incubator-omid git commit: [OMID-67] Avoid Kerberos logging multiple times
Repository: incubator-omid Updated Branches: refs/heads/master 940c41ff2 -> 1afeb7dc5 [OMID-67] Avoid Kerberos logging multiple times It may cause race conditions when done multiple times from the same JVM. The Kerberos ticket is not properly renewed when this happens. This closes #14 Change-Id: I07599f54bc9bead90a87d30a2f6b033de64b6470 Project: http://git-wip-us.apache.org/repos/asf/incubator-omid/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-omid/commit/1afeb7dc Tree: http://git-wip-us.apache.org/repos/asf/incubator-omid/tree/1afeb7dc Diff: http://git-wip-us.apache.org/repos/asf/incubator-omid/diff/1afeb7dc Branch: refs/heads/master Commit: 1afeb7dc58b82d504242db2954ac79238f8c4435 Parents: 940c41f Author: Francisco Perez-Sorrosal Authored: Thu May 11 12:00:21 2017 -0700 Committer: Ohad Shacham Committed: Sun Jun 10 12:01:12 2018 +0300 -- .../org/apache/omid/tools/hbase/HBaseLogin.java | 25 1 file changed, 21 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-omid/blob/1afeb7dc/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java -- diff --git a/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java b/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java index 0994748..92b4904 100644 --- a/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java +++ b/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java @@ -21,18 +21,35 @@ import org.apache.hadoop.security.UserGroupInformation; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.annotation.Nullable; import java.io.IOException; public final class HBaseLogin { private static final Logger LOG = LoggerFactory.getLogger(HBaseLogin.class); +private static volatile UserGroupInformation ugi; + +@Nullable public static UserGroupInformation loginIfNeeded(SecureHBaseConfig config) throws IOException { + if (UserGroupInformation.isSecurityEnabled()) { -LOG.info("Security is enabled, logging in with principal={}, keytab={}", -config.getPrincipal(), config.getKeytab()); -UserGroupInformation.loginUserFromKeytab(config.getPrincipal(), config.getKeytab()); +LOG.info("Security enabled when connecting to HBase"); +if (ugi == null) { // Use lazy initialization with double-checked locking +synchronized (HBaseLogin.class) { +if (ugi == null) { +LOG.info("Login with Kerberos. User={}, keytab={}", config.getPrincipal(), config.getKeytab()); + UserGroupInformation.loginUserFromKeytab(config.getPrincipal(), config.getKeytab()); +ugi = UserGroupInformation.getCurrentUser(); +} +} +} else { +LOG.info("User {}, already trusted (Kerberos). Avoiding 2nd login as it causes problems", ugi.toString()); +} +} else { +LOG.warn("Security NOT enabled when connecting to HBase. Act at your own risk. NULL UGI returned"); } -return UserGroupInformation.getCurrentUser(); +return ugi; } + }
[3/8] incubator-omid git commit: [OMID-67] Avoid Kerberos logging multiple times
[OMID-67] Avoid Kerberos logging multiple times It may cause race conditions when done multiple times from the same JVM. The Kerberos ticket is not properly renewed when this happens. This closes #14 Change-Id: I07599f54bc9bead90a87d30a2f6b033de64b6470 Project: http://git-wip-us.apache.org/repos/asf/incubator-omid/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-omid/commit/97579d66 Tree: http://git-wip-us.apache.org/repos/asf/incubator-omid/tree/97579d66 Diff: http://git-wip-us.apache.org/repos/asf/incubator-omid/diff/97579d66 Branch: refs/heads/0.9.0 Commit: 97579d66a3f1f62eebca054495937f4f6f2666c2 Parents: 9f5474f Author: Francisco Perez-SorrosalAuthored: Thu May 11 12:00:21 2017 -0700 Committer: Francisco Perez-Sorrosal Committed: Thu Aug 10 13:18:51 2017 -0700 -- .../org/apache/omid/tools/hbase/HBaseLogin.java | 25 1 file changed, 21 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-omid/blob/97579d66/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java -- diff --git a/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java b/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java index 0994748..92b4904 100644 --- a/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java +++ b/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java @@ -21,18 +21,35 @@ import