Search in sources :

Example 1 with MiniClusterConfigurationCallback

use of org.apache.accumulo.harness.MiniClusterConfigurationCallback in project accumulo by apache.

the class KerberosIT method startMac.

@Before
public void startMac() throws Exception {
    MiniClusterHarness harness = new MiniClusterHarness();
    mac = harness.create(this, new PasswordToken("unused"), kdc, new MiniClusterConfigurationCallback() {

        @Override
        public void configureMiniCluster(MiniAccumuloConfigImpl cfg, Configuration coreSite) {
            Map<String, String> site = cfg.getSiteConfig();
            site.put(Property.INSTANCE_ZK_TIMEOUT.getKey(), "15s");
            cfg.setSiteConfig(site);
        }
    });
    mac.getConfig().setNumTservers(1);
    mac.start();
    // Enabled kerberos auth
    Configuration conf = new Configuration(false);
    conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
    UserGroupInformation.setConfiguration(conf);
}
Also used : PasswordToken(org.apache.accumulo.core.client.security.tokens.PasswordToken) Configuration(org.apache.hadoop.conf.Configuration) MiniClusterConfigurationCallback(org.apache.accumulo.harness.MiniClusterConfigurationCallback) MiniClusterHarness(org.apache.accumulo.harness.MiniClusterHarness) MiniAccumuloConfigImpl(org.apache.accumulo.minicluster.impl.MiniAccumuloConfigImpl) Before(org.junit.Before)

Example 2 with MiniClusterConfigurationCallback

use of org.apache.accumulo.harness.MiniClusterConfigurationCallback in project accumulo by apache.

the class KerberosProxyIT method startMac.

@Before
public void startMac() throws Exception {
    MiniClusterHarness harness = new MiniClusterHarness();
    mac = harness.create(getClass().getName(), testName.getMethodName(), new PasswordToken("unused"), new MiniClusterConfigurationCallback() {

        @Override
        public void configureMiniCluster(MiniAccumuloConfigImpl cfg, Configuration coreSite) {
            cfg.setNumTservers(1);
            Map<String, String> siteCfg = cfg.getSiteConfig();
            // Allow the proxy to impersonate the "root" Accumulo user and our one special user.
            siteCfg.put(Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION.getKey(), proxyPrincipal + ":" + kdc.getRootUser().getPrincipal() + "," + kdc.qualifyUser(PROXIED_USER1) + "," + kdc.qualifyUser(PROXIED_USER2));
            siteCfg.put(Property.INSTANCE_RPC_SASL_ALLOWED_HOST_IMPERSONATION.getKey(), "*");
            cfg.setSiteConfig(siteCfg);
        }
    }, kdc);
    mac.start();
    MiniAccumuloConfigImpl cfg = mac.getConfig();
    // Generate Proxy configuration and start the proxy
    proxyProcess = startProxy(cfg);
    // Enabled kerberos auth
    Configuration conf = new Configuration(false);
    conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
    UserGroupInformation.setConfiguration(conf);
    boolean success = false;
    ClusterUser rootUser = kdc.getRootUser();
    // Rely on the junit timeout rule
    while (!success) {
        UserGroupInformation ugi;
        try {
            ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(rootUser.getPrincipal(), rootUser.getKeytab().getAbsolutePath());
        } catch (IOException ex) {
            log.info("Login as root is failing", ex);
            Thread.sleep(3000);
            continue;
        }
        TSocket socket = new TSocket(hostname, proxyPort);
        log.info("Connecting to proxy with server primary '{}' running on {}", proxyPrimary, hostname);
        TSaslClientTransport transport = new TSaslClientTransport("GSSAPI", null, proxyPrimary, hostname, Collections.singletonMap("javax.security.sasl.qop", "auth"), null, socket);
        final UGIAssumingTransport ugiTransport = new UGIAssumingTransport(transport, ugi);
        try {
            // UGI transport will perform the doAs for us
            ugiTransport.open();
            success = true;
        } catch (TTransportException e) {
            Throwable cause = e.getCause();
            if (null != cause && cause instanceof ConnectException) {
                log.info("Proxy not yet up, waiting");
                Thread.sleep(3000);
                proxyProcess = checkProxyAndRestart(proxyProcess, cfg);
                continue;
            }
        } finally {
            if (null != ugiTransport) {
                ugiTransport.close();
            }
        }
    }
    assertTrue("Failed to connect to the proxy repeatedly", success);
}
Also used : Configuration(org.apache.hadoop.conf.Configuration) TTransportException(org.apache.thrift.transport.TTransportException) TSaslClientTransport(org.apache.thrift.transport.TSaslClientTransport) MiniClusterHarness(org.apache.accumulo.harness.MiniClusterHarness) IOException(java.io.IOException) MiniAccumuloConfigImpl(org.apache.accumulo.minicluster.impl.MiniAccumuloConfigImpl) UGIAssumingTransport(org.apache.accumulo.core.rpc.UGIAssumingTransport) PasswordToken(org.apache.accumulo.core.client.security.tokens.PasswordToken) MiniClusterConfigurationCallback(org.apache.accumulo.harness.MiniClusterConfigurationCallback) ClusterUser(org.apache.accumulo.cluster.ClusterUser) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) TSocket(org.apache.thrift.transport.TSocket) ConnectException(java.net.ConnectException) Before(org.junit.Before)

