示例#1
0
 public HBaseUtils(
     String quorum,
     boolean useKerberos,
     String keyTabUsername,
     String kerberosEnv,
     String keyTabFileLocation,
     int regions)
     throws IOException {
   this.regions = regions;
   conf.set("hbase.zookeeper.quorum", quorum);
   if (useKerberos) {
     conf.set("hadoop.security.authentication", "Kerberos");
     conf.set("hbase.security.authentication", "Kerberos");
     conf.set("hbase.master.kerberos.principal", "hbase/_HOST@" + kerberosEnv + ".YOURDOMAIN.COM");
     conf.set(
         "hbase.regionserver.kerberos.principal",
         "hbase/_HOST@" + kerberosEnv + ".YOURDOMAIN.COM");
     conf.set("hbase.client.keyvalue.maxsize", "-1");
     UserGroupInformation.setConfiguration(conf);
     try {
       UserGroupInformation.loginUserFromKeytab(
           keyTabUsername + "@" + kerberosEnv + ".YOURDOMAIN.COM", keyTabFileLocation);
       valid = true;
     } catch (IOException e) {
       e.printStackTrace();
       valid = false;
     }
     kerberosRefresher.scheduleAtFixedRate(
         () -> {
           try {
             UserGroupInformation ugi = UserGroupInformation.getLoginUser();
             if (ugi == null) {
               Logger.error("KERBEROS GOT LOGGED OUT");
               UserGroupInformation.loginUserFromKeytab(
                   keyTabUsername + "@" + kerberosEnv + ".YOURDOMAIN.COM", keyTabFileLocation);
             } else {
               ugi.checkTGTAndReloginFromKeytab();
             }
           } catch (IOException e) {
             e.printStackTrace();
           }
         },
         KERBEROS_EXPIRATION_HOURS,
         KERBEROS_EXPIRATION_HOURS,
         TimeUnit.HOURS);
   } else {
     valid = true;
     conf.set(HConstants.ZOOKEEPER_ZNODE_PARENT, "/hbase-unsecure");
   }
   connection = ConnectionFactory.createConnection(conf);
 }
示例#2
0
  /**
   * Getter for proxiedFs, using the passed parameters to create an instance of a proxiedFs.
   *
   * @param properties
   * @param authType is either TOKEN or KEYTAB.
   * @param authPath is the KEYTAB location if the authType is KEYTAB; otherwise, it is the token
   *     file.
   * @param uri File system URI.
   * @throws IOException
   * @throws InterruptedException
   * @throws URISyntaxException
   * @return proxiedFs
   */
  public FileSystem getProxiedFileSystem(
      State properties, AuthType authType, String authPath, String uri)
      throws IOException, InterruptedException, URISyntaxException {
    Preconditions.checkArgument(
        StringUtils.isNotBlank(properties.getProp(ConfigurationKeys.FS_PROXY_AS_USER_NAME)),
        "State does not contain a proper proxy user name");
    String proxyUserName = properties.getProp(ConfigurationKeys.FS_PROXY_AS_USER_NAME);
    UserGroupInformation proxyUser;
    switch (authType) {
      case KEYTAB: // If the authentication type is KEYTAB, log in a super user first before
                   // creating a proxy user.
        Preconditions.checkArgument(
            StringUtils.isNotBlank(
                properties.getProp(ConfigurationKeys.SUPER_USER_NAME_TO_PROXY_AS_OTHERS)),
            "State does not contain a proper proxy token file name");
        String superUser = properties.getProp(ConfigurationKeys.SUPER_USER_NAME_TO_PROXY_AS_OTHERS);
        UserGroupInformation.loginUserFromKeytab(superUser, authPath);
        proxyUser =
            UserGroupInformation.createProxyUser(
                proxyUserName, UserGroupInformation.getLoginUser());
        break;
      case TOKEN: // If the authentication type is TOKEN, create a proxy user and then add the token
                  // to the user.
        proxyUser =
            UserGroupInformation.createProxyUser(
                proxyUserName, UserGroupInformation.getLoginUser());
        Optional<Token> proxyToken = this.getTokenFromSeqFile(authPath, proxyUserName);
        if (proxyToken.isPresent()) {
          proxyUser.addToken(proxyToken.get());
        } else {
          LOG.warn("No delegation token found for the current proxy user.");
        }
        break;
      default:
        LOG.warn(
            "Creating a proxy user without authentication, which could not perform File system operations.");
        proxyUser =
            UserGroupInformation.createProxyUser(
                proxyUserName, UserGroupInformation.getLoginUser());
        break;
    }

