You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-commits@hadoop.apache.org by to...@apache.org on 2012/04/04 01:37:16 UTC
svn commit: r1309185 - in
/hadoop/common/branches/HDFS-3042/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools:
DFSHAAdmin.java DFSZKFailoverController.java
Author: todd
Date: Tue Apr 3 23:37:15 2012
New Revision: 1309185
URL: http://svn.apache.org/viewvc?rev=1309185&view=rev
Log:
HADOOP-8215. Security support for ZK Failover controller. Contributed by Todd Lipcon.
Modified:
hadoop/common/branches/HDFS-3042/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DFSHAAdmin.java
hadoop/common/branches/HDFS-3042/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DFSZKFailoverController.java
Modified: hadoop/common/branches/HDFS-3042/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DFSHAAdmin.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-3042/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DFSHAAdmin.java?rev=1309185&r1=1309184&r2=1309185&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-3042/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DFSHAAdmin.java (original)
+++ hadoop/common/branches/HDFS-3042/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DFSHAAdmin.java Tue Apr 3 23:37:15 2012
@@ -46,22 +46,33 @@ public class DFSHAAdmin extends HAAdmin
@Override
public void setConf(Configuration conf) {
if (conf != null) {
- // Make a copy so we don't mutate it. Also use an HdfsConfiguration to
- // force loading of hdfs-site.xml.
- conf = new HdfsConfiguration(conf);
- String nameNodePrincipal = conf.get(
- DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY, "");
- if (LOG.isDebugEnabled()) {
- LOG.debug("Using NN principal: " + nameNodePrincipal);
- }
-
- conf.set(CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_USER_NAME_KEY,
- nameNodePrincipal);
+ conf = addSecurityConfiguration(conf);
}
super.setConf(conf);
}
/**
+ * Add the requisite security principal settings to the given Configuration,
+ * returning a copy.
+ * @param conf the original config
+ * @return a copy with the security settings added
+ */
+ public static Configuration addSecurityConfiguration(Configuration conf) {
+ // Make a copy so we don't mutate it. Also use an HdfsConfiguration to
+ // force loading of hdfs-site.xml.
+ conf = new HdfsConfiguration(conf);
+ String nameNodePrincipal = conf.get(
+ DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY, "");
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Using NN principal: " + nameNodePrincipal);
+ }
+
+ conf.set(CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_USER_NAME_KEY,
+ nameNodePrincipal);
+ return conf;
+ }
+
+ /**
* Try to map the given namenode ID to its service address.
*/
@Override
Modified: hadoop/common/branches/HDFS-3042/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DFSZKFailoverController.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-3042/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DFSZKFailoverController.java?rev=1309185&r1=1309184&r2=1309185&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-3042/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DFSZKFailoverController.java (original)
+++ hadoop/common/branches/HDFS-3042/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DFSZKFailoverController.java Tue Apr 3 23:37:15 2012
@@ -17,6 +17,10 @@
*/
package org.apache.hadoop.hdfs.tools;
+import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY;
+import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY;
+
+import java.io.IOException;
import java.net.InetSocketAddress;
import org.apache.commons.logging.Log;
@@ -28,9 +32,9 @@ import org.apache.hadoop.ha.HAServiceTar
import org.apache.hadoop.ha.ZKFailoverController;
import org.apache.hadoop.hdfs.DFSUtil;
import org.apache.hadoop.hdfs.HAUtil;
-import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.server.namenode.NameNode;
import org.apache.hadoop.hdfs.server.namenode.ha.proto.HAZKInfoProtos.ActiveNodeInfo;
+import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.util.StringUtils;
import org.apache.hadoop.util.ToolRunner;
@@ -81,9 +85,7 @@ public class DFSZKFailoverController ext
@Override
public void setConf(Configuration conf) {
- // Use HdfsConfiguration here to force hdfs-site.xml to load
- localNNConf = new HdfsConfiguration(conf);
-
+ localNNConf = DFSHAAdmin.addSecurityConfiguration(conf);
String nsId = DFSUtil.getNamenodeNameServiceId(conf);
if (!HAUtil.isHAEnabled(localNNConf, nsId)) {
@@ -107,6 +109,13 @@ public class DFSZKFailoverController ext
return localTarget;
}
+ @Override
+ public void loginAsFCUser() throws IOException {
+ InetSocketAddress socAddr = NameNode.getAddress(localNNConf);
+ SecurityUtil.login(getConf(), DFS_NAMENODE_KEYTAB_FILE_KEY,
+ DFS_NAMENODE_USER_NAME_KEY, socAddr.getHostName());
+ }
+
public static void main(String args[])
throws Exception {
System.exit(ToolRunner.run(