List of usage examples for org.apache.hadoop.security UserGroupInformation isSecurityEnabled
public static boolean isSecurityEnabled()
From source file:io.hops.tensorflow.Client.java
License:Apache License
private ContainerLaunchContext createContainerLaunchContext(GetNewApplicationResponse appResponse) throws IOException { FileSystem fs = FileSystem.get(conf); ApplicationId appId = appResponse.getApplicationId(); DistributedCacheList dcl = populateDistributedCache(fs, appId); Map<String, LocalResource> localResources = prepareLocalResources(fs, appId, dcl); Map<String, String> launchEnv = setupLaunchEnv(); // Set the executable command for the application master Vector<CharSequence> vargs = new Vector<>(30); LOG.info("Setting up app master command"); vargs.add(Environment.JAVA_HOME.$$() + "/bin/java"); vargs.add("-Xmx" + amMemory + "m"); vargs.add(appMasterMainClass);/*from w ww. j av a 2 s. c o m*/ if (python != null) { vargs.add(newArg(PYTHON, python)); } vargs.add(newArg(MEMORY, String.valueOf(memory))); vargs.add(newArg(VCORES, String.valueOf(vcores))); vargs.add(newArg(GPUS, String.valueOf(gpus))); if (protocol != null) { vargs.add(newArg(PROTOCOL, protocol)); } // vargs.add(newArg(PRIORITY, String.valueOf(priority))); vargs.add(newArg(ALLOCATION_TIMEOUT, String.valueOf(allocationTimeout / 1000))); vargs.add(newArg(ApplicationMasterArguments.MAIN_RELATIVE, mainRelativePath)); if (arguments != null) { vargs.add(newArg(ARGS, StringUtils.join(arguments, " "))); } vargs.add(newArg(WORKERS, Integer.toString(numWorkers))); vargs.add(newArg(PSES, Integer.toString(numPses))); for (Map.Entry<String, String> entry : environment.entrySet()) { vargs.add(newArg(ENV, entry.getKey() + "=" + entry.getValue())); } if (tensorboard) { vargs.add("--" + TENSORBOARD); } if (debugFlag) { vargs.add("--" + DEBUG); } // Add log redirect params vargs.add("1>" + ApplicationConstants.LOG_DIR_EXPANSION_VAR + "/AppMaster.stdout"); vargs.add("2>" + ApplicationConstants.LOG_DIR_EXPANSION_VAR + "/AppMaster.stderr"); // Get final command StringBuilder command = new StringBuilder(); for (CharSequence str : vargs) { command.append(str).append(" "); } LOG.info("Completed setting up app master command " + command.toString()); List<String> commands = new ArrayList<>(); commands.add(command.toString()); // Set up the container launch context for the application master ContainerLaunchContext amContainer = ContainerLaunchContext.newInstance(localResources, launchEnv, commands, null, null, null); // Setup security tokens if (UserGroupInformation.isSecurityEnabled()) { Credentials credentials = new Credentials(); String tokenRenewer = conf.get(YarnConfiguration.RM_PRINCIPAL); if (tokenRenewer == null || tokenRenewer.length() == 0) { throw new IOException("Can't get Master Kerberos principal for the RM to use as renewer"); } // For now: only getting tokens for the default file-system. final Token<?> tokens[] = fs.addDelegationTokens(tokenRenewer, credentials); if (tokens != null) { for (Token<?> token : tokens) { LOG.info("Got dt for " + fs.getUri() + "; " + token); } } DataOutputBuffer dob = new DataOutputBuffer(); credentials.writeTokenStorageToStream(dob); ByteBuffer fsTokens = ByteBuffer.wrap(dob.getData(), 0, dob.getLength()); amContainer.setTokens(fsTokens); } return amContainer; }
From source file:joshelser.Client.java
License:Apache License