    final Configuration conf = new Configuration();
    JobConfigurationUtils.putStateIntoConfiguration(properties, conf);
    final URI fsURI = URI.create(uri);
    proxyUser.doAs(
        new PrivilegedExceptionAction<Void>() {
          @Override
          public Void run() throws IOException {
            LOG.debug(
                "Now performing file system operations as :"
                    + UserGroupInformation.getCurrentUser());
            proxiedFs = FileSystem.get(fsURI, conf);
            return null;
          }
        });
    return this.proxiedFs;
  }
示例#3
0
  public void initialise() throws IOException {
    Configuration conf = HBaseConfiguration.create();
    conf.addResource(new Path(clientConfig));
    conf.addResource(new Path("/etc/hadoop/conf/core-site.xml"));

    UserGroupInformation.setConfiguration(conf);
    UserGroupInformation.loginUserFromKeytab(user, keytabLocation);

    System.out.println(conf.toString());

    connection = ConnectionFactory.createConnection(conf);
  }
示例#4
0
  /**
   * A test method to print out the current user's UGI.
   *
   * @param args if there are two arguments, read the user from the keytab and print it out.
   * @throws Exception
   */
  public static void main(String[] args) throws Exception {
    System.out.println("Getting UGI for current user");
    UserGroupInformation ugi = getCurrentUser();
    ugi.print();
    System.out.println("UGI: " + ugi);
    System.out.println("Auth method " + ugi.user.getAuthenticationMethod());
    System.out.println("Keytab " + ugi.isKeytab);
    System.out.println("============================================================");

    if (args.length == 2) {
      System.out.println("Getting UGI from keytab....");
      loginUserFromKeytab(args[0], args[1]);
      getCurrentUser().print();
      System.out.println("Keytab: " + ugi);
      System.out.println("Auth method " + loginUser.user.getAuthenticationMethod());
      System.out.println("Keytab " + loginUser.isKeytab);
    }
  }
示例#5
0
 public static void main(String... args)
     throws IOException, ClassNotFoundException, InterruptedException {
   UserGroupInformation.loginUserFromKeytab("web_dp", "web_dp.keytab");
   Configuration conf = HBaseConfiguration.create();
   HBaseAdmin admin = new HBaseAdmin(conf);
   if (admin.tableExists(QueryDataListener.TN_BYTES_DOMAIN)) {
     admin.disableTable(QueryDataListener.TN_BYTES_DOMAIN);
     admin.deleteTable(QueryDataListener.TN_BYTES_DOMAIN);
   }
   if (admin.tableExists(QueryDataListener.TN_BYTES_URL)) {
     admin.disableTable(QueryDataListener.TN_BYTES_URL);
     admin.deleteTable(QueryDataListener.TN_BYTES_URL);
   }
   if (admin.tableExists(QueryDataListener.TN_BYTES_QUERY)) {
     admin.disableTable(QueryDataListener.TN_BYTES_QUERY);
     admin.deleteTable(QueryDataListener.TN_BYTES_QUERY);
   }
 }
示例#6
0
 private void testDelegationTokenWithinDoAs(final Class fileSystemClass, boolean proxyUser)
     throws Exception {
   Configuration conf = new Configuration();
   conf.set("hadoop.security.authentication", "kerberos");
   UserGroupInformation.setConfiguration(conf);
   UserGroupInformation.loginUserFromKeytab("client", "/Users/tucu/tucu.keytab");
   UserGroupInformation ugi = UserGroupInformation.getLoginUser();
   if (proxyUser) {
     ugi = UserGroupInformation.createProxyUser("foo", ugi);
   }
   conf = new Configuration();
   UserGroupInformation.setConfiguration(conf);
   ugi.doAs(
       new PrivilegedExceptionAction<Void>() {
         @Override
         public Void run() throws Exception {
           testDelegationTokenWithFS(fileSystemClass);
           return null;
         }
       });
 }