List of usage examples for org.apache.hadoop.security UserGroupInformation isSecurityEnabled
public static boolean isSecurityEnabled()
From source file:org.apache.tez.dag.api.client.TimelineReaderFactory.java
License:Apache License
public static TimelineReaderStrategy getTimelineReaderStrategy(Configuration conf, boolean useHttps, int connTimeout) throws TezException { TimelineReaderStrategy timelineReaderStrategy; if (!isTimelineClientSupported()) { throw new TezException("Reading from timeline is not supported." + " token delegation support: " + tokenDelegationSupported() + ", is secure timeline: " + UserGroupInformation.isSecurityEnabled()); }/*from w w w. j av a 2 s. c om*/ timelineReaderStrategy = getTimelineReaderStrategy(tokenDelegationSupported(), conf, useHttps, connTimeout); if (LOG.isDebugEnabled()) { LOG.debug("Using " + timelineReaderStrategy.getClass().getName() + " to read timeline data"); } return timelineReaderStrategy; }
From source file:org.apache.tez.dag.api.client.TimelineReaderFactory.java
License:Apache License
/** * Check if timeline client can be supported. * * @return boolean value indicating if timeline client to read data is supported. *///from w ww. ja v a 2 s. c o m public static boolean isTimelineClientSupported() { // support to read data from timeline is based on the version of hadoop. // reads are supported for non-secure cluster from hadoop 2.4 and up. // reads are supported for secure cluster only from hadoop 2.6. check the presence of the classes // required upfront if security is enabled. return !UserGroupInformation.isSecurityEnabled() || tokenDelegationSupported(); }
From source file:org.apache.tez.engine.common.security.TokenCache.java
License:Apache License
/** * Convenience method to obtain delegation tokens from namenodes * corresponding to the paths passed.//from w w w . j a v a2 s . com * @param credentials * @param ps array of paths * @param conf configuration * @throws IOException */ public static void obtainTokensForNamenodes(Credentials credentials, Path[] ps, Configuration conf) throws IOException { if (!UserGroupInformation.isSecurityEnabled()) { return; } obtainTokensForNamenodesInternal(credentials, ps, conf); }
From source file:org.apache.twill.internal.AbstractTwillService.java
License:Apache License
/** * Returns the location of the secure store, or {@code null} if either not running in secure mode or an error * occur when trying to acquire the location. *///from w ww .ja v a 2 s .c o m protected final Location getSecureStoreLocation() { if (!UserGroupInformation.isSecurityEnabled()) { return null; } try { return applicationLocation.append(Constants.Files.CREDENTIALS); } catch (IOException e) { LOG.error("Failed to create secure store location.", e); return null; } }
From source file:org.apache.twill.internal.AbstractTwillService.java
License:Apache License
/** * Attempts to handle secure store update. * * @param message The message received/*from w w w .j a va2s. com*/ * @return {@code true} if the message requests for secure store update, {@code false} otherwise. */ protected final boolean handleSecureStoreUpdate(Message message) { if (!SystemMessages.SECURE_STORE_UPDATED.equals(message)) { return false; } // If not in secure mode, simply ignore the message. if (!UserGroupInformation.isSecurityEnabled()) { return true; } try { Credentials credentials = new Credentials(); Location location = getSecureStoreLocation(); DataInputStream input = new DataInputStream(new BufferedInputStream(location.getInputStream())); try { credentials.readTokenStorageStream(input); } finally { input.close(); } UserGroupInformation.getCurrentUser().addCredentials(credentials); this.credentials = credentials; LOG.info("Secure store updated from {}.", location.toURI()); } catch (Throwable t) { LOG.error("Failed to update secure store.", t); } return true; }
From source file:org.apache.twill.internal.appmaster.ApplicationMasterService.java
License:Apache License
private Credentials createCredentials() { Credentials credentials = new Credentials(); if (!UserGroupInformation.isSecurityEnabled()) { return credentials; }//from www. j a v a 2 s. c o m try { credentials.addAll(UserGroupInformation.getCurrentUser().getCredentials()); // Remove the AM->RM tokens Iterator<Token<?>> iter = credentials.getAllTokens().iterator(); while (iter.hasNext()) { Token<?> token = iter.next(); if (token.getKind().equals(AMRM_TOKEN_KIND_NAME)) { iter.remove(); } } } catch (IOException e) { LOG.warn("Failed to get current user. No credentials will be provided to containers.", e); } return credentials; }
From source file:org.apache.twill.internal.container.TwillContainerMain.java
License:Apache License
