public HBaseUtils( String quorum, boolean useKerberos, String keyTabUsername, String kerberosEnv, String keyTabFileLocation, int regions) throws IOException { this.regions = regions; conf.set("hbase.zookeeper.quorum", quorum); if (useKerberos) { conf.set("hadoop.security.authentication", "Kerberos"); conf.set("hbase.security.authentication", "Kerberos"); conf.set("hbase.master.kerberos.principal", "hbase/_HOST@" + kerberosEnv + ".YOURDOMAIN.COM"); conf.set( "hbase.regionserver.kerberos.principal", "hbase/_HOST@" + kerberosEnv + ".YOURDOMAIN.COM"); conf.set("hbase.client.keyvalue.maxsize", "-1"); UserGroupInformation.setConfiguration(conf); try { UserGroupInformation.loginUserFromKeytab( keyTabUsername + "@" + kerberosEnv + ".YOURDOMAIN.COM", keyTabFileLocation); valid = true; } catch (IOException e) { e.printStackTrace(); valid = false; } kerberosRefresher.scheduleAtFixedRate( () -> { try { UserGroupInformation ugi = UserGroupInformation.getLoginUser(); if (ugi == null) { Logger.error("KERBEROS GOT LOGGED OUT"); UserGroupInformation.loginUserFromKeytab( keyTabUsername + "@" + kerberosEnv + ".YOURDOMAIN.COM", keyTabFileLocation); } else { ugi.checkTGTAndReloginFromKeytab(); } } catch (IOException e) { e.printStackTrace(); } }, KERBEROS_EXPIRATION_HOURS, KERBEROS_EXPIRATION_HOURS, TimeUnit.HOURS); } else { valid = true; conf.set(HConstants.ZOOKEEPER_ZNODE_PARENT, "/hbase-unsecure"); } connection = ConnectionFactory.createConnection(conf); }
/** * Getter for proxiedFs, using the passed parameters to create an instance of a proxiedFs. * * @param properties * @param authType is either TOKEN or KEYTAB. * @param authPath is the KEYTAB location if the authType is KEYTAB; otherwise, it is the token * file. * @param uri File system URI. * @throws IOException * @throws InterruptedException * @throws URISyntaxException * @return proxiedFs */ public FileSystem getProxiedFileSystem( State properties, AuthType authType, String authPath, String uri) throws IOException, InterruptedException, URISyntaxException { Preconditions.checkArgument( StringUtils.isNotBlank(properties.getProp(ConfigurationKeys.FS_PROXY_AS_USER_NAME)), "State does not contain a proper proxy user name"); String proxyUserName = properties.getProp(ConfigurationKeys.FS_PROXY_AS_USER_NAME); UserGroupInformation proxyUser; switch (authType) { case KEYTAB: // If the authentication type is KEYTAB, log in a super user first before // creating a proxy user. Preconditions.checkArgument( StringUtils.isNotBlank( properties.getProp(ConfigurationKeys.SUPER_USER_NAME_TO_PROXY_AS_OTHERS)), "State does not contain a proper proxy token file name"); String superUser = properties.getProp(ConfigurationKeys.SUPER_USER_NAME_TO_PROXY_AS_OTHERS); UserGroupInformation.loginUserFromKeytab(superUser, authPath); proxyUser = UserGroupInformation.createProxyUser( proxyUserName, UserGroupInformation.getLoginUser()); break; case TOKEN: // If the authentication type is TOKEN, create a proxy user and then add the token // to the user. proxyUser = UserGroupInformation.createProxyUser( proxyUserName, UserGroupInformation.getLoginUser()); Optional<Token> proxyToken = this.getTokenFromSeqFile(authPath, proxyUserName); if (proxyToken.isPresent()) { proxyUser.addToken(proxyToken.get()); } else { LOG.warn("No delegation token found for the current proxy user."); } break; default: LOG.warn( "Creating a proxy user without authentication, which could not perform File system operations."); proxyUser = UserGroupInformation.createProxyUser( proxyUserName, UserGroupInformation.getLoginUser()); break; } final Configuration conf = new Configuration(); JobConfigurationUtils.putStateIntoConfiguration(properties, conf); final URI fsURI = URI.create(uri); proxyUser.doAs( new PrivilegedExceptionAction<Void>() { @Override public Void run() throws IOException { LOG.debug( "Now performing file system operations as :" + UserGroupInformation.getCurrentUser()); proxiedFs = FileSystem.get(fsURI, conf); return null; } }); return this.proxiedFs; }
public void initialise() throws IOException { Configuration conf = HBaseConfiguration.create(); conf.addResource(new Path(clientConfig)); conf.addResource(new Path("/etc/hadoop/conf/core-site.xml")); UserGroupInformation.setConfiguration(conf); UserGroupInformation.loginUserFromKeytab(user, keytabLocation); System.out.println(conf.toString()); connection = ConnectionFactory.createConnection(conf); }
/** * A test method to print out the current user's UGI. * * @param args if there are two arguments, read the user from the keytab and print it out. * @throws Exception */ public static void main(String[] args) throws Exception { System.out.println("Getting UGI for current user"); UserGroupInformation ugi = getCurrentUser(); ugi.print(); System.out.println("UGI: " + ugi); System.out.println("Auth method " + ugi.user.getAuthenticationMethod()); System.out.println("Keytab " + ugi.isKeytab); System.out.println("============================================================"); if (args.length == 2) { System.out.println("Getting UGI from keytab...."); loginUserFromKeytab(args[0], args[1]); getCurrentUser().print(); System.out.println("Keytab: " + ugi); System.out.println("Auth method " + loginUser.user.getAuthenticationMethod()); System.out.println("Keytab " + loginUser.isKeytab); } }
public static void main(String... args) throws IOException, ClassNotFoundException, InterruptedException { UserGroupInformation.loginUserFromKeytab("web_dp", "web_dp.keytab"); Configuration conf = HBaseConfiguration.create(); HBaseAdmin admin = new HBaseAdmin(conf); if (admin.tableExists(QueryDataListener.TN_BYTES_DOMAIN)) { admin.disableTable(QueryDataListener.TN_BYTES_DOMAIN); admin.deleteTable(QueryDataListener.TN_BYTES_DOMAIN); } if (admin.tableExists(QueryDataListener.TN_BYTES_URL)) { admin.disableTable(QueryDataListener.TN_BYTES_URL); admin.deleteTable(QueryDataListener.TN_BYTES_URL); } if (admin.tableExists(QueryDataListener.TN_BYTES_QUERY)) { admin.disableTable(QueryDataListener.TN_BYTES_QUERY); admin.deleteTable(QueryDataListener.TN_BYTES_QUERY); } }
private void testDelegationTokenWithinDoAs(final Class fileSystemClass, boolean proxyUser) throws Exception { Configuration conf = new Configuration(); conf.set("hadoop.security.authentication", "kerberos"); UserGroupInformation.setConfiguration(conf); UserGroupInformation.loginUserFromKeytab("client", "/Users/tucu/tucu.keytab"); UserGroupInformation ugi = UserGroupInformation.getLoginUser(); if (proxyUser) { ugi = UserGroupInformation.createProxyUser("foo", ugi); } conf = new Configuration(); UserGroupInformation.setConfiguration(conf); ugi.doAs( new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { testDelegationTokenWithFS(fileSystemClass); return null; } }); }