Author: suresh
Date: Wed May 1 23:13:27 2013
New Revision: 1478229
URL: http://svn.apache.org/r1478229
Log:
HADOOP-9537. Merge change 1478228 from branch-1
Modified:
hadoop/common/branches/branch-1.2/CHANGES.txt
hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/security/UserGroupInformation.java
Modified: hadoop/common/branches/branch-1.2/CHANGES.txt
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.2/CHANGES.txt?rev=1478229&r1=1478228&r2=1478229&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.2/CHANGES.txt (original)
+++ hadoop/common/branches/branch-1.2/CHANGES.txt Wed May 1 23:13:27 2013
@@ -610,6 +610,9 @@ Release 1.2.0 - 2013.04.16
MAPREDUCE-5154. Ensure job delegation token renewal is cancelled after job
staging directory is deleted. (Sandy Ryza & Arun C. Murthy via acmurthy)
+ HADOOP-9537. Backport changes to add support running Hadoop client on AIX.
+ (Aaron T. Myers, backported by Arpit Agarwal via suresh)
+
Release 1.1.2 - 2013.01.30
INCOMPATIBLE CHANGES
Modified:
hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/security/UserGroupInformation.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/security/UserGroupInformation.java?rev=1478229&r1=1478228&r2=1478229&view=diff
==============================================================================
---
hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/security/UserGroupInformation.java
(original)
+++
hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/security/UserGroupInformation.java
Wed May 1 23:13:27 2013
@@ -253,20 +253,30 @@ public class UserGroupInformation {
private static String OS_LOGIN_MODULE_NAME;
private static Class<? extends Principal> OS_PRINCIPAL_CLASS;
+
private static final boolean windows =
System.getProperty("os.name").startsWith("Windows");
private static final boolean is64Bit =
System.getProperty("os.arch").contains("64");
+
+ private static final boolean ibmJava =
System.getProperty("java.vendor").contains("IBM");
+ private static final boolean aix =
System.getProperty("os.name").equals("AIX");
+
private static Thread renewerThread = null;
private static volatile boolean shouldRunRenewerThread = true;
/* Return the OS login module class name */
private static String getOSLoginModuleName() {
- if (System.getProperty("java.vendor").contains("IBM")) {
- return windows ? (is64Bit
- ? "com.ibm.security.auth.module.Win64LoginModule"
- : "com.ibm.security.auth.module.NTLoginModule")
- : "com.ibm.security.auth.module.LinuxLoginModule";
+ if (ibmJava) {
+ if (windows) {
+ return is64Bit ? "com.ibm.security.auth.module.Win64LoginModule"
+ : "com.ibm.security.auth.module.NTLoginModule";
+ } else if (aix) {
+ return is64Bit ? "com.ibm.security.auth.module.AIX64LoginModule"
+ : "com.ibm.security.auth.module.AIXLoginModule";
+ } else {
+ return "com.ibm.security.auth.module.LinuxLoginModule";
+ }
} else {
return windows ? "com.sun.security.auth.module.NTLoginModule"
: "com.sun.security.auth.module.UnixLoginModule";
@@ -278,21 +288,24 @@ public class UserGroupInformation {
private static Class<? extends Principal> getOsPrincipalClass() {
ClassLoader cl = ClassLoader.getSystemClassLoader();
try {
- if (System.getProperty("java.vendor").contains("IBM")) {
- if (windows) {
- return (Class<? extends Principal>) (is64Bit
- ? cl.loadClass("com.ibm.security.auth.UsernamePrincipal")
- : cl.loadClass("com.ibm.security.auth.NTUserPrincipal"));
+ String principalClass = null;
+ if (ibmJava) {
+ if (is64Bit) {
+ principalClass = "com.ibm.security.auth.UsernamePrincipal";
} else {
- return (Class<? extends Principal>) (is64Bit
- ? cl.loadClass("com.ibm.security.auth.UsernamePrincipal")
