Example 56 with PluginDefineException
use of com.dtstack.taier.pluginapi.exception.PluginDefineException in project Taier by DTStack.
the class KerberosUtils method createUGI.
private static synchronized UserGroupInformation createUGI(String krb5ConfPath, Configuration config, String principal, String keytabPath) {
logger.info("Creating a new UGI.");
try {
checkParams(principal, krb5ConfPath, keytabPath);
// krb5ConfPath = mergeKrb5(krb5ConfPath, principal);
if (StringUtils.isNotEmpty(krb5ConfPath)) {
System.setProperty(KRB5_CONF, krb5ConfPath);
}
if (StringUtils.isEmpty(config.get(SECURITY_TO_LOCAL)) || "DEFAULT".equals(config.get(SECURITY_TO_LOCAL))) {
config.set(SECURITY_TO_LOCAL, SECURITY_TO_LOCAL_DEFAULT);
}
if (!StringUtils.equals(config.get(KERBEROS_AUTH), KERBEROS_AUTH_TYPE)) {
config.set(KERBEROS_AUTH, KERBEROS_AUTH_TYPE);
}
sun.security.krb5.Config.refresh();
UserGroupInformation.setConfiguration(config);
return UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, keytabPath);
} catch (Exception e) {
logger.error("Create ugi error, {}", e.getMessage());
throw new PluginDefineException(e);
}
}
Also used :
PluginDefineException(com.dtstack.taier.pluginapi.exception.PluginDefineException)
PluginDefineException(com.dtstack.taier.pluginapi.exception.PluginDefineException)
Example 57 with PluginDefineException
use of com.dtstack.taier.pluginapi.exception.PluginDefineException in project Taier by DTStack.
the class KerberosUtils method getKerberosFile.
public static synchronized String[] getKerberosFile(BaseConfig config, String localDir) {
String keytabFileName = config.getPrincipalFile();
String krb5FileName = config.getKrbName();
String remoteDir = config.getRemoteDir();
Boolean isMergeKrb5 = StringUtils.isNotEmpty(config.getMergeKrbContent());
if (StringUtils.isEmpty(localDir)) {
localDir = ConfigConstant.LOCAL_KEYTAB_DIR_PARENT + remoteDir;
}
File localDirPath = new File(localDir);
if (!localDirPath.exists()) {
localDirPath.mkdirs();
}
String keytabPath = "";
String krb5ConfPath = "";
boolean isOverrideDownLoad = checkLocalCache(config.getKerberosFileTimestamp(), localDirPath);
if (isOverrideDownLoad) {
SftpFileManage sftpFileManage = SftpFileManage.getSftpManager(config.getSftpConf());
keytabPath = sftpFileManage.cacheOverloadFile(keytabFileName, remoteDir, localDir);
if (isMergeKrb5) {
krb5ConfPath = localDir + ConfigConstant.SP + ConfigConstant.MERGE_KRB5_NAME;
try {
Files.write(Paths.get(krb5ConfPath), Collections.singleton(config.getMergeKrbContent()));
} catch (IOException e) {
throw new PluginDefineException(e);
}
} else {
krb5ConfPath = sftpFileManage.cacheOverloadFile(krb5FileName, remoteDir, localDir);
}
writeTimeLockFile(config.getKerberosFileTimestamp(), localDir);
} else {
keytabPath = localDir + File.separator + keytabFileName;
krb5ConfPath = localDir + File.separator + krb5FileName;
}
logger.info("Get keytabPath: {}, krb5ConfPath: {}", keytabPath, krb5ConfPath);
return new String[] { keytabPath, krb5ConfPath };
}
Also used :
SftpFileManage(com.dtstack.taier.pluginapi.sftp.SftpFileManage)
PluginDefineException(com.dtstack.taier.pluginapi.exception.PluginDefineException)
Example 58 with PluginDefineException
use of com.dtstack.taier.pluginapi.exception.PluginDefineException in project Taier by DTStack.
the class KerberosUtils method login.
