HADOOP-12559. KMS connection failures should trigger TGT renewal. Contributed by Zhe Zhang.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/993311e5 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/993311e5 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/993311e5 Branch: refs/heads/yarn-2877 Commit: 993311e547e6dd7757025d5ffc285019bd4fc1f6 Parents: a0249da Author: Xiaoyu Yao <x...@apache.org> Authored: Mon Dec 28 10:41:26 2015 -0800 Committer: Xiaoyu Yao <x...@apache.org> Committed: Mon Dec 28 10:41:26 2015 -0800 ---------------------------------------------------------------------- hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++ .../java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java | 2 ++ 2 files changed, 5 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/993311e5/hadoop-common-project/hadoop-common/CHANGES.txt ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 26543aa..d6b5116 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -1532,6 +1532,9 @@ Release 2.8.0 - UNRELEASED HADOOP-12681. start-build-env.sh fails in branch-2. (Kengo Seki via aajisaka) + HADOOP-12559. KMS connection failures should trigger TGT renewal. + (Zhe Zhang via xyao) + Release 2.7.3 - UNRELEASED INCOMPATIBLE CHANGES http://git-wip-us.apache.org/repos/asf/hadoop/blob/993311e5/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java index 1ffc44d..cbfa6f6 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java @@ -474,6 +474,8 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension, UserGroupInformation.AuthenticationMethod.PROXY) ? currentUgi.getShortUserName() : null; + // check and renew TGT to handle potential expiration + actualUgi.checkTGTAndReloginFromKeytab(); // creating the HTTP connection using the current UGI at constructor time conn = actualUgi.doAs(new PrivilegedExceptionAction<HttpURLConnection>() { @Override
