ChenSammi commented on code in PR #7316:
URL: https://github.com/apache/ozone/pull/7316#discussion_r1821986193
##########
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/multitenant/RangerClientMultiTenantAccessController.java:
##########
@@ -130,9 +130,15 @@ public
RangerClientMultiTenantAccessController(OzoneConfiguration conf)
LOG.info("authType = {}, login user = {}", authType, usernameOrPrincipal);
- client = new RangerClient(rangerHttpsAddress,
- authType, usernameOrPrincipal, passwordOrKeytab,
- rangerServiceName, OzoneConsts.OZONE);
+ UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
+ try {
+ client = new RangerClient(rangerHttpsAddress,
+ authType, usernameOrPrincipal, passwordOrKeytab,
+ rangerServiceName, OzoneConsts.OZONE);
+ } finally {
+ // set back the expected login user
+ UserGroupInformation.setLoginUser(loginUser);
+ }
Review Comment:
There is a "RangerTagRefresher" thread which will periodically do kerberos
relogin before ticket expiry. It doesn't call setLoginUser(). So OM will not
stuck again.
Actually I checked two different Ranger versions, in one version
setLoginUser is not called during RangerClient(). I'm curious for what purpose
this setLoginUser is introduced.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
