[jira] [Commented] (SQOOP-2744) Sqoop2: Enable kerberos for HadoopMiniCluster

Wed, 16 Dec 2015 04:22:56 -0800 

    [ 
https://issues.apache.org/jira/browse/SQOOP-2744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15059909#comment-15059909
 ] 

Dian Fu commented on SQOOP-2744:
--------------------------------

I found some problems when developing the patch for this JIRA. One of the most 
important ones is as follows:
*Problem description*:
Currently, all the services in the integration test start up in one JVM (such 
as sqoop server, HDFS cluster, YARN cluster, Job history server, etc). This 
will cause problems for kerberos test as there are some important {{static}} 
variables in {{UserGroupInformation}}, such as {{private static 
UserGroupInformation loginUser}}. This static variable records the current 
login user and it has the following impact if all the services start up in one 
JVM:
1) When HDFS start up, NameNode and DataNode will do secure login. For example, 
they could login with user {{hdfs}}. Then {{loginUser}} will stand for user 
{{hdfs}}.
2) When YARN start up, JobHistoryServer will do secure login (in MRMiniCluster, 
ResourceManager and NodeManager don't do secure login, not sure why?). For 
example, it could login with user {{mapred}}. Then {{loginUser}} changed to 
user {{mapred}}.
3) When Sqoop server start up, it will do secure login with user {{sqoop}} for 
example. Then {{loginUser}} changed to user {{sqoop}}.
4) Then if a client access NameNode via RPC, it will firstly do authentication 
with NameNode using SASL. The NameNode side will firstly create a 
{{SaslRpcServer}} in method {{Server.createSaslServer}} and in the constructor 
of {{SaslRpcServer}}, it will look up the currently login user (the information 
of the login user will be sent back to client to do manual authentication) and 
it's {{sqoop}} at this time which is not correct.
*Solution*:
All the services start up as the same user.
Any thoughts?

> Sqoop2: Enable kerberos for HadoopMiniCluster
> ---------------------------------------------
>
>                 Key: SQOOP-2744
>                 URL: https://issues.apache.org/jira/browse/SQOOP-2744
>             Project: Sqoop
>          Issue Type: Sub-task
>            Reporter: Dian Fu
>            Assignee: Dian Fu
>             Fix For: 1.99.7
>
>
> The aim of this JIRA is to enable kerberos for HadoopMiniCluster.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to