1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.hadoop.hbase;
20
21 import java.io.IOException;
22 import java.net.UnknownHostException;
23
24 import org.apache.commons.logging.Log;
25 import org.apache.commons.logging.LogFactory;
26 import org.apache.hadoop.conf.Configuration;
27 import org.apache.hadoop.hbase.classification.InterfaceAudience;
28 import org.apache.hadoop.hbase.classification.InterfaceStability;
29 import org.apache.hadoop.hbase.security.UserProvider;
30 import org.apache.hadoop.hbase.util.Strings;
31 import org.apache.hadoop.hbase.util.Threads;
32 import org.apache.hadoop.net.DNS;
33 import org.apache.hadoop.security.UserGroupInformation;
34
35
36
37
38 @InterfaceAudience.Public
39 @InterfaceStability.Evolving
40 public class AuthUtil {
41 private static final Log LOG = LogFactory.getLog(AuthUtil.class);
42
43 private AuthUtil() {
44 super();
45 }
46
47
48
49
50 public static void launchAuthChore(Configuration conf) throws IOException {
51 UserProvider userProvider = UserProvider.instantiate(conf);
52
53 boolean securityEnabled =
54 userProvider.isHadoopSecurityEnabled() && userProvider.isHBaseSecurityEnabled();
55 if (!securityEnabled) return;
56 String host = null;
57 try {
58 host = Strings.domainNamePointerToHostName(DNS.getDefaultHost(
59 conf.get("hbase.client.dns.interface", "default"),
60 conf.get("hbase.client.dns.nameserver", "default")));
61 userProvider.login("hbase.client.keytab.file", "hbase.client.kerberos.principal", host);
62 } catch (UnknownHostException e) {
63 LOG.error("Error resolving host name: " + e.getMessage(), e);
64 throw e;
65 } catch (IOException e) {
66 LOG.error("Error while trying to perform the initial login: " + e.getMessage(), e);
67 throw e;
68 }
69
70 final UserGroupInformation ugi = userProvider.getCurrent().getUGI();
71 Stoppable stoppable = new Stoppable() {
72 private volatile boolean isStopped = false;
73
74 @Override
75 public void stop(String why) {
76 isStopped = true;
77 }
78
79 @Override
80 public boolean isStopped() {
81 return isStopped;
82 }
83 };
84
85
86
87
88 final int CHECK_TGT_INTERVAL = 30 * 1000;
89
90 Chore refreshCredentials = new Chore("RefreshCredentials", CHECK_TGT_INTERVAL, stoppable) {
91 @Override
92 protected void chore() {
93 try {
94 ugi.checkTGTAndReloginFromKeytab();
95 } catch (IOException e) {
96 LOG.error("Got exception while trying to refresh credentials: " + e.getMessage(), e);
97 }
98 }
99 };
100
101 Threads.setDaemonThreadRunning(refreshCredentials.getThread());
102 }
103 }