List of usage examples for org.apache.hadoop.security UserGroupInformation getLoginUser
@InterfaceAudience.Public @InterfaceStability.Evolving public static UserGroupInformation getLoginUser() throws IOException
From source file:org.apache.slider.server.appmaster.SliderAppMaster.java
License:Apache License
protected void login(String principal, File localKeytabFile) throws IOException, SliderException { UserGroupInformation.loginUserFromKeytab(principal, localKeytabFile.getAbsolutePath()); validateLoginUser(UserGroupInformation.getLoginUser()); }
From source file:org.apache.slider.server.appmaster.SliderAppMaster.java
License:Apache License
private ByteBuffer getContainerCredentials() throws IOException { // a delegation token can be retrieved from filesystem since // the login is via a keytab (see above) Credentials credentials = new Credentials(containerCredentials); ByteBuffer tokens = null;//from w w w .jav a 2 s.com Token<? extends TokenIdentifier>[] hdfsTokens = getClusterFS().getFileSystem() .addDelegationTokens(UserGroupInformation.getLoginUser().getShortUserName(), credentials); if (hdfsTokens.length > 0) { DataOutputBuffer dob = new DataOutputBuffer(); credentials.writeTokenStorageToStream(dob); dob.close(); tokens = ByteBuffer.wrap(dob.getData(), 0, dob.getLength()); } return tokens; }
From source file:org.apache.sqoop.connector.hdfs.security.SecurityUtils.java
License:Apache License
/** * Creates proxy user for user who submitted the Sqoop job (e.g. who has issued the "start job" commnad) *//*from w w w. j a va2 s . c o m*/ static public UserGroupInformation createProxyUser(TransferableContext context) throws IOException { return UserGroupInformation.createProxyUser(context.getUser(), UserGroupInformation.getLoginUser()); }
From source file:org.apache.sqoop.mapreduce.ParquetJob.java
License:Apache License
/** * Add hive delegation token to credentials store. * @param conf/*w w w. j a v a 2s .c o m*/ */ private static void addHiveDelegationToken(JobConf conf) { // Need to use reflection since there's no compile time dependency on the client libs. Class<?> HiveConfClass; Class<?> HiveMetaStoreClientClass; try { HiveMetaStoreClientClass = Class.forName(HIVE_METASTORE_CLIENT_CLASS); } catch (ClassNotFoundException ex) { LOG.error("Could not load " + HIVE_METASTORE_CLIENT_CLASS + " when adding hive delegation token. " + "Make sure HIVE_CONF_DIR is set correctly.", ex); throw new RuntimeException("Couldn't fetch delegation token.", ex); } try { HiveConfClass = Class.forName(HiveConfig.HIVE_CONF_CLASS); } catch (ClassNotFoundException ex) { LOG.error("Could not load " + HiveConfig.HIVE_CONF_CLASS + " when adding hive delegation token." + " Make sure HIVE_CONF_DIR is set correctly.", ex); throw new RuntimeException("Couldn't fetch delegation token.", ex); } try { Object client = HiveMetaStoreClientClass.getConstructor(HiveConfClass).newInstance(HiveConfClass .getConstructor(Configuration.class, Class.class).newInstance(conf, Configuration.class)); // getDelegationToken(String kerberosPrincial) Method getDelegationTokenMethod = HiveMetaStoreClientClass.getMethod("getDelegationToken", String.class); Object tokenStringForm = getDelegationTokenMethod.invoke(client, UserGroupInformation.getLoginUser().getShortUserName()); // Load token Token<DelegationTokenIdentifier> metastoreToken = new Token<DelegationTokenIdentifier>(); metastoreToken.decodeFromUrlString(tokenStringForm.toString()); conf.getCredentials().addToken(new Text(HIVE_METASTORE_TOKEN_ALIAS), metastoreToken); LOG.debug("Successfully fetched hive metastore delegation token. " + metastoreToken); } catch (Exception ex) { LOG.error("Couldn't fetch delegation token.", ex); throw new RuntimeException("Couldn't fetch delegation token.", ex); } }
From source file:org.apache.storm.hive.common.HiveUtils.java
License:Apache License
public static synchronized UserGroupInformation authenticate(String keytab, String principal) throws AuthenticationFailed { File kfile = new File(keytab); if (!(kfile.isFile() && kfile.canRead())) { throw new IllegalArgumentException("The keyTab file: " + keytab + " is nonexistent or can't read. " + "Please specify a readable keytab file for Kerberos auth."); }// w ww . j a v a 2 s.co m try { principal = SecurityUtil.getServerPrincipal(principal, ""); } catch (Exception e) { throw new AuthenticationFailed("Host lookup error when resolving principal " + principal, e); } try { UserGroupInformation.loginUserFromKeytab(principal, keytab); return UserGroupInformation.getLoginUser(); } catch (IOException e) { throw new AuthenticationFailed("Login failed for principal " + principal, e); } }