public static void main(String[] args) throws Exception { Opts opts = new Opts(); // Parse the options opts.parseArgs(Client.class, args); // Open up a socket to the server:port TTransport transport = new TSocket(opts.server, opts.port); Map<String, String> saslProperties = new HashMap<String, String>(); // Use authorization and confidentiality saslProperties.put(Sasl.QOP, "auth-conf"); log.info("Security is enabled: {}", UserGroupInformation.isSecurityEnabled()); // Log in via UGI, ensures we have logged in with our KRB credentials UserGroupInformation currentUser = UserGroupInformation.getCurrentUser(); log.info("Current user: {}", currentUser); // SASL client transport -- does the Kerberos lifting for us TSaslClientTransport saslTransport = new TSaslClientTransport("GSSAPI", // tell SASL to use GSSAPI, which supports Kerberos null, // authorizationid - null opts.primary, // kerberos primary for server - "myprincipal" in myprincipal/my.server.com@MY.REALM opts.instance, // kerberos instance for server - "my.server.com" in myprincipal/my.server.com@MY.REALM saslProperties, // Properties set, above null, // callback handler - null transport); // underlying transport // Make sure the transport is opened as the user we logged in as TUGIAssumingTransport ugiTransport = new TUGIAssumingTransport(saslTransport, currentUser); // Setup our thrift client to our custom thrift service HdfsService.Client client = new HdfsService.Client(new TBinaryProtocol(ugiTransport)); // Open the transport ugiTransport.open();//from w ww . j a v a 2 s. c om // Invoke the RPC String response = client.ls(opts.dir); // Print out the result System.out.println("$ ls " + opts.dir + "\n" + response); // Close the transport (don't leak resources) transport.close(); }
From source file:me.haosdent.noya.Client.java
License:Apache License
/** * Main run function for the client/*from ww w .ja v a 2 s . co m*/ * * @return true if application completed successfully * * @throws java.io.IOException * @throws org.apache.hadoop.yarn.exceptions.YarnException */ public boolean run() throws IOException, YarnException { LOG.info("Running Client"); yarnClient.start(); YarnClusterMetrics clusterMetrics = yarnClient.getYarnClusterMetrics(); LOG.info("Got Cluster metric info from ASM" + ", numNodeManagers=" + clusterMetrics.getNumNodeManagers()); List<NodeReport> clusterNodeReports = yarnClient.getNodeReports(NodeState.RUNNING); LOG.info("Got Cluster node info from ASM"); for (NodeReport node : clusterNodeReports) { LOG.info("Got node report from ASM for" + ", nodeId=" + node.getNodeId() + ", nodeAddress" + node.getHttpAddress() + ", nodeRackName" + node.getRackName() + ", nodeNumContainers" + node.getNumContainers()); } QueueInfo queueInfo = yarnClient.getQueueInfo(this.amQueue); LOG.info("Queue info" + ", queueName=" + queueInfo.getQueueName() + ", queueCurrentCapacity=" + queueInfo.getCurrentCapacity() + ", queueMaxCapacity=" + queueInfo.getMaximumCapacity() + ", queueApplicationCount=" + queueInfo.getApplications().size() + ", queueChildQueueCount=" + queueInfo.getChildQueues().size()); List<QueueUserACLInfo> listAclInfo = yarnClient.getQueueAclsInfo(); for (QueueUserACLInfo aclInfo : listAclInfo) { for (QueueACL userAcl : aclInfo.getUserAcls()) { LOG.info("User ACL Info for Queue" + ", queueName=" + aclInfo.getQueueName() + ", userAcl=" + userAcl.name()); } } // Get a new application id YarnClientApplication app = yarnClient.createApplication(); GetNewApplicationResponse appResponse = app.getNewApplicationResponse(); // TODO get min/max resource capabilities from RM and change memory ask if needed // If we do not have min/max, we may not be able to correctly request // the required resources from the RM for the app master // Memory ask has to be a multiple of min and less than max. // Dump out information about cluster capability as seen by the resource manager int maxMem = appResponse.getMaximumResourceCapability().getMemory(); LOG.info("Max mem capabililty of resources in this cluster " + maxMem); // A resource ask cannot exceed the max. if (amMemory > maxMem) { LOG.info("AM memory specified above max threshold of cluster. Using max value." + ", specified=" + amMemory + ", max=" + maxMem); amMemory = maxMem; } int maxVCores = appResponse.getMaximumResourceCapability().getVirtualCores(); LOG.info("Max virtual cores capabililty of resources in this cluster " + maxVCores); if (amVCores > maxVCores) { LOG.info("AM virtual cores specified above max threshold of cluster. " + "Using max value." + ", specified=" + amVCores + ", max=" + maxVCores); amVCores = maxVCores; } // set the application name ApplicationSubmissionContext appContext = app.getApplicationSubmissionContext(); ApplicationId appId = appContext.getApplicationId(); //appContext.setKeepContainersAcrossApplicationAttempts(keepContainers); appContext.setApplicationName(appName); // Set up the container launch context for the application master ContainerLaunchContext amContainer = Records.newRecord(ContainerLaunchContext.class); // set local resources for the application master // local files or archives as needed // In this scenario, the jar file for the application master is part of the local resources Map<String, LocalResource> localResources = new HashMap<String, LocalResource>(); LOG.info("Copy App Master jar from local filesystem and add to local environment"); // Copy the application master jar to the filesystem // Create a local resource to point to the destination jar path FileSystem fs = FileSystem.get(conf); addToLocalResources(fs, appMasterJar, appMasterJarPath, appId.toString(), localResources, null); // Set the log4j properties if needed if (!log4jPropFile.isEmpty()) { addToLocalResources(fs, log4jPropFile, log4jPath, appId.toString(), localResources, null); } // The shell script has to be made available on the final container(s) // where it will be executed. // To do this, we need to first copy into the filesystem that is visible // to the yarn framework. // We do not need to set this as a local resource for the application // master as the application master does not need it. String hdfsShellScriptLocation = ""; long hdfsShellScriptLen = 0; long hdfsShellScriptTimestamp = 0; if (!shellScriptPath.isEmpty()) { Path shellSrc = new Path(shellScriptPath); String shellPathSuffix = appName + "/" + appId.toString() + "/" + SCRIPT_PATH; Path shellDst = new Path(fs.getHomeDirectory(), shellPathSuffix); fs.copyFromLocalFile(false, true, shellSrc, shellDst); hdfsShellScriptLocation = shellDst.toUri().toString(); FileStatus shellFileStatus = fs.getFileStatus(shellDst); hdfsShellScriptLen = shellFileStatus.getLen(); hdfsShellScriptTimestamp = shellFileStatus.getModificationTime(); } if (!shellCommand.isEmpty()) { addToLocalResources(fs, null, shellCommandPath, appId.toString(), localResources, shellCommand); } if (shellArgs.length > 0) { addToLocalResources(fs, null, shellArgsPath, appId.toString(), localResources, StringUtils.join(shellArgs, " ")); } // Set local resource info into app master container launch context amContainer.setLocalResources(localResources); // Set the necessary security tokens as needed //amContainer.setContainerTokens(containerToken); // Set the env variables to be setup in the env where the application master will be run LOG.info("Set the environment for the application master"); Map<String, String> env = new HashMap<String, String>(); // put location of shell script into env // using the env info, the application master will create the correct local resource for the // eventual containers that will be launched to execute the shell scripts env.put(DSConstants.DISTRIBUTEDSHELLSCRIPTLOCATION, hdfsShellScriptLocation); env.put(DSConstants.DISTRIBUTEDSHELLSCRIPTTIMESTAMP, Long.toString(hdfsShellScriptTimestamp)); env.put(DSConstants.DISTRIBUTEDSHELLSCRIPTLEN, Long.toString(hdfsShellScriptLen)); // Add AppMaster.jar location to classpath // At some point we should not be required to add // the hadoop specific classpaths to the env. // It should be provided out of the box. // For now setting all required classpaths including // the classpath to "." for the application jar StringBuilder classPathEnv = new StringBuilder(ApplicationConstants.Environment.CLASSPATH.