- : cl.loadClass("com.ibm.security.auth.LinuxPrincipal"));
+ if (windows) {
+ principalClass = "com.ibm.security.auth.NTUserPrincipal";
+ } else if (aix) {
+ principalClass = "com.ibm.security.auth.AIXPrincipal";
+ } else {
+ principalClass = "com.ibm.security.auth.LinuxPrincipal";
+ }
}
} else {
- return (Class<? extends Principal>) (windows
- ? cl.loadClass("com.sun.security.auth.NTUserPrincipal")
- : cl.loadClass("com.sun.security.auth.UnixPrincipal"));
+ principalClass = windows ? "com.sun.security.auth.NTUserPrincipal"
+ : "com.sun.security.auth.UnixPrincipal";
}
+ return (Class<? extends Principal>) cl.loadClass(principalClass);
} catch (ClassNotFoundException e) {
LOG.error("Unable to find JAAS classes:" + e.getMessage());
}
@@ -363,12 +376,21 @@ public class UserGroupInformation {
private static final Map<String,String> USER_KERBEROS_OPTIONS =
new HashMap<String,String>();
static {
- USER_KERBEROS_OPTIONS.put("doNotPrompt", "true");
- USER_KERBEROS_OPTIONS.put("useTicketCache", "true");
- USER_KERBEROS_OPTIONS.put("renewTGT", "true");
+ if (ibmJava) {
+ USER_KERBEROS_OPTIONS.put("useDefaultCcache", "true");
+ } else {
+ USER_KERBEROS_OPTIONS.put("doNotPrompt", "true");
+ USER_KERBEROS_OPTIONS.put("useTicketCache", "true");
+ USER_KERBEROS_OPTIONS.put("renewTGT", "true");
+ }
String ticketCache = System.getenv("KRB5CCNAME");
if (ticketCache != null) {
- USER_KERBEROS_OPTIONS.put("ticketCache", ticketCache);
+ if (ibmJava) {
+ // The first value searched when "useDefaultCcache" is used.
+ System.setProperty("KRB5CCNAME", ticketCache);
+ } else {
+ USER_KERBEROS_OPTIONS.put("ticketCache", ticketCache);
+ }
}
}
private static final AppConfigurationEntry USER_KERBEROS_LOGIN =
@@ -378,10 +400,14 @@ public class UserGroupInformation {
private static final Map<String,String> KEYTAB_KERBEROS_OPTIONS =
new HashMap<String,String>();
static {
- KEYTAB_KERBEROS_OPTIONS.put("doNotPrompt", "true");
- KEYTAB_KERBEROS_OPTIONS.put("useKeyTab", "true");
- KEYTAB_KERBEROS_OPTIONS.put("storeKey", "true");
- KEYTAB_KERBEROS_OPTIONS.put("refreshKrb5Config", "true");
+ if (ibmJava) {
+ KEYTAB_KERBEROS_OPTIONS.put("credsType", "both");
+ } else {
+ KEYTAB_KERBEROS_OPTIONS.put("doNotPrompt", "true");
+ KEYTAB_KERBEROS_OPTIONS.put("useKeyTab", "true");
+ KEYTAB_KERBEROS_OPTIONS.put("storeKey", "true");
+ KEYTAB_KERBEROS_OPTIONS.put("refreshKrb5Config", "true");
+ }
}
private static final AppConfigurationEntry KEYTAB_KERBEROS_LOGIN =
new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(),
@@ -405,7 +431,12 @@ public class UserGroupInformation {
} else if (USER_KERBEROS_CONFIG_NAME.equals(appName)) {
return USER_KERBEROS_CONF;
} else if (KEYTAB_KERBEROS_CONFIG_NAME.equals(appName)) {
- KEYTAB_KERBEROS_OPTIONS.put("keyTab", keytabFile);
+ if (ibmJava) {
+ KEYTAB_KERBEROS_OPTIONS.put("useKeytab",
+ prependFileAuthority(keytabFile));
+ } else {
+ KEYTAB_KERBEROS_OPTIONS.put("keyTab", keytabFile);
+ }
KEYTAB_KERBEROS_OPTIONS.put("principal", keytabPrincipal);
return KEYTAB_KERBEROS_CONF;
}
@@ -436,6 +467,11 @@ public class UserGroupInformation {
user.setLogin(login);
}
+ private static String prependFileAuthority(String keytabPath) {
+ return keytabPath.startsWith("file://") ? keytabPath
+ : "file://" + keytabPath;
+ }
+
/**
* Create a UserGroupInformation for the given subject.
* This does not change the subject or acquire new credentials.
@@ -515,6 +551,7 @@ public class UserGroupInformation {
}
loginUser.spawnAutoRenewalThreadForUserCreds();
} catch (LoginException le) {
+ LOG.debug("failure to login", le);
throw new IOException("failure to login", le);
}
if (LOG.isDebugEnabled()) {
