Example 6 with SecurityConfiguration
use of org.apache.flink.runtime.security.SecurityConfiguration in project flink by apache.
the class HistoryServer method main.
public static void main(String[] args) throws Exception {
EnvironmentInformation.logEnvironmentInfo(LOG, "HistoryServer", args);
ParameterTool pt = ParameterTool.fromArgs(args);
String configDir = pt.getRequired("configDir");
LOG.info("Loading configuration from {}", configDir);
final Configuration flinkConfig = GlobalConfiguration.loadConfiguration(configDir);
FileSystem.initialize(flinkConfig, PluginUtils.createPluginManagerFromRootFolder(flinkConfig));
// run the history server
SecurityUtils.install(new SecurityConfiguration(flinkConfig));
try {
SecurityUtils.getInstalledContext().runSecured(new Callable<Integer>() {
@Override
public Integer call() throws Exception {
HistoryServer hs = new HistoryServer(flinkConfig);
hs.run();
return 0;
}
});
System.exit(0);
} catch (Throwable t) {
final Throwable strippedThrowable = ExceptionUtils.stripException(t, UndeclaredThrowableException.class);
LOG.error("Failed to run HistoryServer.", strippedThrowable);
strippedThrowable.printStackTrace();
System.exit(1);
}
}
Also used :
ParameterTool(org.apache.flink.api.java.utils.ParameterTool)
DashboardConfiguration(org.apache.flink.runtime.rest.messages.DashboardConfiguration)
Configuration(org.apache.flink.configuration.Configuration)
SecurityConfiguration(org.apache.flink.runtime.security.SecurityConfiguration)
GlobalConfiguration(org.apache.flink.configuration.GlobalConfiguration)
UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException)
SecurityConfiguration(org.apache.flink.runtime.security.SecurityConfiguration)
FlinkException(org.apache.flink.util.FlinkException)
IllegalConfigurationException(org.apache.flink.configuration.IllegalConfigurationException)
IOException(java.io.IOException)
UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException)
Example 7 with SecurityConfiguration
use of org.apache.flink.runtime.security.SecurityConfiguration in project flink by apache.
the class ClusterEntrypoint method installSecurityContext.
private SecurityContext installSecurityContext(Configuration configuration) throws Exception {
LOG.info("Install security context.");
SecurityUtils.install(new SecurityConfiguration(configuration));
return SecurityUtils.getInstalledContext();
}
Also used :
SecurityConfiguration(org.apache.flink.runtime.security.SecurityConfiguration)
Example 8 with SecurityConfiguration
use of org.apache.flink.runtime.security.SecurityConfiguration in project flink by apache.
the class JaasModuleTest method testCreateJaasModuleFileInTemporary.
/**
* Test that the jaas file will be created in the directory specified by {@link
* CoreOptions#TMP_DIRS}'s default value if we do not manually specify it.
*/
@Test
public void testCreateJaasModuleFileInTemporary() throws IOException {
Configuration configuration = new Configuration();
SecurityConfiguration sc = new SecurityConfiguration(configuration);
JaasModule module = new JaasModule(sc);
module.install();
assertJaasFileLocateInRightDirectory(CoreOptions.TMP_DIRS.defaultValue());
}
Also used :
Configuration(org.apache.flink.configuration.Configuration)
SecurityConfiguration(org.apache.flink.runtime.security.SecurityConfiguration)
SecurityConfiguration(org.apache.flink.runtime.security.SecurityConfiguration)
Test(org.junit.Test)
Example 9 with SecurityConfiguration
use of org.apache.flink.runtime.security.SecurityConfiguration in project flink by apache.
the class CliFrontend method main.
/**
* Submits the job based on the arguments.
*/
public static void main(final String[] args) {
EnvironmentInformation.logEnvironmentInfo(LOG, "Command Line Client", args);
// 1. find the configuration directory
final String configurationDirectory = getConfigurationDirectoryFromEnv();
// 2. load the global configuration
final Configuration configuration = GlobalConfiguration.loadConfiguration(configurationDirectory);
// 3. load the custom command lines
final List<CustomCommandLine> customCommandLines = loadCustomCommandLines(configuration, configurationDirectory);
int retCode = 31;
try {
final CliFrontend cli = new CliFrontend(configuration, customCommandLines);
SecurityUtils.install(new SecurityConfiguration(cli.configuration));
retCode = SecurityUtils.getInstalledContext().runSecured(() -> cli.parseAndRun(args));
} catch (Throwable t) {
final Throwable strippedThrowable = ExceptionUtils.stripException(t, UndeclaredThrowableException.class);
LOG.error("Fatal error while running command line interface.", strippedThrowable);
strippedThrowable.printStackTrace();
} finally {
System.exit(retCode);
}
}
Also used :
ApplicationConfiguration(org.apache.flink.client.deployment.application.ApplicationConfiguration)
SecurityConfiguration(org.apache.flink.runtime.security.SecurityConfiguration)
Configuration(org.apache.flink.configuration.Configuration)
GlobalConfiguration(org.apache.flink.configuration.GlobalConfiguration)
UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException)
SecurityConfiguration(org.apache.flink.runtime.security.SecurityConfiguration)
Example 10 with SecurityConfiguration
use of org.apache.flink.runtime.security.SecurityConfiguration in project flink by apache.
the class SecureTestEnvironment method prepare.