$$()) .append(ApplicationConstants.CLASS_PATH_SEPARATOR).append("./*"); for (String c : conf.getStrings(YarnConfiguration.YARN_APPLICATION_CLASSPATH, ApplicationConstants.DEFAULT_YARN_CROSS_PLATFORM_APPLICATION_CLASSPATH)) { classPathEnv.append(ApplicationConstants.CLASS_PATH_SEPARATOR); classPathEnv.append(c.trim()); } classPathEnv.append(ApplicationConstants.CLASS_PATH_SEPARATOR).append("./log4j.properties"); // add the runtime classpath needed for tests to work if (conf.getBoolean(YarnConfiguration.IS_MINI_YARN_CLUSTER, false)) { classPathEnv.append(':'); classPathEnv.append(System.getProperty("java.class.path")); } env.put("CLASSPATH", classPathEnv.toString()); amContainer.setEnvironment(env); // Set the necessary command to execute the application master Vector<CharSequence> vargs = new Vector<CharSequence>(30); // Set java executable command LOG.info("Setting up app master command"); vargs.add(ApplicationConstants.Environment.JAVA_HOME.$$() + "/bin/java"); // Set Xmx based on am memory size vargs.add("-Xmx" + amMemory + "m"); // Set class name vargs.add(appMasterMainClass); // Set params for Application Master vargs.add("--container_memory " + String.valueOf(containerMemory)); vargs.add("--container_vcores " + String.valueOf(containerVirtualCores)); vargs.add("--num_containers " + String.valueOf(numContainers)); vargs.add("--priority " + String.valueOf(shellCmdPriority)); for (Map.Entry<String, String> entry : shellEnv.entrySet()) { vargs.add("--shell_env " + entry.getKey() + "=" + entry.getValue()); } if (debugFlag) { vargs.add("--debug"); } vargs.add("1>" + ApplicationConstants.LOG_DIR_EXPANSION_VAR + "/AppMaster.stdout"); vargs.add("2>" + ApplicationConstants.LOG_DIR_EXPANSION_VAR + "/AppMaster.stderr"); // Get final commmand StringBuilder command = new StringBuilder(); for (CharSequence str : vargs) { command.append(str).append(" "); } LOG.info("Completed setting up app master command " + command.toString()); List<String> commands = new ArrayList<String>(); //commands.add(command.toString()); commands.add("echo 'hello' >/tmp/yarn_test"); amContainer.setCommands(commands); // Set up resource type requirements // For now, both memory and vcores are supported, so we set memory and // vcores requirements Resource capability = Records.newRecord(Resource.class); capability.setMemory(amMemory); capability.setVirtualCores(amVCores); appContext.setResource(capability); // Service data is a binary blob that can be passed to the application // Not needed in this scenario // amContainer.setServiceData(serviceData); // Setup security tokens if (UserGroupInformation.isSecurityEnabled()) { Credentials credentials = new Credentials(); String tokenRenewer = conf.get(YarnConfiguration.RM_PRINCIPAL); if (tokenRenewer == null || tokenRenewer.length() == 0) { throw new IOException("Can't get Master Kerberos principal for the RM to use as renewer"); } // For now, only getting tokens for the default file-system. final Token<?> tokens[] = fs.addDelegationTokens(tokenRenewer, credentials); if (tokens != null) { for (Token<?> token : tokens) { LOG.info("Got dt for " + fs.getUri() + "; " + token); } } DataOutputBuffer dob = new DataOutputBuffer(); credentials.writeTokenStorageToStream(dob); ByteBuffer fsTokens = ByteBuffer.wrap(dob.getData(), 0, dob.getLength()); amContainer.setTokens(fsTokens); } appContext.setAMContainerSpec(amContainer); // Set the priority for the application master Priority pri = Records.newRecord(Priority.class); // TODO - what is the range for priority? how to decide? pri.setPriority(amPriority); appContext.setPriority(pri); // Set the queue to which this application is to be submitted in the RM appContext.setQueue(amQueue); // Submit the application to the applications manager // SubmitApplicationResponse submitResp = applicationsManager.submitApplication(appRequest); // Ignore the response as either a valid response object is returned on success // or an exception thrown to denote some form of a failure LOG.info("Submitting application to ASM"); yarnClient.submitApplication(appContext); // TODO // Try submitting the same request again // app submission failure? // Monitor the application return monitorApplication(appId); }
From source file:ml.shifu.guagua.yarn.GuaguaAppMaster.java
License:Apache License
/** * Register AM to RM/*from ww w . j av a 2s .c om*/ * * @return AM register response */ private RegisterApplicationMasterResponse registerAMToRM() throws YarnException { // register Application Master with the YARN Resource Manager so we can begin requesting resources. try { if (UserGroupInformation.isSecurityEnabled()) { LOG.info("SECURITY ENABLED "); } RegisterApplicationMasterResponse response = getAmRMClient().registerApplicationMaster( this.appMasterHostname, this.appMasterRpcPort, this.appMasterTrackingUrl); return response; } catch (IOException ioe) { throw new IllegalStateException("GuaguaAppMaster failed to register with RM.", ioe); } }
From source file:ml.shifu.guagua.yarn.GuaguaYarnClient.java
License:Apache License
/** * Set delegation tokens for AM container * //from w w w . j a va 2 s.c o m * @param amContainer * AM container */ private void setToken(ContainerLaunchContext amContainer) throws IOException { // Setup security tokens if (UserGroupInformation.isSecurityEnabled()) { Credentials credentials = new Credentials(); String tokenRenewer = getConf().get(YarnConfiguration.RM_PRINCIPAL); if (tokenRenewer == null || tokenRenewer.length() == 0) { throw new IOException("Can't get Master Kerberos principal for the RM to use as renewer"); } FileSystem fs = FileSystem.get(getConf()); // For now, only getting tokens for the default file-system. final Token<?>[] tokens = fs.addDelegationTokens(tokenRenewer, credentials); if (tokens != null) { for (Token<?> token : tokens) { LOG.info("Got dt for " + fs.getUri() + "; " + token); } } DataOutputBuffer dob = new DataOutputBuffer(); credentials.writeTokenStorageToStream(dob); ByteBuffer fsTokens = ByteBuffer.wrap(dob.getData(), 0, dob.getLength()); amContainer.setTokens(fsTokens); } }
From source file:net.iridiant.hdfs.webdav.Main.java
License:Apache License
public static void main(String[] args) { HDFSWebDAVServlet servlet = HDFSWebDAVServlet.getServlet(); Configuration conf = servlet.getConfiguration(); // Process command line Options options = new Options(); options.addOption("d", "debug", false, "Enable debug logging"); options.addOption("p", "port", true, "Port to bind to [default: 8080]"); options.addOption("b", "bind-address", true, "Address or hostname to bind to [default: 0.0.0.0]"); options.addOption("g", "ganglia", true, "Send Ganglia metrics to host:port [default: none]"); CommandLine cmd = null;/*from w w w .j a v a 2 s . c o m*/ try { cmd = new PosixParser().parse(options, args); } catch (ParseException e) { printUsageAndExit(options, -1); } if (cmd.hasOption('d')) { Logger rootLogger = Logger.getLogger("net.iridiant"); rootLogger.setLevel(Level.DEBUG); } if (cmd.hasOption('b')) { conf.set("hadoop.webdav.bind.address", cmd.getOptionValue('b')); } if (cmd.hasOption('p')) { conf.setInt("hadoop.webdav.port", Integer.valueOf(cmd.getOptionValue('p'))); } String gangliaHost = null; int gangliaPort = 8649; if (cmd.hasOption('g')) { String val = cmd.getOptionValue('g'); if (val.indexOf(':') != -1) { String[] split = val.split(":"); gangliaHost = split[0]; gangliaPort = Integer.valueOf(split[1]); } else { gangliaHost = val; } } InetSocketAddress addr = getAddress(conf); // Log in the server principal from keytab UserGroupInformation.setConfiguration(conf); if (UserGroupInformation.isSecurityEnabled()) try { SecurityUtil.login(conf, "hadoop.webdav.server.kerberos.keytab", "hadoop.webdav.server.kerberos.principal", addr.getHostName()); } catch (IOException e) { LOG.fatal("Could not