From source file:org.apache.tajo.master.querymaster.QueryMasterTask.java
License:Apache License
/** * It initializes the final output and staging directory and sets * them to variables.//from w w w . j a v a 2s .c om */ public static Path initStagingDir(TajoConf conf, String queryId, QueryContext context) throws IOException { String realUser; String currentUser; UserGroupInformation ugi; ugi = UserGroupInformation.getLoginUser(); realUser = ugi.getShortUserName(); currentUser = UserGroupInformation.getCurrentUser().getShortUserName(); FileSystem fs; Path stagingDir; //////////////////////////////////////////// // Create Output Directory //////////////////////////////////////////// String outputPath = context.get(QueryVars.OUTPUT_TABLE_PATH, ""); if (context.isCreateTable() || context.isInsert()) { if (outputPath == null || outputPath.isEmpty()) { // hbase stagingDir = new Path(TajoConf.getDefaultRootStagingDir(conf), queryId); } else { stagingDir = StorageUtil.concatPath(context.getOutputPath(), TMP_STAGING_DIR_PREFIX, queryId); } } else { stagingDir = new Path(TajoConf.getDefaultRootStagingDir(conf), queryId); } // initializ fs = stagingDir.getFileSystem(conf); if (fs.exists(stagingDir)) { throw new IOException("The staging directory '" + stagingDir + "' already exists"); } fs.mkdirs(stagingDir, new FsPermission(STAGING_DIR_PERMISSION)); FileStatus fsStatus = fs.getFileStatus(stagingDir); String owner = fsStatus.getOwner(); if (!owner.isEmpty() && !(owner.equals(currentUser) || owner.equals(realUser))) { throw new IOException("The ownership on the user's query " + "directory " + stagingDir + " is not as expected. " + "It is owned by " + owner + ". The directory must " + "be owned by the submitter " + currentUser + " or " + "by " + realUser); } if (!fsStatus.getPermission().equals(STAGING_DIR_PERMISSION)) { LOG.info("Permissions on staging directory " + stagingDir + " are " + "incorrect: " + fsStatus.getPermission() + ". Fixing permissions " + "to correct value " + STAGING_DIR_PERMISSION); fs.setPermission(stagingDir, new FsPermission(STAGING_DIR_PERMISSION)); } Path stagingResultDir = new Path(stagingDir, TajoConstants.RESULT_DIR_NAME); fs.mkdirs(stagingResultDir); return stagingDir; }
From source file:org.apache.tajo.master.QueryMaster.java
License:Apache License
/** * It initializes the final output and staging directory and sets * them to variables.//ww w . j ava 2 s .c om */ private void initStagingDir() throws IOException { QueryConf conf = getContext().getConf(); String realUser; String currentUser; UserGroupInformation ugi; ugi = UserGroupInformation.getLoginUser(); realUser = ugi.getShortUserName(); currentUser = UserGroupInformation.getCurrentUser().getShortUserName(); String givenOutputTableName = conf.getOutputTable(); Path stagingDir; // If final output directory is not given by an user, // we use the query id as a output directory. if (givenOutputTableName.equals("")) { this.isCreateTableStmt = false; FileSystem defaultFS = FileSystem.get(conf); Path homeDirectory = defaultFS.getHomeDirectory(); if (!defaultFS.exists(homeDirectory)) { defaultFS.mkdirs(homeDirectory, new FsPermission(USER_DIR_PERMISSION)); } Path userQueryDir = new Path(homeDirectory, TajoConstants.USER_QUERYDIR_PREFIX); if (defaultFS.exists(userQueryDir)) { FileStatus fsStatus = defaultFS.getFileStatus(userQueryDir); String owner = fsStatus.getOwner(); if (!(owner.equals(currentUser) || owner.equals(realUser))) { throw new IOException("The ownership on the user's query " + "directory " + userQueryDir + " is not as expected. " + "It is owned by " + owner + ". The directory must " + "be owned by the submitter " + currentUser + " or " + "by " + realUser); } if (!fsStatus.getPermission().equals(USER_DIR_PERMISSION)) { LOG.info("Permissions on staging directory " + userQueryDir + " are " + "incorrect: " + fsStatus.getPermission() + ". Fixing permissions " + "to correct value " + USER_DIR_PERMISSION); defaultFS.setPermission(userQueryDir, new FsPermission(USER_DIR_PERMISSION)); } } else { defaultFS.mkdirs(userQueryDir, new FsPermission(USER_DIR_PERMISSION)); } stagingDir = StorageUtil.concatPath(userQueryDir, queryId.toString()); if (defaultFS.exists(stagingDir)) { throw new IOException("The staging directory " + stagingDir + "already exists. The directory must be unique to each query"); } else { defaultFS.mkdirs(stagingDir, new FsPermission(USER_DIR_PERMISSION)); } // Set the query id to the output table name conf.setOutputTable(queryId.toString()); } else { this.isCreateTableStmt = true; Path warehouseDir = new Path(conf.getVar(TajoConf.ConfVars.ROOT_DIR), TajoConstants.WAREHOUSE_DIR); stagingDir = new Path(warehouseDir, conf.getOutputTable()); FileSystem fs = warehouseDir.getFileSystem(conf); if (fs.exists(stagingDir)) { throw new IOException("The staging directory " + stagingDir + " already exists. The directory must be unique to each query"); } else { // TODO - should have appropriate permission fs.mkdirs(stagingDir, new FsPermission(USER_DIR_PERMISSION)); } } conf.setOutputPath(stagingDir); outputPath = stagingDir; LOG.info("Initialized Query Staging Dir: " + outputPath); }
From source file:org.apache.tajo.storage.FileTablespace.java
License:Apache License
public URI prepareStagingSpace(TajoConf conf, String queryId, OverridableConf context, TableMeta meta) throws IOException { String realUser;//from w w w . ja v a 2s. com String currentUser; UserGroupInformation ugi; ugi = UserGroupInformation.getLoginUser(); realUser = ugi.getShortUserName(); currentUser = UserGroupInformation.getCurrentUser().getShortUserName(); Path stagingDir = new Path(getStagingUri(context, queryId, meta)); //////////////////////////////////////////// // Create Output Directory //////////////////////////////////////////// if (fs.exists(stagingDir)) { throw new IOException("The staging directory '" + stagingDir + "' already exists"); } fs.mkdirs(stagingDir, new FsPermission(STAGING_DIR_PERMISSION)); FileStatus fsStatus = fs.getFileStatus(stagingDir); String owner = fsStatus.getOwner(); if (!owner.isEmpty() && !(owner.equals(currentUser) || owner.equals(realUser))) { throw new IOException("The ownership on the user's query " + "directory " + stagingDir + " is not as expected. " + "It is owned by " + owner + ". The directory must " + "be owned by the submitter " + currentUser + " or " + "by " + realUser); } if (!fsStatus.getPermission().equals(STAGING_DIR_PERMISSION)) { LOG.info("Permissions on staging directory " + stagingDir + " are " + "incorrect: " + fsStatus.getPermission() + ". Fixing permissions " + "to correct value " + STAGING_DIR_PERMISSION); fs.setPermission(stagingDir, new FsPermission(STAGING_DIR_PERMISSION)); } Path stagingResultDir = new Path(stagingDir, TajoConstants.RESULT_DIR_NAME); fs.mkdirs(stagingResultDir); return stagingDir.toUri(); }
From source file:org.apache.tez.client.TezClientUtils.java
License:Apache License
/** * Verify or create the Staging area directory on the configured Filesystem * @param stagingArea Staging area directory path * @return the FileSytem for the staging area directory * @throws IOException//w w w . java 2 s. c o m */ public static FileSystem ensureStagingDirExists(Configuration conf, Path stagingArea) throws IOException { FileSystem fs = stagingArea.getFileSystem(conf); String realUser; String currentUser; UserGroupInformation ugi = UserGroupInformation.getLoginUser(); realUser = ugi.getShortUserName(); currentUser = UserGroupInformation.getCurrentUser().getShortUserName(); if (fs.exists(stagingArea)) { FileStatus fsStatus = fs.getFileStatus(stagingArea); String owner = fsStatus.getOwner(); if (!(owner.equals(currentUser) || owner.equals(realUser))) { throw new IOException("The ownership on the staging directory " + stagingArea + " is not as expected. " + "It is owned by " + owner + ". The directory must " + "be owned by the submitter " + currentUser + " or " + "by " + realUser); } if (!fsStatus.getPermission().equals(TezCommonUtils.TEZ_AM_DIR_PERMISSION)) { LOG.info("Permissions on staging directory " + stagingArea + " are " + "incorrect: " + fsStatus.getPermission() + ". Fixing permissions " + "to correct value " + TezCommonUtils.TEZ_AM_DIR_PERMISSION); fs.setPermission(stagingArea, TezCommonUtils.TEZ_AM_DIR_PERMISSION); } } else { TezCommonUtils.mkDirForAM(fs, stagingArea); } return fs; }
From source file:org.apache.zeppelin.jdbc.JDBCInterpreter.java
License:Apache License
@Override protected boolean runKerberosLogin() { try {//from www . ja v a 2s.co m if (UserGroupInformation.isLoginKeytabBased()) { UserGroupInformation.getLoginUser().reloginFromKeytab(); return true; } else if (UserGroupInformation.isLoginTicketBased()) { UserGroupInformation.getLoginUser().reloginFromTicketCache(); return true; } } catch (Exception e) { logger.error("Unable to run kinit for zeppelin", e); } return false; }