You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by jd...@apache.org on 2016/03/17 23:47:31 UTC
[27/51] [abbrv] hive git commit: HIVE-13236 : LLAP: token renewal
interval needs to be set (Sergey Shelukhin, reviewed by Siddharth Seth)
HIVE-13236 : LLAP: token renewal interval needs to be set (Sergey Shelukhin, reviewed by Siddharth Seth)
Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/62bae5e1
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/62bae5e1
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/62bae5e1
Branch: refs/heads/llap
Commit: 62bae5e1a5cc563c5ef3f650927f2a63038c5a50
Parents: b6023c7
Author: Sergey Shelukhin <se...@apache.org>
Authored: Thu Mar 10 19:35:55 2016 -0800
Committer: Sergey Shelukhin <se...@apache.org>
Committed: Thu Mar 10 19:35:55 2016 -0800
----------------------------------------------------------------------
.../hive/llap/security/SecretManager.java | 39 +++++++++++++++++++-
1 file changed, 37 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hive/blob/62bae5e1/llap-server/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
----------------------------------------------------------------------
diff --git a/llap-server/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java b/llap-server/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
index dc4e81a..bbdca7b 100644
--- a/llap-server/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
+++ b/llap-server/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
@@ -27,10 +27,43 @@ import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenManager;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
public class SecretManager extends ZKDelegationTokenSecretManager<LlapTokenIdentifier> {
+ private static final Logger LOG = LoggerFactory.getLogger(SecretManager.class);
public SecretManager(Configuration conf) {
super(conf);
+ checkForZKDTSMBug(conf);
+ }
+
+ // Workaround for HADOOP-12659 - remove when Hadoop 2.7.X is no longer supported.
+ private void checkForZKDTSMBug(Configuration conf) {
+ // There's a bug in ZKDelegationTokenSecretManager ctor where seconds are not converted to ms.
+ long expectedRenewTimeSec = conf.getLong(DelegationTokenManager.RENEW_INTERVAL, -1);
+ LOG.info("Checking for tokenRenewInterval bug: " + expectedRenewTimeSec);
+ if (expectedRenewTimeSec == -1) return; // The default works, no bug.
+ java.lang.reflect.Field f = null;
+ try {
+ Class<?> c = org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.class;
+ f = c.getDeclaredField("tokenRenewInterval");
+ f.setAccessible(true);
+ } catch (Throwable t) {
+ // Maybe someone removed the field; probably ok to ignore.
+ LOG.error("Failed to check for tokenRenewInterval bug, hoping for the best", t);
+ return;
+ }
+ try {
+ long realValue = f.getLong(this);
+ long expectedValue = expectedRenewTimeSec * 1000;
+ LOG.info("tokenRenewInterval is: " + realValue + " (expected " + expectedValue + ")");
+ if (realValue == expectedRenewTimeSec) {
+ // Bug - the field has to be in ms, not sec. Override only if set precisely to sec.
+ f.setLong(this, expectedValue);
+ }
+ } catch (Exception ex) {
+ throw new RuntimeException("Failed to address tokenRenewInterval bug", ex);
+ }
}
@Override
@@ -62,8 +95,10 @@ public class SecretManager extends ZKDelegationTokenSecretManager<LlapTokenIdent
// Override the default delegation token lifetime for LLAP.
// Also set all the necessary ZK settings to defaults and LLAP configs, if not set.
final Configuration zkConf = new Configuration(conf);
- zkConf.setLong(DelegationTokenManager.MAX_LIFETIME,
- HiveConf.getTimeVar(conf, ConfVars.LLAP_DELEGATION_TOKEN_LIFETIME, TimeUnit.SECONDS));
+ long tokenLifetime = HiveConf.getTimeVar(
+ conf, ConfVars.LLAP_DELEGATION_TOKEN_LIFETIME, TimeUnit.SECONDS);
+ zkConf.setLong(DelegationTokenManager.MAX_LIFETIME, tokenLifetime);
+ zkConf.setLong(DelegationTokenManager.RENEW_INTERVAL, tokenLifetime);
zkConf.set(SecretManager.ZK_DTSM_ZK_KERBEROS_PRINCIPAL, principal);
zkConf.set(SecretManager.ZK_DTSM_ZK_KERBEROS_KEYTAB, keyTab);
setZkConfIfNotSet(zkConf, SecretManager.ZK_DTSM_ZNODE_WORKING_PATH, "llapzkdtsm");