Examples with Credentials - org.apache.hadoop.security.Credentials

Example 96 with Credentials

use of org.apache.hadoop.security.Credentials in project weave by continuuity.

the class AbstractWeaveService method handleSecureStoreUpdate.

/**
   * Attempts to handle secure store update.
   *
   * @param message The message received
   * @return {@code true} if the message requests for secure store update, {@code false} otherwise.
   */
protected final boolean handleSecureStoreUpdate(Message message) {
    if (!SystemMessages.SECURE_STORE_UPDATED.equals(message)) {
        return false;
    }
    // If not in secure mode, simply ignore the message.
    if (!UserGroupInformation.isSecurityEnabled()) {
        return true;
    }
    try {
        Credentials credentials = new Credentials();
        Location location = getSecureStoreLocation();
        DataInputStream input = new DataInputStream(new BufferedInputStream(location.getInputStream()));
        try {
            credentials.readTokenStorageStream(input);
        } finally {
            input.close();
        }
        UserGroupInformation.getCurrentUser().addCredentials(credentials);
        this.credentials = credentials;
        LOG.info("Secure store updated from {}.", location.toURI());
    } catch (Throwable t) {
        LOG.error("Failed to update secure store.", t);
    }
    return true;
}

Also used : BufferedInputStream(java.io.BufferedInputStream) DataInputStream(java.io.DataInputStream) Credentials(org.apache.hadoop.security.Credentials) Location(com.continuuity.weave.filesystem.Location)

Example 97 with Credentials

use of org.apache.hadoop.security.Credentials in project weave by continuuity.

the class YarnWeavePreparer method createCredentials.

private Credentials createCredentials() {
    Credentials credentials = new Credentials();
    try {
        credentials.addAll(UserGroupInformation.getCurrentUser().getCredentials());
        List<Token<?>> tokens = YarnUtils.addDelegationTokens(yarnConfig, locationFactory, credentials);
        for (Token<?> token : tokens) {
            LOG.debug("Delegation token acquired for {}, {}", locationFactory.getHomeLocation().toURI(), token);
        }
    } catch (IOException e) {
        LOG.warn("Failed to check for secure login type. Not gathering any delegation token.", e);
    }
    return credentials;
}

Also used : TypeToken(com.google.common.reflect.TypeToken) Token(org.apache.hadoop.security.token.Token) IOException(java.io.IOException) Credentials(org.apache.hadoop.security.Credentials)

Example 98 with Credentials

use of org.apache.hadoop.security.Credentials in project weave by continuuity.

the class YarnWeaveRunnerService method updateSecureStores.

private void updateSecureStores(Table<String, RunId, SecureStore> secureStores) {
    for (Table.Cell<String, RunId, SecureStore> cell : secureStores.cellSet()) {
        Object store = cell.getValue().getStore();
        if (!(store instanceof Credentials)) {
            LOG.warn("Only Hadoop Credentials is supported. Ignore update for {}.", cell);
            continue;
        }
        Credentials credentials = (Credentials) store;
        if (credentials.getAllTokens().isEmpty()) {
            // Nothing to update.
            continue;
        }
        try {
            updateCredentials(cell.getRowKey(), cell.getColumnKey(), credentials);
            synchronized (YarnWeaveRunnerService.this) {
                // Notify the application for secure store updates if it is still running.
                YarnWeaveController controller = controllers.get(cell.getRowKey(), cell.getColumnKey());
                if (controller != null) {
                    controller.secureStoreUpdated();
                }
            }
        } catch (Throwable t) {
            LOG.warn("Failed to update secure store for {}.", cell, t);
        }
    }
}

Also used : HashBasedTable(com.google.common.collect.HashBasedTable) ImmutableTable(com.google.common.collect.ImmutableTable) Table(com.google.common.collect.Table) JsonObject(com.google.gson.JsonObject) RunId(com.continuuity.weave.api.RunId) SecureStore(com.continuuity.weave.api.SecureStore) Credentials(org.apache.hadoop.security.Credentials)

Example 99 with Credentials

use of org.apache.hadoop.security.Credentials in project kitten by cloudera.

the class YarnClientServiceImpl method startUp.