private static void loadSecureStore() throws IOException { if (!UserGroupInformation.isSecurityEnabled()) { return;//from ww w.j a va2s.co m } File file = new File(Constants.Files.CREDENTIALS); if (file.exists()) { Credentials credentials = new Credentials(); try (DataInputStream input = new DataInputStream(new FileInputStream(file))) { credentials.readTokenStorageStream(input); } UserGroupInformation.getCurrentUser().addCredentials(credentials); LOG.info("Secure store updated from {}", file); } }
From source file:org.apache.twill.internal.ServiceMain.java
License:Apache License
/** * Returns the {@link Location} for the application based on the env {@link EnvKeys#TWILL_APP_DIR}. *//* www . j a v a2 s. co m*/ protected static Location createAppLocation(Configuration conf) { // Note: It's a little bit hacky based on the uri schema to create the LocationFactory, refactor it later. URI appDir = URI.create(System.getenv(EnvKeys.TWILL_APP_DIR)); try { if ("file".equals(appDir.getScheme())) { return new LocalLocationFactory().create(appDir); } // If not file, assuming it is a FileSystem, hence construct with HDFSLocationFactory which wraps // a FileSystem created from the Configuration if (UserGroupInformation.isSecurityEnabled()) { return new HDFSLocationFactory(FileSystem.get(appDir, conf)).create(appDir); } String fsUser = System.getenv(EnvKeys.TWILL_FS_USER); if (fsUser == null) { throw new IllegalStateException("Missing environment variable " + EnvKeys.TWILL_FS_USER); } return new HDFSLocationFactory(FileSystem.get(appDir, conf, fsUser)).create(appDir); } catch (Exception e) { LOG.error("Failed to create application location for {}.", appDir); throw Throwables.propagate(e); } }
From source file:org.apache.twill.internal.yarn.AbstractYarnTwillService.java
License:Apache License
/** * Attempts to handle secure store update. * * @param message The message received/*ww w. j a v a 2 s. c om*/ * @return {@code true} if the message requests for secure store update, {@code false} otherwise. */ protected final boolean handleSecureStoreUpdate(Message message) { if (!SystemMessages.SECURE_STORE_UPDATED.equals(message)) { return false; } // If not in secure mode, simply ignore the message. if (!UserGroupInformation.isSecurityEnabled()) { return true; } try { Credentials credentials = new Credentials(); Location location = getSecureStoreLocation(); try (DataInputStream input = new DataInputStream(new BufferedInputStream(location.getInputStream()))) { credentials.readTokenStorageStream(input); } UserGroupInformation.getCurrentUser().addCredentials(credentials); // CDAP-5844 Workaround for HDFS-9276, to update HDFS delegation token for long running application in HA mode cloneHaNnCredentials(location, UserGroupInformation.getCurrentUser()); this.credentials = credentials; LOG.info("Secure store updated from {}.", location); } catch (Throwable t) { LOG.error("Failed to update secure store.", t); } return true; }
From source file:org.apache.twill.internal.yarn.Hadoop23YarnAppClient.java
License:Apache License
/** * Overrides parent method to adds RM delegation token to the given context. If YARN is running with HA RM, * delegation tokens for each RM service will be added. *//*from www . j ava 2 s.c om*/ protected void addRMToken(ContainerLaunchContext context, YarnClient yarnClient, ApplicationId appId) { if (!UserGroupInformation.isSecurityEnabled()) { return; } try { Text renewer = new Text(UserGroupInformation.getCurrentUser().getShortUserName()); org.apache.hadoop.yarn.api.records.Token rmDelegationToken = yarnClient.getRMDelegationToken(renewer); // The following logic is copied from ClientRMProxy.getRMDelegationTokenService, which is not available in // YARN older than 2.4 List<String> services = new ArrayList<>(); if (HAUtil.isHAEnabled(configuration)) { // If HA is enabled, we need to enumerate all RM hosts // and add the corresponding service name to the token service // Copy the yarn conf since we need to modify it to get the RM addresses YarnConfiguration yarnConf = new YarnConfiguration(configuration); for (String rmId : HAUtil.getRMHAIds(configuration)) { yarnConf.set(YarnConfiguration.RM_HA_ID, rmId); InetSocketAddress address = yarnConf.getSocketAddr(YarnConfiguration.RM_ADDRESS, YarnConfiguration.DEFAULT_RM_ADDRESS, YarnConfiguration.DEFAULT_RM_PORT); services.add(SecurityUtil.buildTokenService(address).toString()); } } else { services.add(SecurityUtil.buildTokenService(YarnUtils.getRMAddress(configuration)).toString()); } Credentials credentials = YarnUtils.decodeCredentials(context.getTokens()); // casting needed for later Hadoop version @SuppressWarnings("RedundantCast") Token<TokenIdentifier> token = ConverterUtils.convertFromYarn(rmDelegationToken, (InetSocketAddress) null); token.setService(new Text(Joiner.on(',').join(services))); credentials.addToken(new Text(token.getService()), token); LOG.debug("Added RM delegation token {} for application {}", token, appId); credentials.addToken(token.getService(), token); context.setTokens(YarnUtils.encodeCredentials(credentials)); } catch (Exception e) { throw Throwables.propagate(e); } }