List of usage examples for org.apache.hadoop.security UserGroupInformation getLoginUser
@InterfaceAudience.Public @InterfaceStability.Evolving public static UserGroupInformation getLoginUser() throws IOException
From source file:org.apache.sentry.tests.e2e.kafka.AbstractKafkaSentryTestBase.java
License:Apache License
public static void setupConf() throws Exception { baseDir = createTempDir();/*from w w w. j av a 2 s . c om*/ sentrySitePath = new File(baseDir, "sentry-site.xml"); dbDir = new File(baseDir, "sentry_policy_db"); policyFilePath = new File(baseDir, "local_policy_file.ini"); policyFile = new PolicyFile(); /** set the configuration for Sentry Service */ Configuration conf = new Configuration(); conf.set(ServerConfig.SECURITY_MODE, ServerConfig.SECURITY_MODE_NONE); conf.set(ServerConfig.SENTRY_VERIFY_SCHEM_VERSION, "false"); conf.set(ServerConfig.ADMIN_GROUPS, Joiner.on(",").join(ADMIN_GROUP, UserGroupInformation.getLoginUser().getPrimaryGroupName())); conf.set(ServerConfig.RPC_PORT, String.valueOf(TestUtils.getFreePort())); conf.set(ServerConfig.RPC_ADDRESS, NetUtils.createSocketAddr( InetAddress.getLocalHost().getHostAddress() + ":" + conf.get(ServerConfig.RPC_PORT)) .getAddress().getCanonicalHostName()); conf.set(ServerConfig.SENTRY_STORE_JDBC_URL, "jdbc:derby:;databaseName=" + dbDir.getPath() + ";create=true"); conf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy"); conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING, ServerConfig.SENTRY_STORE_LOCAL_GROUP_MAPPING); conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE, policyFilePath.getPath()); sentryServer = SentryServiceFactory.create(conf); }
From source file:org.apache.sentry.tests.e2e.kafka.AbstractKafkaSentryTestBase.java
License:Apache License
public static void setUserGroups() throws Exception { for (String user : StaticUserGroupRole.getUsers()) { Set<String> groups = StaticUserGroupRole.getGroups(user); policyFile.addGroupsToUser(user, groups.toArray(new String[groups.size()])); }//from w w w . java2s . c o m UserGroupInformation loginUser = UserGroupInformation.getLoginUser(); policyFile.addGroupsToUser(loginUser.getShortUserName(), loginUser.getGroupNames()); policyFile.write(policyFilePath); }
From source file:org.apache.sentry.tests.e2e.sqoop.AbstractSqoopSentryTestBase.java
License:Apache License
public static void setupConf() throws Exception { baseDir = createTempDir();// w w w. j ava2s . c om sqoopDir = new File(baseDir, "sqoop"); dbDir = new File(baseDir, "sentry_policy_db"); policyFilePath = new File(baseDir, "local_policy_file.ini"); policyFile = new PolicyFile(); /** set the configuratoion for Sentry Service */ Configuration conf = new Configuration(); conf.set(ServerConfig.SECURITY_MODE, ServerConfig.SECURITY_MODE_NONE); conf.set(ServerConfig.SENTRY_VERIFY_SCHEM_VERSION, "false"); conf.set(ServerConfig.ADMIN_GROUPS, Joiner.on(",").join(ADMIN_GROUP, UserGroupInformation.getLoginUser().getPrimaryGroupName())); conf.set(ServerConfig.RPC_ADDRESS, SERVER_HOST); conf.set(ServerConfig.RPC_PORT, String.valueOf(NetworkUtils.findAvailablePort())); conf.set(ServerConfig.SENTRY_STORE_JDBC_URL, "jdbc:derby:;databaseName=" + dbDir.getPath() + ";create=true"); conf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy"); conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING, ServerConfig.SENTRY_STORE_LOCAL_GROUP_MAPPING); conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE, policyFilePath.getPath()); server = SentryServiceFactory.create(conf); }
From source file:org.apache.sentry.tests.e2e.sqoop.AbstractSqoopSentryTestBase.java
License:Apache License
public static void setUserGroups() throws Exception { for (String user : StaticUserGroupRole.getUsers()) { Set<String> groups = StaticUserGroupRole.getGroups(user); policyFile.addGroupsToUser(user, groups.toArray(new String[groups.size()])); }// w ww .j ava 2s. c om policyFile.addGroupsToUser(ADMIN_USER, ADMIN_GROUP); UserGroupInformation loginUser = UserGroupInformation.getLoginUser(); policyFile.addGroupsToUser(loginUser.getShortUserName(), loginUser.getGroupNames()); policyFile.write(policyFilePath); }