log in", e); System.err.println("Could not log in"); System.exit(-1); } // Set up embedded Jetty Server server = new Server(); server.setSendServerVersion(false); server.setSendDateHeader(false); server.setStopAtShutdown(true); // Set up connector Connector connector = new SelectChannelConnector(); connector.setPort(addr.getPort()); connector.setHost(addr.getHostName()); server.addConnector(connector); LOG.info("Listening on " + addr); // Set up context Context context = new Context(server, "/", Context.SESSIONS); // WebDAV servlet ServletHolder servletHolder = new ServletHolder(servlet); servletHolder.setInitParameter("authenticate-header", "Basic realm=\"Hadoop WebDAV Server\""); context.addServlet(servletHolder, "/*"); // metrics instrumentation filter context.addFilter(new FilterHolder(new DefaultWebappMetricsFilter()), "/*", 0); // auth filter context.addFilter(new FilterHolder(new AuthFilter(conf)), "/*", 0); server.setHandler(context); // Set up Ganglia metrics reporting if (gangliaHost != null) { GangliaReporter.enable(1, TimeUnit.MINUTES, gangliaHost, gangliaPort); } // Start and join the server thread try { server.start(); server.join(); } catch (Exception e) { LOG.fatal("Failed to start Jetty", e); System.err.println("Failed to start Jetty"); System.exit(-1); } }
From source file:org.apache.accumulo.core.rpc.SaslConnectionParams.java
License:Apache License
protected void updatePrincipalFromUgi() { // Ensure we're using Kerberos auth for Hadoop UGI if (!UserGroupInformation.isSecurityEnabled()) { throw new RuntimeException("Cannot use SASL if Hadoop security is not enabled"); }//ww w . j a v a2 s.c o m // Get the current user UserGroupInformation currentUser; try { currentUser = UserGroupInformation.getCurrentUser(); } catch (IOException e) { throw new RuntimeException("Failed to get current user", e); } // The full name is our principal this.principal = currentUser.getUserName(); if (null == this.principal) { throw new RuntimeException("Got null username from " + currentUser); } }
From source file:org.apache.accumulo.core.rpc.ThriftUtil.java
License:Apache License
/** * Create a TTransport for clients to the given address with the provided socket timeout and session-layer configuration * * @param address// w ww . j a va 2 s .c om * Server address to connect to * @param timeout * Client socket timeout * @param sslParams * RPC options for SSL servers * @param saslParams * RPC options for SASL servers * @return An open TTransport which must be closed when finished */ public static TTransport createClientTransport(HostAndPort address, int timeout, SslConnectionParams sslParams, SaslConnectionParams saslParams) throws TTransportException { boolean success = false; TTransport transport = null; try { if (sslParams != null) { // The check in AccumuloServerContext ensures that servers are brought up with sane configurations, but we also want to validate clients if (null != saslParams) { throw new IllegalStateException("Cannot use both SSL and SASL"); } log.trace("Creating SSL client transport"); // TSSLTransportFactory handles timeout 0 -> forever natively if (sslParams.useJsse()) { transport = TSSLTransportFactory.getClientSocket(address.getHostText(), address.getPort(), timeout); } else { // JDK6's factory doesn't appear to pass the protocol onto the Socket properly so we have // to do some magic to make sure that happens. Not an issue in JDK7 // Taken from thrift-0.9.1 to make the SSLContext SSLContext sslContext = createSSLContext(sslParams); // Create the factory from it SSLSocketFactory sslSockFactory = sslContext.getSocketFactory(); // Wrap the real factory with our own that will set the protocol on the Socket before returning it ProtocolOverridingSSLSocketFactory wrappingSslSockFactory = new ProtocolOverridingSSLSocketFactory( sslSockFactory, new String[] { sslParams.getClientProtocol() }); // Create