(doris) branch branch-2.1 updated: [fix](kerberos)enable hadoop auto renew tgt (#34439)

Mon, 06 May 2024 09:36:44 -0700 

This is an automated email from the ASF dual-hosted git repository.

yiguolei pushed a commit to branch branch-2.1
in repository https://gitbox.apache.org/repos/asf/doris.git


The following commit(s) were added to refs/heads/branch-2.1 by this push:
     new 2d4da7d177c [fix](kerberos)enable hadoop auto renew tgt (#34439)
2d4da7d177c is described below

commit 2d4da7d177c15d022e9a616c36161d5ef9bbaf4c
Author: slothever <[email protected]>
AuthorDate: Tue May 7 00:35:19 2024 +0800

    [fix](kerberos)enable hadoop auto renew tgt (#34439)
---
 .../common/security/authentication/AuthenticationConfig.java     | 5 ++---
 .../apache/doris/common/security/authentication/HadoopUGI.java   | 8 +++++++-
 fe/fe-core/src/main/java/org/apache/doris/catalog/HiveTable.java | 9 +++++----
 3 files changed, 14 insertions(+), 8 deletions(-)

diff --git 
a/fe/fe-common/src/main/java/org/apache/doris/common/security/authentication/AuthenticationConfig.java
 
b/fe/fe-common/src/main/java/org/apache/doris/common/security/authentication/AuthenticationConfig.java
index 315cb901e2b..32a27b2263a 100644
--- 
a/fe/fe-common/src/main/java/org/apache/doris/common/security/authentication/AuthenticationConfig.java
+++ 
b/fe/fe-common/src/main/java/org/apache/doris/common/security/authentication/AuthenticationConfig.java
@@ -18,12 +18,11 @@
 package org.apache.doris.common.security.authentication;
 
 import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
 
 public abstract class AuthenticationConfig {
     public static String HADOOP_USER_NAME = "hadoop.username";
-    public static String HADOOP_SECURITY_AUTHENTICATION = 
"hadoop.security.authentication";
     public static String HADOOP_KERBEROS_PRINCIPAL = 
"hadoop.kerberos.principal";
-    public static String HADOOP_KERBEROS_AUTHORIZATION = 
"hadoop.security.authorization";
     public static String HADOOP_KERBEROS_KEYTAB = "hadoop.kerberos.keytab";
     public static String HIVE_KERBEROS_PRINCIPAL = 
"hive.metastore.kerberos.principal";
     public static String HIVE_KERBEROS_KEYTAB = 
"hive.metastore.kerberos.keytab.file";
@@ -52,7 +51,7 @@ public abstract class AuthenticationConfig {
     public static AuthenticationConfig getKerberosConfig(Configuration conf,
                                                          String 
krbPrincipalKey,
                                                          String krbKeytabKey) {
-        String authentication = conf.get(HADOOP_SECURITY_AUTHENTICATION, null);
+        String authentication = 
conf.get(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, null);
         if (AuthType.KERBEROS.getDesc().equals(authentication)) {
             KerberosAuthenticationConfig krbConfig = new 
KerberosAuthenticationConfig();
             krbConfig.setKerberosPrincipal(conf.get(krbPrincipalKey));
diff --git 
a/fe/fe-common/src/main/java/org/apache/doris/common/security/authentication/HadoopUGI.java
 
b/fe/fe-common/src/main/java/org/apache/doris/common/security/authentication/HadoopUGI.java
index 3cd419ff706..43c19fb1a3f 100644
--- 
a/fe/fe-common/src/main/java/org/apache/doris/common/security/authentication/HadoopUGI.java
+++ 
b/fe/fe-common/src/main/java/org/apache/doris/common/security/authentication/HadoopUGI.java
@@ -19,6 +19,7 @@ package org.apache.doris.common.security.authentication;
 
 import org.apache.commons.lang3.StringUtils;
 import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@@ -42,7 +43,8 @@ public class HadoopUGI {
         if (config instanceof KerberosAuthenticationConfig) {
             KerberosAuthenticationConfig krbConfig = 
(KerberosAuthenticationConfig) config;
             Configuration hadoopConf = krbConfig.getConf();
-            hadoopConf.set(AuthenticationConfig.HADOOP_KERBEROS_AUTHORIZATION, 
"true");
+            
hadoopConf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION, 
"true");
+            
hadoopConf.set(CommonConfigurationKeysPublic.HADOOP_KERBEROS_KEYTAB_LOGIN_AUTORENEWAL_ENABLED,
 "true");
             UserGroupInformation.setConfiguration(hadoopConf);
             String principal = krbConfig.getKerberosPrincipal();
             try {
@@ -88,6 +90,10 @@ public class HadoopUGI {
         if (config instanceof KerberosAuthenticationConfig) {
             KerberosAuthenticationConfig krbConfig = 
(KerberosAuthenticationConfig) config;
             try {
+                Configuration hadoopConf = krbConfig.getConf();
+                
hadoopConf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION, 
"true");
+                
hadoopConf.set(CommonConfigurationKeysPublic.HADOOP_KERBEROS_KEYTAB_LOGIN_AUTORENEWAL_ENABLED,
 "true");
+                UserGroupInformation.setConfiguration(hadoopConf);
                 /**
                  * Because metastore client is created by using
                  * {@link 
org.apache.hadoop.hive.metastore.RetryingMetaStoreClient#getProxy}
diff --git a/fe/fe-core/src/main/java/org/apache/doris/catalog/HiveTable.java 
b/fe/fe-core/src/main/java/org/apache/doris/catalog/HiveTable.java
index 385b79d493e..d1cf421aa86 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/catalog/HiveTable.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/catalog/HiveTable.java
@@ -29,6 +29,7 @@ import org.apache.doris.thrift.TTableType;
 
 import com.google.common.base.Strings;
 import com.google.common.collect.Maps;
+import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
 
 import java.io.DataInput;
 import java.io.DataOutput;
@@ -116,16 +117,16 @@ public class HiveTable extends Table {
         }
 
         // check auth type
-        String authType = 
copiedProps.get(AuthenticationConfig.HADOOP_SECURITY_AUTHENTICATION);
+        String authType = 
copiedProps.get(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION);
         if (Strings.isNullOrEmpty(authType)) {
             authType = AuthType.SIMPLE.getDesc();
         }
         if (!AuthType.isSupportedAuthType(authType)) {
             throw new DdlException(String.format(PROPERTY_ERROR_MSG,
-                    AuthenticationConfig.HADOOP_SECURITY_AUTHENTICATION, 
authType));
+                CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, 
authType));
         }
-        
copiedProps.remove(AuthenticationConfig.HADOOP_SECURITY_AUTHENTICATION);
-        
hiveProperties.put(AuthenticationConfig.HADOOP_SECURITY_AUTHENTICATION, 
authType);
+        
copiedProps.remove(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION);
+        
hiveProperties.put(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION,
 authType);
 
         if (AuthType.KERBEROS.getDesc().equals(authType)) {
             // check principal


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to