From source file:org.apache.slider.client.SliderClient.java
License:Apache License
private void actionDiagnosticClient(ActionDiagnosticArgs diagnosticArgs) throws SliderException, IOException { try {//from w w w . java 2s . co m String currentCommandPath = SliderUtils.getCurrentCommandPath(); SliderVersionInfo.loadAndPrintVersionInfo(log); String clientConfigPath = SliderUtils.getClientConfigPath(); String jdkInfo = SliderUtils.getJDKInfo(); println("The slider command path: %s", currentCommandPath); println("The slider-client.xml used by current running command path: %s", clientConfigPath); println(jdkInfo); // security info Configuration config = getConfig(); if (SliderUtils.isHadoopClusterSecure(config)) { println("Hadoop Cluster is secure"); println("Login user is %s", UserGroupInformation.getLoginUser()); println("Current user is %s", UserGroupInformation.getCurrentUser()); } else { println("Hadoop Cluster is insecure"); } // verbose? if (diagnosticArgs.verbose) { // do the environment Map<String, String> env = System.getenv(); Set<String> envList = ConfigHelper.sortedConfigKeys(env.entrySet()); StringBuilder builder = new StringBuilder("Environment variables:\n"); for (String key : envList) { builder.append(key).append("=").append(env.get(key)).append("\n"); } println(builder.toString()); // Java properties builder = new StringBuilder("JVM Properties\n"); Map<String, String> props = SliderUtils.sortedMap(SliderUtils.toMap(System.getProperties())); for (Entry<String, String> entry : props.entrySet()) { builder.append(entry.getKey()).append("=").append(entry.getValue()).append("\n"); } println(builder.toString()); // then the config println("Slider client configuration:\n" + ConfigHelper.dumpConfigToString(config)); } SliderUtils.validateSliderClientEnvironment(log); } catch (SliderException e) { log.error(e.toString()); throw e; } catch (IOException e) { log.error(e.toString()); throw e; } }
From source file:org.apache.slider.common.tools.SliderUtils.java
License:Apache License
/** * Turn on security. This is setup to only run once. * @param conf configuration to build up security * @return true if security was initialized in this call * @throws IOException IO/Net problems//from w w w . j a v a2 s. c o m * @throws BadConfigException the configuration and system state are inconsistent */ public static boolean initProcessSecurity(Configuration conf) throws IOException, BadConfigException { if (processSecurityAlreadyInitialized.compareAndSet(true, true)) { //security is already inited return false; } log.info("JVM initialized into secure mode with kerberos realm {}", SliderUtils.getKerberosRealm()); //this gets UGI to reset its previous world view (i.e simple auth) //security log.debug("java.security.krb5.realm={}", System.getProperty(JAVA_SECURITY_KRB5_REALM, "")); log.debug("java.security.krb5.kdc={}", System.getProperty(JAVA_SECURITY_KRB5_KDC, "")); log.debug("hadoop.security.authentication={}", conf.get(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION)); log.debug("hadoop.security.authorization={}", conf.get(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION)); /* SecurityUtil.setAuthenticationMethod( UserGroupInformation.AuthenticationMethod.KERBEROS, conf);*/ UserGroupInformation.setConfiguration(conf); UserGroupInformation authUser = UserGroupInformation.getCurrentUser(); log.debug("Authenticating as " + authUser.toString()); log.debug("Login user is {}", UserGroupInformation.getLoginUser()); if (!UserGroupInformation.isSecurityEnabled()) { throw new BadConfigException("Although secure mode is enabled," + "the application has already set up its user as an insecure entity %s", authUser); } if (authUser.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.SIMPLE) { throw new BadConfigException("Auth User is not Kerberized %s" + " -security has already been set up with the wrong authentication method. " + "This can occur if a file system has already been created prior to the loading of " + "the security configuration.", authUser); } SliderUtils.verifyPrincipalSet(conf, YarnConfiguration.RM_PRINCIPAL); SliderUtils.verifyPrincipalSet(conf, DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY); return true; }
