[GitHub] flink pull request: [FLINK-2977] Added support for accessing a Ker...

Fri, 13 Nov 2015 01:43:03 -0800 

Github user rmetzger commented on a diff in the pull request:

    https://github.com/apache/flink/pull/1342#discussion_r44764775
  
    --- Diff: flink-yarn/src/main/java/org/apache/flink/yarn/Utils.java ---
    @@ -135,7 +138,54 @@ public static void setTokensFor(ContainerLaunchContext 
amContainer, Path[] paths
                ByteBuffer securityTokens = ByteBuffer.wrap(dob.getData(), 0, 
dob.getLength());
                amContainer.setTokens(securityTokens);
        }
    -   
    +
    +   /**
    +    * Obtain Kerberos security token for HBase.
    +    */
    +   private static void obtainTokenForHBase(Credentials credentials, 
Configuration conf) throws IOException {
    +           if (UserGroupInformation.isSecurityEnabled()) {
    +                   LOG.info("Attempting to obtain Kerberos security token 
for HBase");
    +                   try {
    +                           // ----
    +                           // Intended call: 
HBaseConfiguration.addHbaseResources(conf);
    +                           Class
    +                                           
.forName("org.apache.hadoop.hbase.HBaseConfiguration")
    +                                           .getMethod("addHbaseResources", 
Configuration.class )
    +                                           .invoke(null, conf);
    +                           // ----
    +
    +                           LOG.info("HBase security setting: {}", 
conf.get("hbase.security.authentication"));
    +
    +                           if 
(!"kerberos".equals(conf.get("hbase.security.authentication"))) {
    +                                   LOG.info("HBase has not been configured 
to use Kerberos.");
    +                                   return;
    +                           }
    +
    +                           LOG.info("Obtaining Kerberos security token for 
HBase");
    +                           // ----
    +                           // Intended call: 
Token<AuthenticationTokenIdentifier> token = TokenUtil.obtainToken(conf);
    +                           Token<?> token = (Token<?>) Class
    +                                           
.forName("org.apache.hadoop.hbase.security.token.TokenUtil")
    +                                           .getMethod("obtainToken", 
Configuration.class)
    +                                           .invoke(null, conf);
    +                           // ----
    +
    +                           if (token == null) {
    +                                   LOG.error("No Kerberos security token 
for HBase available");
    +                                   return;
    +                           }
    +
    +                           credentials.addToken(token.getService(), token);
    +                           LOG.info("Added HBase Kerberos security token 
to credentials.");
    +                   } catch ( ClassNotFoundException
    +                                   | NoSuchMethodException
    +                                   | IllegalAccessException
    +                                   | InvocationTargetException e) {
    +                           LOG.info("HBase is not available (not packaged 
with this application).");
    --- End diff --
    
    Maybe it makes sense to add the exception to the log message (or even the 
full stack trace), so that users have a better understanding what exactly went 
wrong (for example hbase version mismatch)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Reply via email to