/**
* 重载login方法 ,增加IsCreateNewUGI 来检查是否重新create ugi
* @param config
* @param supplier
* @param configuration
* @param isCreateNewUGI
* @param <T>
* @return
* @throws Exception
*/
public static <T> T login(BaseConfig config, Supplier<T> supplier, Configuration configuration, boolean isCreateNewUGI) throws Exception {
if (Objects.isNull(config) || !config.isOpenKerberos()) {
return supplier.get();
}
String fileName = config.getPrincipalFile();
String remoteDir = config.getRemoteDir();
String localDir = ConfigConstant.LOCAL_KEYTAB_DIR_PARENT + remoteDir;
String finalKrb5ConfPath;
String finalPrincipal;
String finalKeytabPath;
String threadName;
Boolean isMergeKrb5;
File localDirPath = new File(localDir);
if (!localDirPath.exists()) {
localDirPath.mkdirs();
}
logger.info("fileName:{}, remoteDir:{}, localDir:{}, sftpConf:{}", fileName, remoteDir, localDir, config.getSftpConf());
try {
UserGroupInformation ugi;
String segmentName = segment.computeIfAbsent(remoteDir, key -> {
return new String(remoteDir);
});
synchronized (segmentName) {
String keytabPath = "";
String krb5ConfPath = "";
String krb5ConfName = config.getKrbName();
isMergeKrb5 = StringUtils.isNotEmpty(config.getMergeKrbContent());
// 本地文件是否和服务器时间一致 一致使用本地缓存
boolean isOverrideDownLoad = checkLocalCache(config.getKerberosFileTimestamp(), localDirPath);
if (isOverrideDownLoad) {
SftpFileManage sftpFileManage = SftpFileManage.getSftpManager(config.getSftpConf());
keytabPath = sftpFileManage.cacheOverloadFile(fileName, remoteDir, localDir);
krb5ConfPath = sftpFileManage.cacheOverloadFile(krb5ConfName, config.getRemoteDir(), localDir);
if (isMergeKrb5) {
krb5ConfPath = localDir + ConfigConstant.SP + ConfigConstant.MERGE_KRB5_NAME;
Files.write(Paths.get(krb5ConfPath), Collections.singleton(config.getMergeKrbContent()));
}
writeTimeLockFile(config.getKerberosFileTimestamp(), localDir);
} else {
keytabPath = localDir + File.separator + fileName;
if (isMergeKrb5) {
krb5ConfPath = localDir + ConfigConstant.SP + ConfigConstant.MERGE_KRB5_NAME;
} else {
krb5ConfPath = localDir + ConfigConstant.SP + krb5ConfName;
}
}
finalKrb5ConfPath = krb5ConfPath;
finalKeytabPath = keytabPath;
threadName = Thread.currentThread().getName();
String principal = config.getPrincipal();
if (StringUtils.isEmpty(principal)) {
principal = segment.computeIfAbsent(threadName, k -> {
return KerberosUtils.getPrincipal(finalKeytabPath);
});
}
finalPrincipal = principal;
logger.info("kerberos login, principal:{}, keytabPath:{}, krb5ConfPath:{}", principal, keytabPath, krb5ConfPath);
/*
* 如果用已经带有token的ugi进行认证时,在HDFS DELEGATION TOKEN那里会出现认证错误
* 如果是SPARK 在这里先每次创建UGI进行避开
*/
if (isCreateNewUGI) {
ugi = retryCreateUGIIfMerge(finalKrb5ConfPath, configuration, finalPrincipal, finalKeytabPath, config.getKrbName(), isMergeKrb5);
} else {
ugi = ugiMap.computeIfAbsent(threadName, k -> retryCreateUGIIfMerge(finalKrb5ConfPath, configuration, finalPrincipal, finalKeytabPath, config.getKrbName(), isMergeKrb5));
}
KerberosTicket ticket = getTGT(ugi);
if (!checkTGT(ticket) || isOverrideDownLoad) {
logger.info("Relogin after the ticket expired, principal: {}, current thread: {}", principal, Thread.currentThread().getName());
ugi = retryCreateUGIIfMerge(finalKrb5ConfPath, configuration, finalPrincipal, finalKeytabPath, config.getKrbName(), isMergeKrb5);
