TestHadoopAccessorService.java release-log.txt

virag Mon, 07 Jan 2013 16:09:37 -0800

Author: virag
Date: Tue Jan  8 00:09:15 2013
New Revision: 1430099

URL: http://svn.apache.org/viewvc?rev=1430099&view=rev
Log:
OOZIE-1159 Set the RM token renewer as the full service principal instead of 
short name (rohini via virag)


Modified:
    
oozie/trunk/core/src/main/java/org/apache/oozie/service/HadoopAccessorService.java
    
oozie/trunk/core/src/test/java/org/apache/oozie/service/TestHadoopAccessorService.java
    oozie/trunk/release-log.txt

Modified: 
oozie/trunk/core/src/main/java/org/apache/oozie/service/HadoopAccessorService.java
URL: 
http://svn.apache.org/viewvc/oozie/trunk/core/src/main/java/org/apache/oozie/service/HadoopAccessorService.java?rev=1430099&r1=1430098&r2=1430099&view=diff
==============================================================================
--- 
oozie/trunk/core/src/main/java/org/apache/oozie/service/HadoopAccessorService.java
 (original)
+++ 
oozie/trunk/core/src/main/java/org/apache/oozie/service/HadoopAccessorService.java
 Tue Jan  8 00:09:15 2013
@@ -24,6 +24,8 @@ import org.apache.hadoop.fs.FileSystem;
 import org.apache.hadoop.fs.Path;
 import org.apache.hadoop.conf.Configuration;
 import 
org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier;
+import org.apache.hadoop.net.NetUtils;
+import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.filecache.DistributedCache;
 import org.apache.hadoop.security.token.Token;
@@ -72,6 +74,9 @@ public class HadoopAccessorService imple
     private static final String JT_PRINCIPAL = 
"mapreduce.jobtracker.kerberos.principal";
     /** The Kerberos principal for the resource manager.*/
     private static final String RM_PRINCIPAL = 
"yarn.resourcemanager.principal";
+    private static final String HADOOP_JOB_TRACKER = "mapred.job.tracker";
+    private static final String HADOOP_JOB_TRACKER_2 = 
"mapreduce.jobtracker.address";
+    private static final String HADOOP_YARN_RM = 
"yarn.resourcemanager.address";
     private static final Map<String, Text> mrTokenRenewers = new 
HashMap<String, Text>();
 
     private Set<String> jobTrackerWhitelist = new HashSet<String>();
@@ -456,7 +461,17 @@ public class HadoopAccessorService imple
         }
     }
 
-    public static Text getMRDelegationTokenRenewer(JobConf jobConf) {
+    public static Text getMRDelegationTokenRenewer(JobConf jobConf) throws 
IOException {
+        if (UserGroupInformation.isSecurityEnabled()) { // secure cluster
+            return getMRTokenRenewerInternal(jobConf);
+        }
+        else {
+            return MR_TOKEN_ALIAS; //Doesn't matter what we pass as renewer
+        }
+    }
+
+    // Package private for unit test purposes
+    static Text getMRTokenRenewerInternal(JobConf jobConf) throws IOException {
         // Getting renewer correctly for JT principal also though JT in hadoop 
1.x does not have
         // support for renewing/cancelling tokens
         String servicePrincipal = jobConf.get(RM_PRINCIPAL, 
jobConf.get(JT_PRINCIPAL));
@@ -464,9 +479,15 @@ public class HadoopAccessorService imple
         if (servicePrincipal != null) { // secure cluster
             renewer = mrTokenRenewers.get(servicePrincipal);
             if (renewer == null) {
-                // Remove host and domain
-                renewer = new Text(servicePrincipal.split("[/@]")[0]);
-                LOG.info("Delegation Token Renewer for " + servicePrincipal + 
" is " + renewer);
+                // Mimic org.apache.hadoop.mapred.Master.getMasterPrincipal()
+                String target = jobConf.get(HADOOP_YARN_RM, 
jobConf.get(HADOOP_JOB_TRACKER_2));
+                if (target == null) {
+                    target = jobConf.get(HADOOP_JOB_TRACKER);
+                }
+                String addr = NetUtils.createSocketAddr(target).getHostName();
+                renewer = new 
Text(SecurityUtil.getServerPrincipal(servicePrincipal, addr));
+                LOG.info("Delegation Token Renewer details: Principal=" + 
servicePrincipal + ",Target=" + target
+                        + ",Renewer=" + renewer);
                 mrTokenRenewers.put(servicePrincipal, renewer);
             }
         }

