@Inject @VisibleForTesting public DefaultImpersonator(CConfiguration cConf, UGIProvider ugiProvider) { this.ugiProvider = ugiProvider; this.kerberosEnabled = SecurityUtil.isKerberosEnabled(cConf); // on kerberos disabled cluster the master principal will be null String masterPrincipal = SecurityUtil.getMasterPrincipal(cConf); try { masterShortUsername = masterPrincipal == null ? null : new KerberosName(masterPrincipal).getShortName(); } catch (IOException e) { Throwables.propagate(e); } }
public static void loginForMasterService(CConfiguration cConf) throws IOException, LoginException { String principal = getMasterPrincipal(cConf); String keytabPath = getMasterKeytabURI(cConf); if (UserGroupInformation.isSecurityEnabled()) { Path keytabFile = Paths.get(keytabPath); Preconditions.checkArgument(Files.isReadable(keytabFile), "Keytab file is not a readable file: %s", keytabFile); String expandedPrincipal = expandPrincipal(principal); LOG.info("Logging in as: principal={}, keytab={}", principal, keytabPath); UserGroupInformation.loginUserFromKeytab(expandedPrincipal, keytabPath); long delaySec = cConf.getLong(Constants.Security.KERBEROS_KEYTAB_RELOGIN_INTERVAL); Executors.newSingleThreadScheduledExecutor(Threads.createDaemonThreadFactory("Kerberos keytab renewal")) .scheduleWithFixedDelay(new Runnable() { @Override public void run() { try { UserGroupInformation.getLoginUser().checkTGTAndReloginFromKeytab(); } catch (IOException e) { LOG.error("Failed to relogin from keytab", e); } } }, delaySec, delaySec, TimeUnit.SECONDS); } }
/** * This has the logic to construct an impersonation info as follows: * <ul> * <li>If the ownerAdmin has an owner and a keytab URI, return this information</li> * <li>Else the ownerAdmin does not have an owner for this entity. * Return the master impersonation info as found in the cConf</li> * </ul> */ public static ImpersonationInfo createImpersonationInfo(OwnerAdmin ownerAdmin, CConfiguration cConf, NamespacedEntityId entityId) throws IOException { ImpersonationInfo impersonationInfo = ownerAdmin.getImpersonationInfo(entityId); if (impersonationInfo == null) { return new ImpersonationInfo(getMasterPrincipal(cConf), getMasterKeytabURI(cConf)); } return impersonationInfo; }