use of org.apache.accumulo.harness.MiniClusterConfigurationCallback in project accumulo by apache.
the class KerberosIT method startMac.
@Before
public void startMac() throws Exception {
MiniClusterHarness harness = new MiniClusterHarness();
mac = harness.create(this, new PasswordToken("unused"), kdc, new MiniClusterConfigurationCallback() {
@Override
public void configureMiniCluster(MiniAccumuloConfigImpl cfg, Configuration coreSite) {
Map<String, String> site = cfg.getSiteConfig();
site.put(Property.INSTANCE_ZK_TIMEOUT.getKey(), "15s");
cfg.setSiteConfig(site);
}
});
mac.getConfig().setNumTservers(1);
mac.start();
// Enabled kerberos auth
Configuration conf = new Configuration(false);
conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
UserGroupInformation.setConfiguration(conf);
}
use of org.apache.accumulo.harness.MiniClusterConfigurationCallback in project accumulo by apache.
the class KerberosProxyIT method startMac.
@Before
public void startMac() throws Exception {
MiniClusterHarness harness = new MiniClusterHarness();
mac = harness.create(getClass().getName(), testName.getMethodName(), new PasswordToken("unused"), new MiniClusterConfigurationCallback() {
@Override
public void configureMiniCluster(MiniAccumuloConfigImpl cfg, Configuration coreSite) {
cfg.setNumTservers(1);
Map<String, String> siteCfg = cfg.getSiteConfig();
// Allow the proxy to impersonate the "root" Accumulo user and our one special user.
siteCfg.put(Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION.getKey(), proxyPrincipal + ":" + kdc.getRootUser().getPrincipal() + "," + kdc.qualifyUser(PROXIED_USER1) + "," + kdc.qualifyUser(PROXIED_USER2));
siteCfg.put(Property.INSTANCE_RPC_SASL_ALLOWED_HOST_IMPERSONATION.getKey(), "*");
cfg.setSiteConfig(siteCfg);
}
}, kdc);
mac.start();
MiniAccumuloConfigImpl cfg = mac.getConfig();
// Generate Proxy configuration and start the proxy
proxyProcess = startProxy(cfg);
// Enabled kerberos auth
Configuration conf = new Configuration(false);
conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
UserGroupInformation.setConfiguration(conf);
boolean success = false;
ClusterUser rootUser = kdc.getRootUser();
// Rely on the junit timeout rule
while (!success) {
UserGroupInformation ugi;
try {
ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(rootUser.getPrincipal(), rootUser.getKeytab().getAbsolutePath());
} catch (IOException ex) {
log.info("Login as root is failing", ex);
Thread.sleep(3000);
continue;
}
TSocket socket = new TSocket(hostname, proxyPort);
log.info("Connecting to proxy with server primary '{}' running on {}", proxyPrimary, hostname);
TSaslClientTransport transport = new TSaslClientTransport("GSSAPI", null, proxyPrimary, hostname, Collections.singletonMap("javax.security.sasl.qop", "auth"), null, socket);
final UGIAssumingTransport ugiTransport = new UGIAssumingTransport(transport, ugi);
try {
// UGI transport will perform the doAs for us
ugiTransport.open();
success = true;
} catch (TTransportException e) {
Throwable cause = e.getCause();
if (null != cause && cause instanceof ConnectException) {
log.info("Proxy not yet up, waiting");
Thread.sleep(3000);
proxyProcess = checkProxyAndRestart(proxyProcess, cfg);
continue;
}
} finally {
if (null != ugiTransport) {
ugiTransport.close();
}
}
}
assertTrue("Failed to connect to the proxy repeatedly", success);
}
use of org.apache.accumulo.harness.MiniClusterConfigurationCallback in project accumulo by apache.
the class KerberosRenewalIT method startMac.
@Before
public void startMac() throws Exception {
MiniClusterHarness harness = new MiniClusterHarness();
mac = harness.create(this, new PasswordToken("unused"), kdc, new MiniClusterConfigurationCallback() {
@Override
public void configureMiniCluster(MiniAccumuloConfigImpl cfg, Configuration coreSite) {
Map<String, String> site = cfg.getSiteConfig();
site.put(Property.INSTANCE_ZK_TIMEOUT.getKey(), "15s");
// Reduce the period just to make sure we trigger renewal fast
site.put(Property.GENERAL_KERBEROS_RENEWAL_PERIOD.getKey(), "5s");
cfg.setSiteConfig(site);
}
});
mac.getConfig().setNumTservers(1);
mac.start();
// Enabled kerberos auth
Configuration conf = new Configuration(false);
conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
UserGroupInformation.setConfiguration(conf);
}
Aggregations