You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@omid.apache.org by fp...@apache.org on 2017/08/10 20:42:59 UTC
incubator-omid git commit: [OMID-67] Avoid Kerberos logging multiple
times
Repository: incubator-omid
Updated Branches:
refs/heads/0.9.0.0 9f5474f91 -> 97579d66a
[OMID-67] Avoid Kerberos logging multiple times
It may cause race conditions when done multiple times from the same JVM.
The Kerberos ticket is not properly renewed when this happens.
This closes #14
Change-Id: I07599f54bc9bead90a87d30a2f6b033de64b6470
Project: http://git-wip-us.apache.org/repos/asf/incubator-omid/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-omid/commit/97579d66
Tree: http://git-wip-us.apache.org/repos/asf/incubator-omid/tree/97579d66
Diff: http://git-wip-us.apache.org/repos/asf/incubator-omid/diff/97579d66
Branch: refs/heads/0.9.0.0
Commit: 97579d66a3f1f62eebca054495937f4f6f2666c2
Parents: 9f5474f
Author: Francisco Perez-Sorrosal <fp...@apache.org>
Authored: Thu May 11 12:00:21 2017 -0700
Committer: Francisco Perez-Sorrosal <fp...@apache.org>
Committed: Thu Aug 10 13:18:51 2017 -0700
----------------------------------------------------------------------
.../org/apache/omid/tools/hbase/HBaseLogin.java | 25 ++++++++++++++++----
1 file changed, 21 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-omid/blob/97579d66/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java
----------------------------------------------------------------------
diff --git a/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java b/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java
index 0994748..92b4904 100644
--- a/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java
+++ b/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java
@@ -21,18 +21,35 @@ import org.apache.hadoop.security.UserGroupInformation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import javax.annotation.Nullable;
import java.io.IOException;
public final class HBaseLogin {
private static final Logger LOG = LoggerFactory.getLogger(HBaseLogin.class);
+ private static volatile UserGroupInformation ugi;
+
+ @Nullable
public static UserGroupInformation loginIfNeeded(SecureHBaseConfig config) throws IOException {
+
if (UserGroupInformation.isSecurityEnabled()) {
- LOG.info("Security is enabled, logging in with principal={}, keytab={}",
- config.getPrincipal(), config.getKeytab());
- UserGroupInformation.loginUserFromKeytab(config.getPrincipal(), config.getKeytab());
+ LOG.info("Security enabled when connecting to HBase");
+ if (ugi == null) { // Use lazy initialization with double-checked locking
+ synchronized (HBaseLogin.class) {
+ if (ugi == null) {
+ LOG.info("Login with Kerberos. User={}, keytab={}", config.getPrincipal(), config.getKeytab());
+ UserGroupInformation.loginUserFromKeytab(config.getPrincipal(), config.getKeytab());
+ ugi = UserGroupInformation.getCurrentUser();
+ }
+ }
+ } else {
+ LOG.info("User {}, already trusted (Kerberos). Avoiding 2nd login as it causes problems", ugi.toString());
+ }
+ } else {
+ LOG.warn("Security NOT enabled when connecting to HBase. Act at your own risk. NULL UGI returned");
}
- return UserGroupInformation.getCurrentUser();
+ return ugi;
}
+
}