git commit: OZIE-1593 Oozie HCatCredential provider needs to include hadoop rpc protection to work with encrypted secure clusters (bzhang)

bzhang Fri, 28 Mar 2014 10:13:33 -0700

Repository: oozie
Updated Branches:
  refs/heads/master 3de3c523d -> 51fcc831f



OZIE-1593 Oozie HCatCredential provider needs to include hadoop rpc protection 
to work with encrypted secure clusters (bzhang)


Project: http://git-wip-us.apache.org/repos/asf/oozie/repo
Commit: http://git-wip-us.apache.org/repos/asf/oozie/commit/51fcc831
Tree: http://git-wip-us.apache.org/repos/asf/oozie/tree/51fcc831
Diff: http://git-wip-us.apache.org/repos/asf/oozie/diff/51fcc831

Branch: refs/heads/master
Commit: 51fcc831f3fffe8c0fdabc8868631ac50ff47f71
Parents: 3de3c52
Author: Bowen Zhang <[email protected]>
Authored: Fri Mar 28 09:49:03 2014 -0700
Committer: Bowen Zhang <[email protected]>
Committed: Fri Mar 28 09:49:03 2014 -0700

----------------------------------------------------------------------
 .../oozie/action/hadoop/HCatCredentialHelper.java    | 15 +++++++++++++--
 release-log.txt                                      |  1 +
 2 files changed, 14 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/oozie/blob/51fcc831/core/src/main/java/org/apache/oozie/action/hadoop/HCatCredentialHelper.java
----------------------------------------------------------------------
diff --git 
a/core/src/main/java/org/apache/oozie/action/hadoop/HCatCredentialHelper.java 
b/core/src/main/java/org/apache/oozie/action/hadoop/HCatCredentialHelper.java
index 8307e64..0f0ac20 100644
--- 
a/core/src/main/java/org/apache/oozie/action/hadoop/HCatCredentialHelper.java
+++ 
b/core/src/main/java/org/apache/oozie/action/hadoop/HCatCredentialHelper.java
@@ -25,6 +25,7 @@ import org.apache.hadoop.mapred.JobConf;
 import 
org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.token.Token;
+import org.apache.hadoop.security.SaslRpcServer;
 import org.apache.oozie.util.XLog;
 
 /**
@@ -39,6 +40,7 @@ public class HCatCredentialHelper {
     private static final String HIVE_METASTORE_SASL_ENABLED = 
"hive.metastore.sasl.enabled";
     private static final String HIVE_METASTORE_KERBEROS_PRINCIPAL = 
"hive.metastore.kerberos.principal";
     private static final String HIVE_METASTORE_LOCAL = "hive.metastore.local";
+    private static final String HADOOP_RPC_PROTECTION = 
"hadoop.rpc.protection";
 
     /**
      * This Function will set the HCat token to jobconf
@@ -49,7 +51,8 @@ public class HCatCredentialHelper {
      */
     public void set(JobConf launcherJobConf, String principal, String server) 
throws Exception {
         try {
-            HiveMetaStoreClient client = getHCatClient(principal, server);
+            HiveMetaStoreClient client = getHCatClient
+                (launcherJobConf, principal, server);
             XLog.getLog(getClass()).debug(
                     "HCatCredentialHelper: set: User name for which token will 
be asked from HCat: "
                             + launcherJobConf.get(USER_NAME));
@@ -68,12 +71,14 @@ public class HCatCredentialHelper {
 
     /**
      * Getting the HCat client.
+     * @param jobConf
      * @param principal
      * @param server
      * @return HiveMetaStoreClient
      * @throws MetaException
      */
-    public HiveMetaStoreClient getHCatClient(String principal, String server) 
throws MetaException {
+    public HiveMetaStoreClient getHCatClient(JobConf launcherJobConf,
+        String principal, String server) throws MetaException {
         HiveConf hiveConf = null;
         HiveMetaStoreClient hiveclient = null;
         hiveConf = new HiveConf();
@@ -84,6 +89,12 @@ public class HCatCredentialHelper {
         hiveConf.set(HIVE_METASTORE_KERBEROS_PRINCIPAL, principal);
         hiveConf.set(HIVE_METASTORE_LOCAL, "false");
         hiveConf.set(HiveConf.ConfVars.METASTOREURIS.varname, server);
+        String protection = launcherJobConf.get(HADOOP_RPC_PROTECTION,
+           SaslRpcServer.QualityOfProtection.AUTHENTICATION.name()
+              .toLowerCase());
+        XLog.getLog(getClass()).debug("getHCatClient, setting rpc protection 
to " + protection);
+        hiveConf.set(HADOOP_RPC_PROTECTION, protection);
+
         hiveclient = new HiveMetaStoreClient(hiveConf);
         return hiveclient;
     }

http://git-wip-us.apache.org/repos/asf/oozie/blob/51fcc831/release-log.txt
----------------------------------------------------------------------
diff --git a/release-log.txt b/release-log.txt
index db6017a..fb7d31d 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -1,5 +1,6 @@
 -- Oozie 4.1.0 release (trunk - unreleased)
 
+OOZIE-1593 Oozie HCatCredential provider needs to include hadoop rpc 
protection to work with encrypted secure clusters (bzhang)
 OOZIE-1735 Support resuming of failed coordinator job and rerun of a failed 
coordinator action (puru via rohini)
 OOZIE-1746 New API to fetch workflows corresponding to coordinator action 
reruns (mona)
 OOZIE-1713 Avoid creating dummy input file for each launcher job (puru via 
rohini)

git commit: OZIE-1593 Oozie HCatCredential provider needs to include hadoop rpc protection to work with encrypted secure clusters (bzhang)

Reply via email to