the TSocket from that transport = createClient(wrappingSslSockFactory, address.getHostText(), address.getPort(), timeout); // TSSLTransportFactory leaves transports open, so no need to open here } transport = ThriftUtil.transportFactory().getTransport(transport); } else if (null != saslParams) { if (!UserGroupInformation.isSecurityEnabled()) { throw new IllegalStateException("Expected Kerberos security to be enabled if SASL is in use"); } log.trace("Creating SASL connection to {}:{}", address.getHostText(), address.getPort()); // Make sure a timeout is set try { transport = TTimeoutTransport.create(address, timeout); } catch (IOException e) { log.warn("Failed to open transport to {}", address); throw new TTransportException(e); } try { // Log in via UGI, ensures we have logged in with our KRB credentials final UserGroupInformation currentUser = UserGroupInformation.getCurrentUser(); // Is this pricey enough that we want to cache it? final String hostname = InetAddress.getByName(address.getHostText()).getCanonicalHostName(); final SaslMechanism mechanism = saslParams.getMechanism(); log.trace("Opening transport to server as {} to {}/{} using {}", currentUser, saslParams.getKerberosServerPrimary(), hostname, mechanism); // Create the client SASL transport using the information for the server // Despite the 'protocol' argument seeming to be useless, it *must* be the primary of the server being connected to transport = new TSaslClientTransport(mechanism.getMechanismName(), null, saslParams.getKerberosServerPrimary(), hostname, saslParams.getSaslProperties(), saslParams.getCallbackHandler(), transport); // Wrap it all in a processor which will run with a doAs the current user transport = new UGIAssumingTransport(transport, currentUser); // Open the transport transport.open(); } catch (TTransportException e) { log.warn("Failed to open SASL transport", e); // We might have had a valid ticket, but it expired. We'll let the caller retry, but we will attempt to re-login to make the next attempt work. // Sadly, we have no way to determine the actual reason we got this TTransportException other than inspecting the exception msg. log.debug( "Caught TTransportException opening SASL transport, checking if re-login is necessary before propagating the exception."); attemptClientReLogin(); throw e; } catch (IOException e) { log.warn("Failed to open SASL transport", e); throw new TTransportException(e); } } else { log.trace("Opening normal transport"); if (timeout == 0) { transport = new TSocket(address.getHostText(), address.getPort()); transport.open(); } else { try { transport = TTimeoutTransport.create(address, timeout); } catch (IOException ex) { log.warn("Failed to open transport to " + address); throw new TTransportException(ex); } // Open the transport transport.open(); } transport = ThriftUtil.transportFactory().getTransport(transport); } success = true; } finally { if (!success && transport != null) { transport.close(); } } return transport; }
From source file:org.apache.accumulo.proxy.Proxy.java
License:Apache License
public static ServerAddress createProxyServer(HostAndPort address, TProtocolFactory protocolFactory, Properties properties, ClientConfiguration clientConf) throws Exception { final int numThreads = Integer .parseInt(properties.getProperty(THRIFT_THREAD_POOL_SIZE_KEY, THRIFT_THREAD_POOL_SIZE_DEFAULT)); final long maxFrameSize = AccumuloConfiguration .getMemoryInBytes(properties.getProperty(THRIFT_MAX_FRAME_SIZE_KEY, THRIFT_MAX_FRAME_SIZE_DEFAULT)); final int simpleTimerThreadpoolSize = Integer .parseInt(Property.GENERAL_SIMPLETIMER_THREADPOOL_SIZE.getDefaultValue()); // How frequently to try to resize the thread pool final long threadpoolResizeInterval = 1000l * 5; // No timeout final long serverSocketTimeout = 0l; // Use the new hadoop metrics2 support final MetricsFactory metricsFactory = new