org.apache.hadoop.security.UserGroupInformation; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.annotation.Nullable; import java.io.IOException; public final class HBaseLogin { private static final Logger LOG = LoggerFactory.getLogger(HBaseLogin.class); +private static volatile UserGroupInformation ugi; + +@Nullable public static UserGroupInformation loginIfNeeded(SecureHBaseConfig config) throws IOException { + if (UserGroupInformation.isSecurityEnabled()) { -LOG.info("Security is enabled, logging in with principal={}, keytab={}", -config.getPrincipal(), config.getKeytab()); -UserGroupInformation.loginUserFromKeytab(config.getPrincipal(), config.getKeytab()); +LOG.info("Security enabled when connecting to HBase"); +if (ugi == null) { // Use lazy initialization with double-checked locking +synchronized (HBaseLogin.class) { +if (ugi == null) { +LOG.info("Login with Kerberos. User={}, keytab={}", config.getPrincipal(), config.getKeytab()); + UserGroupInformation.loginUserFromKeytab(config.getPrincipal(), config.getKeytab()); +ugi = UserGroupInformation.getCurrentUser(); +} +} +} else { +LOG.info("User {}, already trusted (Kerberos). Avoiding 2nd login as it causes problems", ugi.toString()); +} +} else { +LOG.warn("Security NOT enabled when connecting to HBase. Act at your own risk. NULL UGI returned"); } -return UserGroupInformation.getCurrentUser(); +return ugi; } + }
incubator-omid git commit: [OMID-67] Avoid Kerberos logging multiple times
Repository: incubator-omid Updated Branches: refs/heads/0.9.0.0 9f5474f91 -> 97579d66a [OMID-67] Avoid Kerberos logging multiple times It may cause race conditions when done multiple times from the same JVM. The Kerberos ticket is not properly renewed when this happens. This closes #14 Change-Id: I07599f54bc9bead90a87d30a2f6b033de64b6470 Project: http://git-wip-us.apache.org/repos/asf/incubator-omid/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-omid/commit/97579d66 Tree: http://git-wip-us.apache.org/repos/asf/incubator-omid/tree/97579d66 Diff: http://git-wip-us.apache.org/repos/asf/incubator-omid/diff/97579d66 Branch: refs/heads/0.9.0.0 Commit: 97579d66a3f1f62eebca054495937f4f6f2666c2 Parents: 9f5474f Author: Francisco Perez-SorrosalAuthored: Thu May 11 12:00:21 2017 -0700 Committer: Francisco Perez-Sorrosal Committed: Thu Aug 10 13:18:51 2017 -0700 -- .../org/apache/omid/tools/hbase/HBaseLogin.java | 25 1 file changed, 21 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-omid/blob/97579d66/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java -- diff --git a/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java b/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java index 0994748..92b4904 100644 --- a/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java +++ b/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java @@ -21,18 +21,35 @@ import org.apache.hadoop.security.UserGroupInformation; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.annotation.Nullable; import java.io.IOException; public final class HBaseLogin { private static final Logger LOG = LoggerFactory.getLogger(HBaseLogin.class); +private static volatile UserGroupInformation ugi; + +@Nullable public static UserGroupInformation loginIfNeeded(SecureHBaseConfig config) throws IOException { + if (UserGroupInformation.isSecurityEnabled()) { -LOG.info("Security is enabled, logging in with principal={}, keytab={}", -config.getPrincipal(), config.getKeytab()); -UserGroupInformation.loginUserFromKeytab(config.getPrincipal(), config.getKeytab()); +LOG.info("Security enabled when connecting to HBase"); +if (ugi == null) { // Use lazy initialization with double-checked locking +synchronized (HBaseLogin.class) { +if (ugi == null) { +LOG.info("Login with Kerberos. User={}, keytab={}", config.getPrincipal(), config.getKeytab()); + UserGroupInformation.loginUserFromKeytab(config.getPrincipal(), config.getKeytab()); +ugi = UserGroupInformation.getCurrentUser(); +} +} +} else { +LOG.info("User {}, already trusted (Kerberos). Avoiding 2nd login as it causes problems", ugi.toString()); +} +} else { +LOG.warn("Security NOT enabled when connecting to HBase. Act at your own risk. NULL UGI returned"); } -return UserGroupInformation.getCurrentUser(); +return ugi; } + }