[
https://issues.apache.org/jira/browse/OOZIE-1871?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14025930#comment-14025930
]
Robert Kanter commented on OOZIE-1871:
--------------------------------------
It looks like current Hadoop 2's don't actually require us to propagate the
delegation token. The UserGroupInformation automatically loads the tokens from
the environment variable. For example, I put this code in a Java action with
the HCat Credentials:
{code:java}
Collection<Token<? extends TokenIdentifier>> tokens =
UserGroupInformation.getCurrentUser().getTokens();
System.out.println("AAA current user = " +
UserGroupInformation.getCurrentUser());
System.out.println("num tokens = " + tokens.size());
for (Token token : tokens) {
System.out.println("\t " + token.getKind().toString());
}
{code}
And it printed out:
{noformat}
AAA current user = systest (auth:SIMPLE)
num tokens = 5
mapreduce.job
MR_DELEGATION_TOKEN
HDFS_DELEGATION_TOKEN
HIVE_DELEGATION_TOKEN
RM_DELEGATION_TOKEN
{noformat}
So all the tokens were loaded automatically. (The Java action doesn't do
anything with the tokens out-of-the-box, so they weren't propagated like we do
in the other actions)
I'm not sure, but I think HADOOP-10164 added this, which was in Hadoop 2.3.0.
However, we still have to propagate the token to support older versions of
Hadoop.
> Investigate if we can propagate the delegation token to the action conf from
> the Oozie server instead of action
> ---------------------------------------------------------------------------------------------------------------
>
> Key: OOZIE-1871
> URL: https://issues.apache.org/jira/browse/OOZIE-1871
> Project: Oozie
> Issue Type: Improvement
> Components: security
> Affects Versions: trunk
> Reporter: Robert Kanter
> Assignee: Robert Kanter
>
> Currently, Oozie prepares a configuration for the action to use when
> launching MR jobs. Oozie also provides an environment variable with the
> location of the tokens file. It is up to the action's Main to:
> # Load the Configuration
> # Get the location of the Token file
> # Propagate the token file to the loaded Configuration
> # Pass the Configuration to the CLI/MR Job/etc
> This isn't too much of a problem for most actions because we handle this for
> the user, but for the Java action, it's 4 not-obvious steps. We should
> investigate if we can make this one step by having the Configuration prepared
> by the Oozie server already have the token file propagated to it; then
> actions would have 2 steps:
> # Load the Configuration
> # Pass the Configuration to the CLI/MR Job/etc
> And the tokens would be handled automatically.
> We'd still have to provide the environment variable for backwards
> compatibility and flexibility reasons though.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