MetricsFactory(false); final String serverName = "Proxy", threadName = "Accumulo Thrift Proxy"; // create the implementation of the proxy interface ProxyServer impl = new ProxyServer(properties); // Wrap the implementation -- translate some exceptions AccumuloProxy.Iface wrappedImpl = RpcWrapper.service(impl, new AccumuloProxy.Processor<AccumuloProxy.Iface>(impl)); // Create the processor from the implementation TProcessor processor = new AccumuloProxy.Processor<>(wrappedImpl); // Get the type of thrift server to instantiate final String serverTypeStr = properties.getProperty(THRIFT_SERVER_TYPE, THRIFT_SERVER_TYPE_DEFAULT); ThriftServerType serverType = DEFAULT_SERVER_TYPE; if (!THRIFT_SERVER_TYPE_DEFAULT.equals(serverTypeStr)) { serverType = ThriftServerType.get(serverTypeStr); }/*from ww w . ja va2 s .c o m*/ SslConnectionParams sslParams = null; SaslServerConnectionParams saslParams = null; switch (serverType) { case SSL: sslParams = SslConnectionParams.forClient(ClientContext.convertClientConfig(clientConf)); break; case SASL: if (!clientConf.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) { // ACCUMULO-3651 Changed level to error and added FATAL to message for slf4j capability log.error("FATAL: SASL thrift server was requested but it is disabled in client configuration"); throw new RuntimeException("SASL is not enabled in configuration"); } // Kerberos needs to be enabled to use it if (!UserGroupInformation.isSecurityEnabled()) { // ACCUMULO-3651 Changed level to error and added FATAL to message for slf4j capability log.error("FATAL: Hadoop security is not enabled"); throw new RuntimeException(); } // Login via principal and keytab final String kerberosPrincipal = properties.getProperty(KERBEROS_PRINCIPAL, ""), kerberosKeytab = properties.getProperty(KERBEROS_KEYTAB, ""); if (StringUtils.isBlank(kerberosPrincipal) || StringUtils.isBlank(kerberosKeytab)) { // ACCUMULO-3651 Changed level to error and added FATAL to message for slf4j capability log.error("FATAL: Kerberos principal and keytab must be provided"); throw new RuntimeException(); } UserGroupInformation.loginUserFromKeytab(kerberosPrincipal, kerberosKeytab); UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); log.info("Logged in as " + ugi.getUserName()); // The kerberosPrimary set in the SASL server needs to match the principal we're logged in as. final String shortName = ugi.getShortUserName(); log.info("Setting server primary to {}", shortName); clientConf.setProperty(ClientProperty.KERBEROS_SERVER_PRIMARY, shortName); KerberosToken token = new KerberosToken(); saslParams = new SaslServerConnectionParams(clientConf, token, null); processor = new UGIAssumingProcessor(processor); break; default: // nothing to do -- no extra configuration necessary break; } // Hook up support for tracing for thrift calls TimedProcessor timedProcessor = new TimedProcessor(metricsFactory, processor, serverName, threadName); // Create the thrift server with our processor and properties ServerAddress serverAddr = TServerUtils.startTServer(serverType, timedProcessor, protocolFactory, serverName, threadName, numThreads, simpleTimerThreadpoolSize, threadpoolResizeInterval, maxFrameSize, sslParams, saslParams, serverSocketTimeout, address); return serverAddr; }
From source file:org.apache.accumulo.shell.ShellOptionsJC.java
License:Apache License
public String getUsername() throws Exception { if (null == username) { final ClientConfiguration clientConf = getClientConfiguration(); if (Boolean.parseBoolean(clientConf.get(ClientProperty.INSTANCE_RPC_SASL_ENABLED))) { if (!UserGroupInformation.isSecurityEnabled()) { throw new RuntimeException("Kerberos security is not enabled"); }/*from w ww . ja v a2s . co m*/ UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); username = ugi.getUserName(); } else { username = System.getProperty("user.name", "root"); } } return username; }