You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by joshelser <gi...@git.apache.org> on 2017/12/23 20:22:08 UTC

[GitHub] nifi issue #2360: NIFI-4323 Wrapped Get/ListHDFS hadoop operations in ugi.do...

Github user joshelser commented on the issue:

    https://github.com/apache/nifi/pull/2360
  
    > use UGI.loginUserFromKeytab. This brings those components in line with daemon-process-style usage, made possible by NiFi's InstanceClassloader isolation. Relogin (on ticket expiry/connection failure) can now be properly handled by hadoop-client code implicitly.
    
    Interesting. I'm trying to understand how to state this problem outside the context of NiFi (because the fix still confounds me). It seems like what's being stated is: when `UserGroupInformation.loginUserFromKeytabAndReturnUGI()` is used, the implicit re-login code called inside of the HDFS client code (e.g. `Client$Connection#handleSaslConnectionFailure()`) does the wrong thing. Looking at this again:
    
    ```java
    if (UserGroupInformation.isLoginKeytabBased()) {
      UserGroupInformation.getLoginUser().reloginFromKeytab();
    } else if (UserGroupInformation.isLoginTicketBased()) {
      UserGroupInformation.getLoginUser().reloginFromTicketCache();
    }
    ```
    
    Seems to paint a pretty clear picture as to why, when the loginUser isn't the one we're executing the call as, the relogin fails. Makes me wonder why HDFS isn't doing a `getCurrentUser()` instead of the `getLoginUser()`...


---