public static void prepare(TemporaryFolder tempFolder, String... additionalPrincipals) {
checkArgument(additionalPrincipals != null, "Valid principals must be provided");
try {
File baseDirForSecureRun = tempFolder.newFolder();
LOG.info("Base Directory for Secure Environment: {}", baseDirForSecureRun);
Properties kdcConf = MiniKdc.createConf();
if (LOG.isDebugEnabled()) {
kdcConf.setProperty(MiniKdc.DEBUG, "true");
}
kdcConf.setProperty(MiniKdc.KDC_BIND_ADDRESS, HOST_NAME);
kdc = new MiniKdc(kdcConf, baseDirForSecureRun);
kdc.start();
LOG.info("Started Mini KDC");
File keytabFile = new File(baseDirForSecureRun, "test-users.keytab");
testKeytab = keytabFile.getAbsolutePath();
testZkServerPrincipal = "zookeeper/" + HOST_NAME;
testZkClientPrincipal = "zk-client/" + HOST_NAME;
testKafkaServerPrincipal = "kafka/" + HOST_NAME;
hadoopServicePrincipal = "hadoop/" + HOST_NAME;
testPrincipal = "client/" + HOST_NAME;
String[] embeddedPrincipals = { testZkServerPrincipal, testZkClientPrincipal, testKafkaServerPrincipal, hadoopServicePrincipal, testPrincipal };
String[] principals = ArrayUtils.addAll(embeddedPrincipals, additionalPrincipals);
kdc.createPrincipal(keytabFile, principals);
testZkServerPrincipal = testZkServerPrincipal + "@" + kdc.getRealm();
testZkClientPrincipal = testZkClientPrincipal + "@" + kdc.getRealm();
testKafkaServerPrincipal = testKafkaServerPrincipal + "@" + kdc.getRealm();
hadoopServicePrincipal = hadoopServicePrincipal + "@" + kdc.getRealm();
testPrincipal = testPrincipal + "@" + kdc.getRealm();
LOG.info("-------------------------------------------------------------------");
LOG.info("Test Principal: {}", testPrincipal);
LOG.info("Test ZK Server Principal: {}", testZkServerPrincipal);
LOG.info("Test ZK Client Principal: {}", testZkClientPrincipal);
LOG.info("Test Kafka Server Principal: {}", testKafkaServerPrincipal);
LOG.info("Test Hadoop Service Principal: {}", hadoopServicePrincipal);
LOG.info("Test Keytab: {}", testKeytab);
LOG.info("-------------------------------------------------------------------");
// Security Context is established to allow non hadoop applications that requires JAAS
// based SASL/Kerberos authentication to work. However, for Hadoop specific applications
// the context can be reinitialized with Hadoop configuration by calling
// ctx.setHadoopConfiguration() for the UGI implementation to work properly.
// See Yarn test case module for reference
Configuration flinkConfig = GlobalConfiguration.loadConfiguration();
flinkConfig.setBoolean(SecurityOptions.ZOOKEEPER_SASL_DISABLE, false);
flinkConfig.setString(SecurityOptions.KERBEROS_LOGIN_KEYTAB, testKeytab);
flinkConfig.setBoolean(SecurityOptions.KERBEROS_LOGIN_USETICKETCACHE, false);
flinkConfig.setString(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL, testPrincipal);
flinkConfig.setString(SecurityOptions.KERBEROS_LOGIN_CONTEXTS, "Client,KafkaClient," + KerberosUtils.getDefaultKerberosInitAppEntryName());
SecurityConfiguration ctx = new SecurityConfiguration(flinkConfig);
TestingSecurityContext.install(ctx, getClientSecurityConfigurationMap());
populateJavaPropertyVariables();
} catch (Exception e) {
throw new RuntimeException("Exception occurred while preparing secure environment.", e);
}
}
Also used :
Configuration(org.apache.flink.configuration.Configuration)
SecurityConfiguration(org.apache.flink.runtime.security.SecurityConfiguration)
GlobalConfiguration(org.apache.flink.configuration.GlobalConfiguration)
MiniKdc(org.apache.hadoop.minikdc.MiniKdc)
SecurityConfiguration(org.apache.flink.runtime.security.SecurityConfiguration)
Properties(java.util.Properties)
File(java.io.File)
Aggregations
SecurityConfiguration (org.apache.flink.runtime.security.SecurityConfiguration)11
Configuration (org.apache.flink.configuration.Configuration)9
GlobalConfiguration (org.apache.flink.configuration.GlobalConfiguration)4
File (java.io.File)3
UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)3
Test (org.junit.Test)3
Paths (java.nio.file.Paths)2
HashMap (java.util.HashMap)2
List (java.util.List)2
Map (java.util.Map)2
Optional (java.util.Optional)2
SecurityOptions (org.apache.flink.configuration.SecurityOptions)2
SecurityUtils (org.apache.flink.runtime.security.SecurityUtils)2
HadoopModule (org.apache.flink.runtime.security.modules.HadoopModule)2
SecurityModule (org.apache.flink.runtime.security.modules.SecurityModule)2
TestLogger (org.apache.flink.util.TestLogger)2
YarnConfigOptions (org.apache.flink.yarn.configuration.YarnConfigOptions)2
Matchers.containsString (org.hamcrest.Matchers.containsString)2
Matchers.is (org.hamcrest.Matchers.is)2
Assert.assertThat (org.junit.Assert.assertThat)2
