You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-commits@hadoop.apache.org by jg...@apache.org on 2010/07/10 21:44:30 UTC
svn commit: r962908 - in /hadoop/hdfs/trunk: CHANGES.txt
src/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java
Author: jghoman
Date: Sat Jul 10 19:44:30 2010
New Revision: 962908
URL: http://svn.apache.org/viewvc?rev=962908&view=rev
Log:
HDFS-1023. Allow http server to start as regular principal if https principal not defined.
Modified:
hadoop/hdfs/trunk/CHANGES.txt
hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java
Modified: hadoop/hdfs/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/hdfs/trunk/CHANGES.txt?rev=962908&r1=962907&r2=962908&view=diff
==============================================================================
--- hadoop/hdfs/trunk/CHANGES.txt (original)
+++ hadoop/hdfs/trunk/CHANGES.txt Sat Jul 10 19:44:30 2010
@@ -21,6 +21,9 @@ Trunk (unreleased changes)
HDFS-1033. In secure clusters, NN and SNN should verify that the remote
principal during image and edits transfer. (jghoman)
+ HDFS-1023. Allow http server to start as regular principal if https
+ principal not defined. (jghoman)
+
IMPROVEMENTS
HDFS-1096. fix for prev. commit. (boryas)
Modified: hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java
URL: http://svn.apache.org/viewvc/hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java?rev=962908&r1=962907&r2=962908&view=diff
==============================================================================
--- hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java (original)
+++ hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java Sat Jul 10 19:44:30 2010
@@ -414,9 +414,20 @@ public class NameNode implements Namenod
}
private void startHttpServer(final Configuration conf) throws IOException {
- // Kerberized SSL servers must be run from the host principal...
- DFSUtil.login(conf, DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY,
- DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY);
+ if(UserGroupInformation.isSecurityEnabled()) {
+ String httpsUser = conf.get(DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY);
+ if(httpsUser == null) {
+ LOG.warn(DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY +
+ " not defined in config. Starting http server as "
+ + conf.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY)
+ + ": Kerberized SSL may be not function correctly.");
+ } else {
+ // Kerberized SSL servers must be run from the host principal...
+ LOG.info("Logging in as " + httpsUser + " to start http server.");
+ DFSUtil.login(conf, DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY,
+ DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY);
+ }
+ }
UserGroupInformation ugi = UserGroupInformation.getLoginUser();
try {
this.httpServer = ugi.doAs(new PrivilegedExceptionAction<HttpServer>() {
@@ -483,9 +494,15 @@ public class NameNode implements Namenod
} catch (InterruptedException e) {
throw new IOException(e);
} finally {
- // Go back to being the correct Namenode principal
- DFSUtil.login(conf, DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY,
- DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY);
+ if(UserGroupInformation.isSecurityEnabled() &&
+ conf.get(DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY) != null) {
+ // Go back to being the correct Namenode principal
+ LOG.info("Logging back in as "
+ + conf.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY)
+ + " following http server start.");
+ DFSUtil.login(conf, DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY,
+ DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY);
+ }
}
}