Modified: 
oozie/trunk/core/src/test/java/org/apache/oozie/service/TestHadoopAccessorService.java
URL: 
http://svn.apache.org/viewvc/oozie/trunk/core/src/test/java/org/apache/oozie/service/TestHadoopAccessorService.java?rev=1430099&r1=1430098&r2=1430099&view=diff
==============================================================================
--- 
oozie/trunk/core/src/test/java/org/apache/oozie/service/TestHadoopAccessorService.java
 (original)
+++ 
oozie/trunk/core/src/test/java/org/apache/oozie/service/TestHadoopAccessorService.java
 Tue Jan  8 00:09:15 2013
@@ -116,12 +116,21 @@ public class TestHadoopAccessorService e
 
     public void testGetMRDelegationTokenRenewer() throws Exception {
         JobConf jobConf = new JobConf();
-        assertEquals(new Text("oozie mr token"), 
HadoopAccessorService.getMRDelegationTokenRenewer(jobConf));
-        jobConf.set("mapreduce.jobtracker.kerberos.principal", 
"mapred/[email protected]");
-        assertEquals(new Text("mapred"), 
HadoopAccessorService.getMRDelegationTokenRenewer(jobConf));
+        assertEquals(new Text("oozie mr token"), 
HadoopAccessorService.getMRTokenRenewerInternal(jobConf));
+        jobConf.set("mapred.job.tracker", "localhost:50300");
+        jobConf.set("mapreduce.jobtracker.kerberos.principal", 
"mapred/[email protected]");
+        assertEquals(new Text("mapred/[email protected]"),
+                HadoopAccessorService.getMRTokenRenewerInternal(jobConf));
         jobConf = new JobConf();
-        jobConf.set("yarn.resourcemanager.principal", 
"rm/[email protected]");
-        assertEquals(new Text("rm"), 
HadoopAccessorService.getMRDelegationTokenRenewer(jobConf));
+        jobConf.set("mapreduce.jobtracker.address", "127.0.0.1:50300");
+        jobConf.set("mapreduce.jobtracker.kerberos.principal", 
"mapred/[email protected]");
+        assertEquals(new Text("mapred/[email protected]"),
+                HadoopAccessorService.getMRTokenRenewerInternal(jobConf));
+        jobConf = new JobConf();
+        jobConf.set("yarn.resourcemanager.address", "localhost:8032");
+        jobConf.set("yarn.resourcemanager.principal", 
"rm/[email protected]");
+        assertEquals(new Text("rm/[email protected]"),
+                HadoopAccessorService.getMRTokenRenewerInternal(jobConf));
     }
 
 }

Modified: oozie/trunk/release-log.txt
URL: 
http://svn.apache.org/viewvc/oozie/trunk/release-log.txt?rev=1430099&r1=1430098&r2=1430099&view=diff
==============================================================================
--- oozie/trunk/release-log.txt (original)
+++ oozie/trunk/release-log.txt Tue Jan  8 00:09:15 2013
@@ -69,6 +69,7 @@ OOZIE-944 Implement Workflow Generator U
 
 -- Oozie 3.3.1 (unreleased)
 
+OOZIE-1159 Set the RM token renewer as the full service principal instead of 
short name (rohini via virag)
 OOZIE-1151 HbaseCredentials doesn't use properties from the credentials module 
(virag)
 OOZIE-1148 Set the renewer correctly for JT/RM delegation tokens (rohini via 
virag)
 OOZIE-1147 HCatCredentialHelper uses the wrong API for getDelegationToken 
(rohini via virag)

svn commit: r1430099 - in /oozie/trunk: core/src/main/java/org/apache/oozie/service/HadoopAccessorService.java core/src/test/java/org/apache/oozie/service/TestHadoopAccessorService.java release-log.txt

Reply via email to