@Override
protected void startUp() throws IOException {
    ByteBuffer serializedTokens = null;
    if (UserGroupInformation.isSecurityEnabled()) {
        Configuration conf = this.yarnClientFactory.getConfig();
        FileSystem fs = FileSystem.get(conf);
        Credentials credentials = new Credentials();
        String tokenRenewer = this.yarnClientFactory.getConfig().get(YarnConfiguration.RM_PRINCIPAL);
        if (tokenRenewer == null || tokenRenewer.length() == 0) {
            throw new IOException("Can't get Master Kerberos principal for the RM to use as renewer");
        }
        // For now, only getting tokens for the default file-system.
        final Token<?>[] tokens = fs.addDelegationTokens(tokenRenewer, credentials);
        if (tokens != null) {
            for (Token<?> token : tokens) {
                LOG.info("Got delegation token for " + fs.getUri() + "; " + token);
            }
        }
        DataOutputBuffer dob = new DataOutputBuffer();
        credentials.writeTokenStorageToStream(dob);
        serializedTokens = ByteBuffer.wrap(dob.getData(), 0, dob.getLength());
    }
    this.yarnClient = yarnClientFactory.connect();
    YarnClientApplication clientApp = getNewApplication();
    GetNewApplicationResponse newApp = clientApp.getNewApplicationResponse();
    ContainerLaunchContextFactory clcFactory = new ContainerLaunchContextFactory(newApp.getMaximumResourceCapability(), serializedTokens);
    ApplicationSubmissionContext appContext = clientApp.getApplicationSubmissionContext();
    this.applicationId = appContext.getApplicationId();
    appContext.setApplicationName(parameters.getApplicationName());
    // Setup the container for the application master.
    ContainerLaunchParameters appMasterParams = parameters.getApplicationMasterParameters(applicationId);
    ContainerLaunchContext clc = clcFactory.create(appMasterParams);
    LOG.debug("Master context: " + clc);
    appContext.setResource(clcFactory.createResource(appMasterParams));
    appContext.setQueue(parameters.getQueue());
    appContext.setPriority(clcFactory.createPriority(appMasterParams.getPriority()));
    appContext.setAMContainerSpec(clc);
    submitApplication(appContext);
    // Make sure we stop the application in the case that it isn't done already.
    Runtime.getRuntime().addShutdownHook(new Thread() {

        @Override
        public void run() {
            if (YarnClientServiceImpl.this.isRunning()) {
                YarnClientServiceImpl.this.stop();
            }
        }
    });
    stopwatch.start();
}

Also used : GetNewApplicationResponse(org.apache.hadoop.yarn.api.protocolrecords.GetNewApplicationResponse) YarnConfiguration(org.apache.hadoop.yarn.conf.YarnConfiguration) Configuration(org.apache.hadoop.conf.Configuration) YarnClientApplication(org.apache.hadoop.yarn.client.api.YarnClientApplication) ContainerLaunchParameters(com.cloudera.kitten.ContainerLaunchParameters) Token(org.apache.hadoop.security.token.Token) IOException(java.io.IOException) ContainerLaunchContext(org.apache.hadoop.yarn.api.records.ContainerLaunchContext) ByteBuffer(java.nio.ByteBuffer) FileSystem(org.apache.hadoop.fs.FileSystem) DataOutputBuffer(org.apache.hadoop.io.DataOutputBuffer) ApplicationSubmissionContext(org.apache.hadoop.yarn.api.records.ApplicationSubmissionContext) ContainerLaunchContextFactory(com.cloudera.kitten.ContainerLaunchContextFactory) Credentials(org.apache.hadoop.security.Credentials)

Example 100 with Credentials

use of org.apache.hadoop.security.Credentials in project SpyGlass by ParallelAI.

the class HBaseTap method obtainToken.

private void obtainToken(JobConf conf) {
    if (User.isHBaseSecurityEnabled(conf)) {
        String user = conf.getUser();
        LOG.info("obtaining HBase token for: {}", user);
        try {
            UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
            user = currentUser.getUserName();
            Credentials credentials = conf.getCredentials();
            for (Token t : currentUser.getTokens()) {
                LOG.debug("Token {} is available", t);
                if ("HBASE_AUTH_TOKEN".equalsIgnoreCase(t.getKind().toString()))
                    credentials.addToken(t.getKind(), t);
            }
        } catch (IOException e) {
            throw new TapException("Unable to obtain HBase auth token for " + user, e);
        }
    }
}

Also used : TapException(cascading.tap.TapException) Token(org.apache.hadoop.security.token.Token) IOException(java.io.IOException) Credentials(org.apache.hadoop.security.Credentials) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Aggregations

Credentials (org.apache.hadoop.security.Credentials)232 Test (org.junit.Test)104 Token (org.apache.hadoop.security.token.Token)75 Text (org.apache.hadoop.io.Text)63 IOException (java.io.IOException)60 Path (org.apache.hadoop.fs.Path)48 ApplicationId (org.apache.hadoop.yarn.api.records.ApplicationId)47 ByteBuffer (java.nio.ByteBuffer)41 Configuration (org.apache.hadoop.conf.Configuration)41 DataOutputBuffer (org.apache.hadoop.io.DataOutputBuffer)36 HashMap (java.util.HashMap)33 InetSocketAddress (java.net.InetSocketAddress)30 ContainerId (org.apache.hadoop.yarn.api.records.ContainerId)28 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)27 YarnConfiguration (org.apache.hadoop.yarn.conf.YarnConfiguration)27 File (java.io.File)25 ApplicationAttemptId (org.apache.hadoop.yarn.api.records.ApplicationAttemptId)24 ContainerLaunchContext (org.apache.hadoop.yarn.api.records.ContainerLaunchContext)22 JobConf (org.apache.hadoop.mapred.JobConf)20 RMApp (org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp)19