if (!isCreateNewUGI) {
ugiMap.put(threadName, ugi);
}
}
logger.info("userGroupInformation current user = {} ugi user = {} ", UserGroupInformation.getCurrentUser(), ugi.getUserName());
}
Preconditions.checkNotNull(ugi, "UserGroupInformation is null");
return KerberosUtils.retryLoginKerberosWithCallBack(ugi, supplier, finalKrb5ConfPath, configuration, finalPrincipal, finalKeytabPath, threadName, config.getKrbName(), isMergeKrb5);
} catch (Exception e) {
throw new PluginDefineException(e.getMessage());
}
}
Also used :
java.util(java.util)
SftpFileManage(com.dtstack.taier.pluginapi.sftp.SftpFileManage)
LoggerFactory(org.slf4j.LoggerFactory)
StringUtils(org.apache.commons.lang3.StringUtils)
Supplier(java.util.function.Supplier)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Configuration(org.apache.hadoop.conf.Configuration)
Keytab(org.apache.kerby.kerberos.kerb.keytab.Keytab)
Logger(org.slf4j.Logger)
MapUtils(org.apache.commons.collections.MapUtils)
Files(java.nio.file.Files)
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
Timestamp(java.sql.Timestamp)
HadoopKerberosName(org.apache.hadoop.security.HadoopKerberosName)
KerberosTicket(javax.security.auth.kerberos.KerberosTicket)
Field(java.lang.reflect.Field)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
Maps(com.google.common.collect.Maps)
Subject(javax.security.auth.Subject)
java.io(java.io)
Paths(java.nio.file.Paths)
ConfigConstant(com.dtstack.taier.pluginapi.constrant.ConfigConstant)
Time(org.apache.hadoop.util.Time)
Preconditions(com.google.common.base.Preconditions)
BaseConfig(com.dtstack.taier.base.BaseConfig)
PluginDefineException(com.dtstack.taier.pluginapi.exception.PluginDefineException)
PrincipalName(org.apache.kerby.kerberos.kerb.type.base.PrincipalName)
SftpFileManage(com.dtstack.taier.pluginapi.sftp.SftpFileManage)
KerberosTicket(javax.security.auth.kerberos.KerberosTicket)
PluginDefineException(com.dtstack.taier.pluginapi.exception.PluginDefineException)
PluginDefineException(com.dtstack.taier.pluginapi.exception.PluginDefineException)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Aggregations
PluginDefineException (com.dtstack.taier.pluginapi.exception.PluginDefineException)58
IOException (java.io.IOException)30
File (java.io.File)13
MalformedURLException (java.net.MalformedURLException)13
YarnClient (org.apache.hadoop.yarn.client.api.YarnClient)11
ApplicationId (org.apache.hadoop.yarn.api.records.ApplicationId)10
JarFileInfo (com.dtstack.taier.pluginapi.JarFileInfo)8
YarnConfiguration (org.apache.hadoop.yarn.conf.YarnConfiguration)8
YarnException (org.apache.hadoop.yarn.exceptions.YarnException)8
ApplicationReport (org.apache.hadoop.yarn.api.records.ApplicationReport)7
YarnApplicationState (org.apache.hadoop.yarn.api.records.YarnApplicationState)7
ClusterClient (org.apache.flink.client.program.ClusterClient)6
JSONObject (com.alibaba.fastjson.JSONObject)5
Configuration (org.apache.flink.configuration.Configuration)5
Path (org.apache.hadoop.fs.Path)5
KerberosUtils (com.dtstack.taier.base.util.KerberosUtils)4
FlinkConfig (com.dtstack.taier.flink.FlinkConfig)4
ConfigConstant (com.dtstack.taier.pluginapi.constrant.ConfigConstant)4
URL (java.net.URL)4
Matcher (java.util.regex.Matcher)4
