You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sqoop.apache.org by "Arvind Prabhakar (JIRA)" <ji...@apache.org> on 2012/06/06 19:46:23 UTC
[jira] [Created] (SQOOP-499) Implement kerberos support for client
shell
Arvind Prabhakar created SQOOP-499:
--------------------------------------
Summary: Implement kerberos support for client shell
Key: SQOOP-499
URL: https://issues.apache.org/jira/browse/SQOOP-499
Project: Sqoop
Issue Type: Task
Reporter: Arvind Prabhakar
Fix For: 2.0.0
The client shell should be able to identify the user principal from the active kerberos session.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SQOOP-499) Implement kerberos support for
client shell
Posted by "Kathleen Ting (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SQOOP-499?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13419403#comment-13419403 ]
Kathleen Ting commented on SQOOP-499:
-------------------------------------
Sachin, I've successfully run a Sqoop import job on my Kerberos enabled Hadoop cluster.
> Implement kerberos support for client shell
> -------------------------------------------
>
> Key: SQOOP-499
> URL: https://issues.apache.org/jira/browse/SQOOP-499
> Project: Sqoop
> Issue Type: Task
> Reporter: Arvind Prabhakar
> Fix For: 2.0.0
>
>
> The client shell should be able to identify the user principal from the active kerberos session.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SQOOP-499) Implement kerberos support for
client shell
Posted by "sachin pawar (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SQOOP-499?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13419634#comment-13419634 ]
sachin pawar commented on SQOOP-499:
------------------------------------
Kathleen,
I am trying a simple sqoop client code from remote machine on kerberos enabled hadoop.
System.setProperty( "java.security.krb5.realm", "<realm.name>");
System.setProperty( "java.security.krb5.kdc", "<kdchost>");
String sqoopArgs[] = new String[]
{
"-D", "fs.default.name=hdfs://<hadoophost>:8020/",
"-D", "mapred.job.tracker=<hadoophost>:8021",
"-D", "hadoop.security.authentication=kerberos",
"-D", "mapreduce.jobtracker.kerberos.principal=mapred/<host-domain>",
"-D", "dfs.namenode.kerberos.principal=hdfs/<host-domain>",
"--connect", "jdbc:sqlserver://<dbhost>:1433;databaseName=SqoopTestDB",
"--username", "sa",
"--password", "sa",
"--table", "bizunit",
};
// ====================================
ImportTool iTool = new ImportTool();
Sqoop sqoop = new Sqoop(iTool);
try {
System.out.println("Started....");
ToolRunner.run(sqoop, sqoopArgs);
System.out.println("=======DONE==========");
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
when I debuged this code with sqoop source i found that ImportJobBase.runImport() creates a new Job instance
with passed in configuration. At this point the configuration matches to what I set in the code.
during the initialization the execution reaches UserGroupInformation getLoginUser()method.
then it does following
/**
* A method to initialize the fields that depend on a configuration.
* Must be called before useKerberos or groups is used.
*/
private static synchronized void ensureInitialized() {
if (!isInitialized) {
initialize(new Configuration());
}
}
here initialize is called using a new empty configuration and not using the configuration I set.
due to this the UserGroupInformation instance returned is always sets to Simple authentication mode
ignoring my setting for kerberos mode.
with above configuration when I call following
UserGroupInformation.setConfiguration(kconf);
UserGroupInformation ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(<principal>, "<keytablocation>");
I get ugi with kerberos auth settings.
but this does not happen to the ugi that sqoop generate.
thanks sachin
> Implement kerberos support for client shell
> -------------------------------------------
>
> Key: SQOOP-499
> URL: https://issues.apache.org/jira/browse/SQOOP-499
> Project: Sqoop
> Issue Type: Task
> Reporter: Arvind Prabhakar
> Fix For: 2.0.0
>
>
> The client shell should be able to identify the user principal from the active kerberos session.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SQOOP-499) Implement kerberos support for
client shell
Posted by "sachin pawar (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SQOOP-499?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13419351#comment-13419351 ]
sachin pawar commented on SQOOP-499:
------------------------------------
Hi,
Can Sqoop 1.4.1 run a import on kerberos enabled hadoop?
looking at the source code I found that sqoop obtains UserGroupInformation using
a new empty configuration. It does not use the configuration set by user and inturn fails to authenticate
on kerberos enabled hadoop. Is that correct observation? or am I missing something?
Thanks in advance..
Sachin
> Implement kerberos support for client shell
> -------------------------------------------
>
> Key: SQOOP-499
> URL: https://issues.apache.org/jira/browse/SQOOP-499
> Project: Sqoop
> Issue Type: Task
> Reporter: Arvind Prabhakar
> Fix For: 2.0.0
>
>
> The client shell should be able to identify the user principal from the active kerberos session.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Comment Edited] (SQOOP-499) Implement kerberos support for
client shell
Posted by "Kathleen Ting (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SQOOP-499?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13419403#comment-13419403 ]
Kathleen Ting edited comment on SQOOP-499 at 7/20/12 6:14 PM:
--------------------------------------------------------------
Sachin, I've successfully run a Sqoop (using 1.4.1) import job on my Kerberos enabled Hadoop cluster.
was (Author: kathleen):
Sachin, I've successfully run a Sqoop import job on my Kerberos enabled Hadoop cluster.
> Implement kerberos support for client shell
> -------------------------------------------
>
> Key: SQOOP-499
> URL: https://issues.apache.org/jira/browse/SQOOP-499
> Project: Sqoop
> Issue Type: Task
> Reporter: Arvind Prabhakar
> Fix For: 2.0.0
>
>
> The client shell should be able to identify the user principal from the active kerberos session.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira