You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sqoop.apache.org by "Dian Fu (JIRA)" <ji...@apache.org> on 2015/12/16 13:22:46 UTC

[jira] [Commented] (SQOOP-2744) Sqoop2: Enable kerberos for HadoopMiniCluster

    [ https://issues.apache.org/jira/browse/SQOOP-2744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15059909#comment-15059909 ] 

Dian Fu commented on SQOOP-2744:
--------------------------------

I found some problems when developing the patch for this JIRA. One of the most important ones is as follows:
*Problem description*:
Currently, all the services in the integration test start up in one JVM (such as sqoop server, HDFS cluster, YARN cluster, Job history server, etc). This will cause problems for kerberos test as there are some important {{static}} variables in {{UserGroupInformation}}, such as {{private static UserGroupInformation loginUser}}. This static variable records the current login user and it has the following impact if all the services start up in one JVM:
1) When HDFS start up, NameNode and DataNode will do secure login. For example, they could login with user {{hdfs}}. Then {{loginUser}} will stand for user {{hdfs}}.
2) When YARN start up, JobHistoryServer will do secure login (in MRMiniCluster, ResourceManager and NodeManager don't do secure login, not sure why?). For example, it could login with user {{mapred}}. Then {{loginUser}} changed to user {{mapred}}.
3) When Sqoop server start up, it will do secure login with user {{sqoop}} for example. Then {{loginUser}} changed to user {{sqoop}}.
4) Then if a client access NameNode via RPC, it will firstly do authentication with NameNode using SASL. The NameNode side will firstly create a {{SaslRpcServer}} in method {{Server.createSaslServer}} and in the constructor of {{SaslRpcServer}}, it will look up the currently login user (the information of the login user will be sent back to client to do manual authentication) and it's {{sqoop}} at this time which is not correct.
*Solution*:
All the services start up as the same user.
Any thoughts?

> Sqoop2: Enable kerberos for HadoopMiniCluster
> ---------------------------------------------
>
>                 Key: SQOOP-2744
>                 URL: https://issues.apache.org/jira/browse/SQOOP-2744
>             Project: Sqoop
>          Issue Type: Sub-task
>            Reporter: Dian Fu
>            Assignee: Dian Fu
>             Fix For: 1.99.7
>
>
> The aim of this JIRA is to enable kerberos for HadoopMiniCluster.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)