Example 3 with MiniClusterConfigurationCallback

use of org.apache.accumulo.harness.MiniClusterConfigurationCallback in project accumulo by apache.

the class KerberosRenewalIT method startMac.

@Before
public void startMac() throws Exception {
    MiniClusterHarness harness = new MiniClusterHarness();
    mac = harness.create(this, new PasswordToken("unused"), kdc, new MiniClusterConfigurationCallback() {

        @Override
        public void configureMiniCluster(MiniAccumuloConfigImpl cfg, Configuration coreSite) {
            Map<String, String> site = cfg.getSiteConfig();
            site.put(Property.INSTANCE_ZK_TIMEOUT.getKey(), "15s");
            // Reduce the period just to make sure we trigger renewal fast
            site.put(Property.GENERAL_KERBEROS_RENEWAL_PERIOD.getKey(), "5s");
            cfg.setSiteConfig(site);
        }
    });
    mac.getConfig().setNumTservers(1);
    mac.start();
    // Enabled kerberos auth
    Configuration conf = new Configuration(false);
    conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
    UserGroupInformation.setConfiguration(conf);
}
Also used : PasswordToken(org.apache.accumulo.core.client.security.tokens.PasswordToken) Configuration(org.apache.hadoop.conf.Configuration) MiniClusterConfigurationCallback(org.apache.accumulo.harness.MiniClusterConfigurationCallback) MiniClusterHarness(org.apache.accumulo.harness.MiniClusterHarness) MiniAccumuloConfigImpl(org.apache.accumulo.minicluster.impl.MiniAccumuloConfigImpl) Before(org.junit.Before)

Aggregations

PasswordToken (org.apache.accumulo.core.client.security.tokens.PasswordToken)3 MiniClusterConfigurationCallback (org.apache.accumulo.harness.MiniClusterConfigurationCallback)3 MiniClusterHarness (org.apache.accumulo.harness.MiniClusterHarness)3 MiniAccumuloConfigImpl (org.apache.accumulo.minicluster.impl.MiniAccumuloConfigImpl)3 Configuration (org.apache.hadoop.conf.Configuration)3 Before (org.junit.Before)3 IOException (java.io.IOException)1 ConnectException (java.net.ConnectException)1 ClusterUser (org.apache.accumulo.cluster.ClusterUser)1 UGIAssumingTransport (org.apache.accumulo.core.rpc.UGIAssumingTransport)1 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)1 TSaslClientTransport (org.apache.thrift.transport.TSaslClientTransport)1 TSocket (org.apache.thrift.transport.TSocket)1 TTransportException (org.apache.thrift.transport.TTransportException)1