[
https://issues.apache.org/jira/browse/OOZIE-2697?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Peter Bacsko updated OOZIE-2697:
--------------------------------
Summary: OYA: Implement proper UGI calls in LauncherAM for
secure/non-secure clusters (was: Implement proper UGI calls in LauncherAM for
secure/non-secure clusters)
> OYA: Implement proper UGI calls in LauncherAM for secure/non-secure clusters
> ----------------------------------------------------------------------------
>
> Key: OOZIE-2697
> URL: https://issues.apache.org/jira/browse/OOZIE-2697
> Project: Oozie
> Issue Type: Sub-task
> Reporter: Peter Bacsko
> Assignee: Peter Bacsko
>
> We need to implement proper method calls on {{UserGroupInformation}} that
> works on secure and non-secure clusters as well.
> Invoking {{UserGroupInformation.doAs()}} is crucial to avoid authentication
> problems with HDFS and other parts of Hadoop.
> What's not trivial is how to get an instance of UGI. The current solution is
> the following and it works, but might not be the best:
> {code}
> // Note: submitterUser is passed with -D to LauncherAM as a JVM
> system property.
> if
> (UserGroupInformation.getLoginUser().getShortUserName().equals(submitterUser))
> {
> System.out.println("Using login user for UGI");
> ugi = UserGroupInformation.getLoginUser();
> } else {
> ugi = UserGroupInformation.createRemoteUser(submitterUser);
>
> ugi.addCredentials(UserGroupInformation.getLoginUser().getCredentials());
> }
> {code}
> I tried to invoke only {{createRemoteUser()}} in different ways, but in a
> Kerberized cluster, it didn't work. We have to evaluate this approach.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
