You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by jd...@apache.org on 2015/08/11 01:16:46 UTC
hive git commit: HIVE-8874 - Error Accessing HBase from Hive via
Oozie on Kerberos 5.0.1 cluster (Yongzhi Chen via Brock)
Repository: hive
Updated Branches:
refs/heads/branch-1.0 9dc01d4ba -> 8df94b51b
HIVE-8874 - Error Accessing HBase from Hive via Oozie on Kerberos 5.0.1 cluster (Yongzhi Chen via Brock)
git-svn-id: https://svn.apache.org/repos/asf/hive/trunk@1640459 13f79535-47bb-0310-9956-ffa450edef68
Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/8df94b51
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/8df94b51
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/8df94b51
Branch: refs/heads/branch-1.0
Commit: 8df94b51bda57f7ad17f0cf85839a4cbc17dcb33
Parents: 9dc01d4
Author: Brock Noland <br...@apache.org>
Authored: Wed Nov 19 00:38:32 2014 +0000
Committer: Jason Dere <jd...@hortonworks.com>
Committed: Mon Aug 10 16:13:29 2015 -0700
----------------------------------------------------------------------
.../hadoop/hive/hbase/HBaseStorageHandler.java | 33 +++++++++++++++++++-
1 file changed, 32 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hive/blob/8df94b51/hbase-handler/src/java/org/apache/hadoop/hive/hbase/HBaseStorageHandler.java
----------------------------------------------------------------------
diff --git a/hbase-handler/src/java/org/apache/hadoop/hive/hbase/HBaseStorageHandler.java b/hbase-handler/src/java/org/apache/hadoop/hive/hbase/HBaseStorageHandler.java
index 6a9bd0e..7f064ba 100644
--- a/hbase-handler/src/java/org/apache/hadoop/hive/hbase/HBaseStorageHandler.java
+++ b/hbase-handler/src/java/org/apache/hadoop/hive/hbase/HBaseStorageHandler.java
@@ -42,9 +42,13 @@ import org.apache.hadoop.hbase.mapred.TableOutputFormat;
import org.apache.hadoop.hbase.mapreduce.TableInputFormatBase;
import org.apache.hadoop.hbase.mapreduce.TableMapReduceUtil;
import org.apache.hadoop.hbase.security.User;
+import org.apache.hadoop.hbase.security.token.AuthenticationTokenIdentifier;
+import org.apache.hadoop.hbase.security.token.AuthenticationTokenSelector;
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.hbase.ColumnMappings.ColumnMapping;
+import org.apache.hadoop.hbase.zookeeper.ZKClusterId;
+import org.apache.hadoop.hbase.zookeeper.ZooKeeperWatcher;
import org.apache.hadoop.hive.metastore.HiveMetaHook;
import org.apache.hadoop.hive.metastore.MetaStoreUtils;
import org.apache.hadoop.hive.metastore.api.MetaException;
@@ -60,11 +64,14 @@ import org.apache.hadoop.hive.ql.plan.TableDesc;
import org.apache.hadoop.hive.serde2.Deserializer;
import org.apache.hadoop.hive.serde2.SerDe;
import org.apache.hadoop.hive.shims.ShimLoader;
+import org.apache.hadoop.io.Text;
import org.apache.hadoop.mapred.InputFormat;
import org.apache.hadoop.mapred.JobConf;
import org.apache.hadoop.mapred.OutputFormat;
import org.apache.hadoop.mapreduce.Job;
+import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.StringUtils;
+import org.apache.zookeeper.KeeperException;
/**
* HBaseStorageHandler provides a HiveStorageHandler implementation for
@@ -450,13 +457,37 @@ public class HBaseStorageHandler extends DefaultStorageHandler
private void addHBaseDelegationToken(Configuration conf) throws IOException {
if (User.isHBaseSecurityEnabled(conf)) {
try {
- User.getCurrent().obtainAuthTokenForJob(conf,new Job(conf));
+ User curUser = User.getCurrent();
+ Token<AuthenticationTokenIdentifier> authToken = getAuthToken(conf, curUser);
+ Job job = new Job(conf);
+ if (authToken == null) {
+ curUser.obtainAuthTokenForJob(conf,job);
+ } else {
+ job.getCredentials().addToken(authToken.getService(), authToken);
+ }
} catch (InterruptedException e) {
throw new IOException("Error while obtaining hbase delegation token", e);
}
}
}
+ /**
+ * Get the authentication token of the user for the cluster specified in the configuration
+ * @return null if the user does not have the token, otherwise the auth token for the cluster.
+ */
+ private static Token<AuthenticationTokenIdentifier> getAuthToken(Configuration conf, User user)
+ throws IOException, InterruptedException {
+ ZooKeeperWatcher zkw = new ZooKeeperWatcher(conf, "mr-init-credentials", null);
+ try {
+ String clusterId = ZKClusterId.readClusterIdZNode(zkw);
+ return new AuthenticationTokenSelector().selectToken(new Text(clusterId), user.getUGI().getTokens());
+ } catch (KeeperException e) {
+ throw new IOException(e);
+ } finally {
+ zkw.close();
+ }
+ }
+
@Override
public void configureJobConf(TableDesc tableDesc, JobConf jobConf) {
try {