From 2a653d8ad69bfdad191ba7cd47c4bfb6f7508224 Mon Sep 17 00:00:00 2001 From: Alan Camillo Date: Mon, 26 Mar 2018 21:02:14 -0300 Subject: [PATCH 1/4] Kerberos properties and authentication support. --- .../fluo/api/config/FluoConfiguration.java | 16 ++++++++++ .../fluo/core/client/FluoAdminImpl.java | 30 +++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/modules/api/src/main/java/org/apache/fluo/api/config/FluoConfiguration.java b/modules/api/src/main/java/org/apache/fluo/api/config/FluoConfiguration.java index cf416c0cb..4c6b150b5 100644 --- a/modules/api/src/main/java/org/apache/fluo/api/config/FluoConfiguration.java +++ b/modules/api/src/main/java/org/apache/fluo/api/config/FluoConfiguration.java @@ -48,6 +48,22 @@ public class FluoConfiguration extends SimpleConfiguration { // Client properties private static final String CLIENT_PREFIX = FLUO_PREFIX + ".client"; + + /** + * @since 1.2.0 + */ + public static final String CLIENT_KERBEROS = CLIENT_PREFIX + ".kerberos"; + + /** + * @since 1.2.0 + */ + public static final String CLIENT_KERBEROS_REALM = CLIENT_PREFIX + ".kerberos.realm"; + + /** + * @since 1.2.0 + */ + public static final String CLIENT_KERBEROS_KEYTAB = CLIENT_PREFIX + ".kerberos.keytab"; + /** * @deprecated since 1.2.0 replaced by fluo.connection.application.name */ diff --git a/modules/core/src/main/java/org/apache/fluo/core/client/FluoAdminImpl.java b/modules/core/src/main/java/org/apache/fluo/core/client/FluoAdminImpl.java index 5210cc0d6..e3cfc52b2 100644 --- a/modules/core/src/main/java/org/apache/fluo/core/client/FluoAdminImpl.java +++ b/modules/core/src/main/java/org/apache/fluo/core/client/FluoAdminImpl.java @@ -59,6 +59,7 @@ import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.FileSystem; import org.apache.hadoop.fs.Path; +import org.apache.hadoop.security.UserGroupInformation; import org.apache.zookeeper.KeeperException; import org.apache.zookeeper.KeeperException.NodeExistsException; import org.slf4j.Logger; @@ -76,6 +77,28 @@ public class FluoAdminImpl implements FluoAdmin { private final String appRootDir; + /** + * Kerberos autentication method. + * + * @param realm Realm to be used in authentication. + * @param keytab Keytab path. + * @since 1.2.0 + */ + public void loginWithKerberos(final String realm, final String keytab) { + + try { + Configuration conf = new Configuration(); + conf.set("hadoop.security.authentication", "kerberos"); + conf.set("hadoop.security.authorization", "true"); + UserGroupInformation.setConfiguration(conf); + UserGroupInformation.loginUserFromKeytab(realm, keytab); + + logger.info("Connected with REALM: '{}'.", realm); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + public FluoAdminImpl(FluoConfiguration config) { this.config = config; @@ -373,6 +396,13 @@ public static String copyDirToDfs(String dfsRoot, String appName, String srcDir, } private String copyJarsToDfs(String jars, String destDir) { + if (config.getClientConfiguration().getBoolean(FluoConfiguration.CLIENT_KERBEROS)) { + this.loginWithKerberos( + config.getClientConfiguration().getString(FluoConfiguration.CLIENT_KERBEROS_REALM), + config.getClientConfiguration().getString(FluoConfiguration.CLIENT_KERBEROS_KEYTAB)); + } + + String dfsAppRoot = config.getDfsRoot() + "/" + config.getApplicationName(); String dfsDestDir = dfsAppRoot + "/" + destDir; From c2ecc75f81fcedccf7e16f38b095b29e240c0faa Mon Sep 17 00:00:00 2001 From: Alan Camillo Date: Mon, 26 Mar 2018 21:09:14 -0300 Subject: [PATCH 2/4] Default value to kerberos properties. --- .../java/org/apache/fluo/core/client/FluoAdminImpl.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/core/src/main/java/org/apache/fluo/core/client/FluoAdminImpl.java b/modules/core/src/main/java/org/apache/fluo/core/client/FluoAdminImpl.java index e3cfc52b2..af555c550 100644 --- a/modules/core/src/main/java/org/apache/fluo/core/client/FluoAdminImpl.java +++ b/modules/core/src/main/java/org/apache/fluo/core/client/FluoAdminImpl.java @@ -396,10 +396,11 @@ public static String copyDirToDfs(String dfsRoot, String appName, String srcDir, } private String copyJarsToDfs(String jars, String destDir) { - if (config.getClientConfiguration().getBoolean(FluoConfiguration.CLIENT_KERBEROS)) { + + if (config.getClientConfiguration().getBoolean(FluoConfiguration.CLIENT_KERBEROS, false)) { this.loginWithKerberos( - config.getClientConfiguration().getString(FluoConfiguration.CLIENT_KERBEROS_REALM), - config.getClientConfiguration().getString(FluoConfiguration.CLIENT_KERBEROS_KEYTAB)); + config.getClientConfiguration().getString(FluoConfiguration.CLIENT_KERBEROS_REALM, ""), + config.getClientConfiguration().getString(FluoConfiguration.CLIENT_KERBEROS_KEYTAB, "")); } From 