[
https://issues.apache.org/jira/browse/HADOOP-13956?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15830632#comment-15830632
]
John Zhuge commented on HADOOP-13956:
-------------------------------------
Deployed patch 006 to a 4-node cluster, and set up JCE keystore on HDFS.
Everything works well.
core-site.xml must has these configured:
{code}
<property>
<name>hadoop.security.credential.provider.path</name>
<value>jceks://hdfs/cdep/keystores/creds.jceks</value>
</property>
<property>
<name>dfs.adls.oauth2.access.token.provider.type</name>
<value>ClientCredential</value>
<property>
{code}
Run these commands to populate the keystore:
{code}
hadoop credential create dfs.adls.oauth2.client.id -value '123'
hadoop credential create dfs.adls.oauth2.credential -value '456'
hadoop credential create dfs.adls.oauth2.refresh.url -value '789'
{code}
Unfortunately {{dfs.adls.oauth2.access.token.provider.type}} can not be easily
put into the keystore because {{Configuration#getEnum}} is used to get this
property. Anyway it is not really a secret.
> Read ADLS credentials from Credential Provider
> ----------------------------------------------
>
> Key: HADOOP-13956
> URL: https://issues.apache.org/jira/browse/HADOOP-13956
> Project: Hadoop Common
> Issue Type: Improvement
> Components: fs/adl
> Affects Versions: 3.0.0-alpha2
> Reporter: John Zhuge
> Assignee: John Zhuge
> Priority: Critical
> Attachments: HADOOP-13956.001.patch, HADOOP-13956.002.patch,
> HADOOP-13956.003.patch, HADOOP-13956.004.patch, HADOOP-13956.005.patch,
> HADOOP-13956.006.patch
>
>
> Read ADLS credentials using Hadoop CredentialProvider API. See
> https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/CredentialProviderAPI.html.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
