[jira] [Updated] (OOZIE-2490) Oozie can't set hadoop.security.token.service.use_ip

Mon, 28 Mar 2016 15:54:03 -0700 

     [ 
https://issues.apache.org/jira/browse/OOZIE-2490?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Kanter updated OOZIE-2490:
---------------------------------
    Attachment: OOZIE-2490.001.patch

The patch is pretty straightforward.  It calls 
{{SecurityUtil#setConfiguration}} using the {{Configuration}} from the default 
NN (or wildcard, or an arbitrary NN) if the method exists.  I put it at the end 
of {{HadoopAccessorService#init}}, which should be after the hadoop configs are 
loaded but before anything starts using them.

Unit tests proved to be too complicated because of the reflection and 
dependence on Hadoop classes and methods.  I did verify that it works correctly 
in a cluster with and without the {{setConfiguration}} method.

> Oozie can't set hadoop.security.token.service.use_ip
> ----------------------------------------------------
>
>                 Key: OOZIE-2490
>                 URL: https://issues.apache.org/jira/browse/OOZIE-2490
>             Project: Oozie
>          Issue Type: Bug
>    Affects Versions: trunk
>            Reporter: Robert Kanter
>            Assignee: Robert Kanter
>             Fix For: trunk
>
>         Attachments: OOZIE-2490.001.patch
>
>
> Currently, Oozie has no way of setting 
> {{hadoop.security.token.service.use_ip}} to the non-default value, as 
> explained in HADOOP-12954.  Once that is resolved, we should have Oozie set 
> {{hadoop.security.token.service.use_ip}} on startup via the new method added 
> by HADOOP-12954.  
> {{hadoop.security.token.service.use_ip}} (default=true) is needed if your 
> network is setup such that you need to use hostnames in delegation tokens 
> instead of ip addresses.
> e.g.
> {noformat}
> Kind: HDFS_DELEGATION_TOKEN, Service: 127.0.0.1:8020, Ident: 
> (HDFS_DELEGATION_TOKEN token 7 for hive)
> {noformat}
> vs
> {noformat}
> Kind: HDFS_DELEGATION_TOKEN, Service: foo.bar.cloudera.com:8020, Ident: 
> (HDFS_DELEGATION_TOKEN token 4 for hive)
> {noformat}
> Some notes:
> - Ideally, {{hadoop.security.token.service.use_ip}} could be set on a 
> per-cluster basis (because Oozie supports multiple clusters), however, like 
> many of Hadoop's Security stuff, it's static so we can't.  I think we should 
> have Oozie use the {{Configuration}} associated with the default NN/JT/RM 
> when setting this.
> - We'll have to use reflection to do this because HADOOP-12954 will add a new 
> method and we can't guarantee the method is there.  If the method doesn't 
> exist, there's no alternative to set 
> {{hadoop.security.token.service.use_ip}}, so we'll just ignore it.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to