityUtil; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.TokenIdentifier; @@ -35,6 +36,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.IOException; +import java.net.InetAddress; import java.security.PrivilegedExceptionAction; import java.text.DateFormat; import java.util.Date; @@ -67,7 +69,9 @@ public class FsDelegationTokenManager { // using HDFS principal... this.remoteUser = UserGroupInformation .loginUserFromKeytabAndReturnUGI( - loginConfig.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY), + SecurityUtil.getServerPrincipal( + loginConfig.get(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY), + InetAddress.getLocalHost().getCanonicalHostName()), loginConfig.get(DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY)); log.info("Created remote user {}. UGI reports current user is {}", this.remoteUser, UserGroupInformation.getCurrentUser());