From source file:org.apache.slider.core.launch.CredentialUtils.java
License:Apache License
public static String getSelfRenewer() throws IOException { return UserGroupInformation.getLoginUser().getShortUserName(); }
From source file:org.apache.slider.server.appmaster.security.SecurityConfiguration.java
License:Apache License
protected UserGroupInformation getLoginUser() throws IOException { return UserGroupInformation.getLoginUser(); }
From source file:org.apache.slider.server.appmaster.security.SecurityConfiguration.java
License:Apache License
public String getPrincipal() throws IOException { String principal = instanceDefinition.getAppConfOperations().getComponent(SliderKeys.COMPONENT_AM) .get(SliderXmlConfKeys.KEY_KEYTAB_PRINCIPAL); if (SliderUtils.isUnset(principal)) { principal = UserGroupInformation.getLoginUser().getShortUserName(); log.info("No principal set in the slider configuration. Will use AM login" + " identity {} to attempt keytab-based login", principal); }//from w w w.j ava 2s . c o m return principal; }
From source file:org.apache.slider.server.appmaster.SliderAppMaster.java
License:Apache License
@Override //AbstractService public synchronized void serviceInit(Configuration conf) throws Exception { // slider client if found Configuration customConf = SliderUtils.loadClientConfigurationResource(); // Load in the server configuration - if it is actually on the Classpath Configuration serverConf = ConfigHelper.loadFromResource(SERVER_RESOURCE); ConfigHelper.mergeConfigurations(customConf, serverConf, SERVER_RESOURCE, true); serviceArgs.applyDefinitions(customConf); serviceArgs.applyFileSystemBinding(customConf); // conf now contains all customizations AbstractActionArgs action = serviceArgs.getCoreAction(); SliderAMCreateAction createAction = (SliderAMCreateAction) action; // sort out the location of the AM String rmAddress = createAction.getRmAddress(); if (rmAddress != null) { log.debug("Setting rm address from the command line: {}", rmAddress); SliderUtils.setRmSchedulerAddress(customConf, rmAddress); }/*from w w w . ja v a2s. com*/ log.info("AM configuration:\n{}", ConfigHelper.dumpConfigToString(customConf)); ConfigHelper.mergeConfigurations(conf, customConf, CLIENT_RESOURCE, true); //init security with our conf if (SliderUtils.isHadoopClusterSecure(conf)) { log.info("Secure mode with kerberos realm {}", SliderUtils.getKerberosRealm()); UserGroupInformation.setConfiguration(conf); UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); log.debug("Authenticating as {}", ugi); SliderUtils.verifyPrincipalSet(conf, DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY); } else { log.info("Cluster is insecure"); } log.info("Login user is {}", UserGroupInformation.getLoginUser()); //look at settings of Hadoop Auth, to pick up a problem seen once checkAndWarnForAuthTokenProblems(); // validate server env boolean dependencyChecks = !conf.getBoolean(KEY_SLIDER_AM_DEPENDENCY_CHECKS_DISABLED, false); SliderUtils.validateSliderServerEnvironment(log, dependencyChecks); executorService = new WorkflowExecutorService<ExecutorService>("AmExecutor", Executors.newFixedThreadPool(2, new ServiceThreadFactory("AmExecutor", true))); addService(executorService); addService(actionQueues); //init all child services super.serviceInit(conf); }