6c75835c8d2a51062f3a2b2aeadf7fcbaa770187 Mon Sep 17 00:00:00 2001 From: Alan Camillo Date: Wed, 28 Mar 2018 15:53:17 -0300 Subject: [PATCH 3/4] Update versions from 1.2.0 to 1.3.0 and update propery keys from ".kerberos" to ".hdfs.kerberos". --- .../fluo/api/config/FluoConfiguration.java | 16 ++++++---------- .../apache/fluo/core/client/FluoAdminImpl.java | 8 ++++---- 2 files changed, 10 insertions(+), 14 deletions(-) diff --git a/modules/api/src/main/java/org/apache/fluo/api/config/FluoConfiguration.java b/modules/api/src/main/java/org/apache/fluo/api/config/FluoConfiguration.java index 4c6b150b5..466763fe8 100644 --- a/modules/api/src/main/java/org/apache/fluo/api/config/FluoConfiguration.java +++ b/modules/api/src/main/java/org/apache/fluo/api/config/FluoConfiguration.java @@ -48,22 +48,18 @@ public class FluoConfiguration extends SimpleConfiguration { // Client properties private static final String CLIENT_PREFIX = FLUO_PREFIX + ".client"; - /** - * @since 1.2.0 + * @since 1.3.0 */ - public static final String CLIENT_KERBEROS = CLIENT_PREFIX + ".kerberos"; - + public static final String CLIENT_HDFS_KERBEROS = CLIENT_PREFIX + ".hdfs.kerberos"; /** - * @since 1.2.0 + * @since 1.3.0 */ - public static final String CLIENT_KERBEROS_REALM = CLIENT_PREFIX + ".kerberos.realm"; - + public static final String CLIENT_HDFS_KERBEROS_REALM = CLIENT_PREFIX + ".hdfs.kerberos.realm"; /** - * @since 1.2.0 + * @since 1.3.0 */ - public static final String CLIENT_KERBEROS_KEYTAB = CLIENT_PREFIX + ".kerberos.keytab"; - + public static final String CLIENT_HDFS_KERBEROS_KEYTAB = CLIENT_PREFIX + ".hdfs.kerberos.keytab"; /** * @deprecated since 1.2.0 replaced by fluo.connection.application.name */ diff --git a/modules/core/src/main/java/org/apache/fluo/core/client/FluoAdminImpl.java b/modules/core/src/main/java/org/apache/fluo/core/client/FluoAdminImpl.java index af555c550..1a10aec63 100644 --- a/modules/core/src/main/java/org/apache/fluo/core/client/FluoAdminImpl.java +++ b/modules/core/src/main/java/org/apache/fluo/core/client/FluoAdminImpl.java @@ -82,7 +82,7 @@ public class FluoAdminImpl implements FluoAdmin { * * @param realm Realm to be used in authentication. * @param keytab Keytab path. - * @since 1.2.0 + * @since 1.3.0 */ public void loginWithKerberos(final String realm, final String keytab) { @@ -397,10 +397,10 @@ public static String copyDirToDfs(String dfsRoot, String appName, String srcDir, private String copyJarsToDfs(String jars, String destDir) { - if (config.getClientConfiguration().getBoolean(FluoConfiguration.CLIENT_KERBEROS, false)) { + if (config.getClientConfiguration().getBoolean(FluoConfiguration.CLIENT_HDFS_KERBEROS, false)) { this.loginWithKerberos( - config.getClientConfiguration().getString(FluoConfiguration.CLIENT_KERBEROS_REALM, ""), - config.getClientConfiguration().getString(FluoConfiguration.CLIENT_KERBEROS_KEYTAB, "")); + config.getClientConfiguration().getString(FluoConfiguration.CLIENT_HDFS_KERBEROS_REALM, ""), + config.getClientConfiguration().getString(FluoConfiguration.CLIENT_HDFS_KERBEROS_KEYTAB, "")); } From 580e582f91413ba031c2b3807352216c165eb23b Mon Sep 17 00:00:00 2001 From: Alan Camillo Date: Wed, 28 Mar 2018 17:39:01 -0300 Subject: [PATCH 4/4] Rename method "loginWithKerberos" to "hdfsLoginWithKerberos". --- .../main/java/org/apache/fluo/core/client/FluoAdminImpl.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/core/src/main/java/org/apache/fluo/core/client/FluoAdminImpl.java b/modules/core/src/main/java/org/apache/fluo/core/client/FluoAdminImpl.java index 1a10aec63..3a6373259 100644 --- a/modules/core/src/main/java/org/apache/fluo/core/client/FluoAdminImpl.java +++ b/modules/core/src/main/java/org/apache/fluo/core/client/FluoAdminImpl.java @@ -84,7 +84,7 @@ public class FluoAdminImpl implements FluoAdmin { * @param keytab Keytab path. * @since 1.3.0 */ - public void loginWithKerberos(final String realm, final String keytab) { + public void hdfsLoginWithKerberos(final String realm, final String keytab) { try { Configuration conf = new Configuration(); @@ -398,7 +398,7 @@ public static String copyDirToDfs(String dfsRoot, String appName, String srcDir, private String copyJarsToDfs(String jars, String destDir) { if (config.getClientConfiguration().getBoolean(FluoConfiguration.CLIENT_HDFS_KERBEROS, false)) { - this.loginWithKerberos( + this.hdfsLoginWithKerberos( config.getClientConfiguration().getString(FluoConfiguration.CLIENT_HDFS_KERBEROS_REALM, ""), config.getClientConfiguration().getString(FluoConfiguration.CLIENT_HDFS_KERBEROS_KEYTAB, "")); }