Repository: hadoop Updated Branches: refs/heads/branch-2 babe025fb -> c664062fb
HADOOP-12559. KMS connection failures should trigger TGT renewal. Contributed by Zhe Zhang. (cherry picked from commit 993311e547e6dd7757025d5ffc285019bd4fc1f6) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/c664062f Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/c664062f Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/c664062f Branch: refs/heads/branch-2 Commit: c664062fb32ad46bc3cbce76f8eb121059dbf4d1 Parents: babe025 Author: Xiaoyu Yao <x...@apache.org> Authored: Mon Dec 28 10:41:26 2015 -0800 Committer: Xiaoyu Yao <x...@apache.org> Committed: Mon Dec 28 10:42:15 2015 -0800 ---------------------------------------------------------------------- hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++ .../java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java | 2 ++ 2 files changed, 5 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/c664062f/hadoop-common-project/hadoop-common/CHANGES.txt ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 45d3f2c..6a3e711 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -905,6 +905,9 @@ Release 2.8.0 - UNRELEASED HADOOP-12681. start-build-env.sh fails in branch-2. (Kengo Seki via aajisaka) + HADOOP-12559. KMS connection failures should trigger TGT renewal. + (Zhe Zhang via xyao) + Release 2.7.3 - UNRELEASED INCOMPATIBLE CHANGES http://git-wip-us.apache.org/repos/asf/hadoop/blob/c664062f/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java index 4698a83..b113cec 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java @@ -474,6 +474,8 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension, UserGroupInformation.AuthenticationMethod.PROXY) ? currentUgi.getShortUserName() : null; + // check and renew TGT to handle potential expiration + actualUgi.checkTGTAndReloginFromKeytab(); // creating the HTTP connection using the current UGI at constructor time conn = actualUgi.doAs(new PrivilegedExceptionAction<HttpURLConnection>() { @Override