1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.hadoop.hbase;
20
21 import java.io.IOException;
22 import java.net.UnknownHostException;
23
24 import org.apache.commons.logging.Log;
25 import org.apache.commons.logging.LogFactory;
26 import org.apache.hadoop.conf.Configuration;
27 import org.apache.hadoop.hbase.classification.InterfaceAudience;
28 import org.apache.hadoop.hbase.classification.InterfaceStability;
29 import org.apache.hadoop.hbase.security.UserProvider;
30 import org.apache.hadoop.hbase.util.Strings;
31 import org.apache.hadoop.hbase.util.Threads;
32 import org.apache.hadoop.net.DNS;
33 import org.apache.hadoop.security.UserGroupInformation;
34
35
36
37
38 @InterfaceAudience.Public
39 @InterfaceStability.Evolving
40 public class AuthUtil {
41 private static final Log LOG = LogFactory.getLog(AuthUtil.class);
42
43
44
45 public static void launchAuthChore(Configuration conf) throws IOException {
46 UserProvider userProvider = UserProvider.instantiate(conf);
47
48 boolean securityEnabled =
49 userProvider.isHadoopSecurityEnabled() && userProvider.isHBaseSecurityEnabled();
50 if (!securityEnabled) return;
51 String host = null;
52 try {
53 host = Strings.domainNamePointerToHostName(DNS.getDefaultHost(
54 conf.get("hbase.client.dns.interface", "default"),
55 conf.get("hbase.client.dns.nameserver", "default")));
56 userProvider.login("hbase.client.keytab.file", "hbase.client.kerberos.principal", host);
57 } catch (UnknownHostException e) {
58 LOG.error("Error resolving host name");
59 throw e;
60 } catch (IOException e) {
61 LOG.error("Error while trying to perform the initial login");
62 throw e;
63 }
64
65 final UserGroupInformation ugi = userProvider.getCurrent().getUGI();
66 Stoppable stoppable = new Stoppable() {
67 private volatile boolean isStopped = false;
68
69 @Override
70 public void stop(String why) {
71 isStopped = true;
72 }
73
74 @Override
75 public boolean isStopped() {
76 return isStopped;
77 }
78 };
79
80
81
82
83 final int CHECK_TGT_INTERVAL = 30 * 1000;
84
85 Chore refreshCredentials = new Chore("RefreshCredentials", CHECK_TGT_INTERVAL, stoppable) {
86 @Override
87 protected void chore() {
88 try {
89 ugi.checkTGTAndReloginFromKeytab();
90 } catch (IOException e) {
91 LOG.info("Got exception while trying to refresh credentials ");
92 }
93 }
94 };
95
96 Threads.setDaemonThreadRunning(refreshCredentials.getThread());
97 }
98 }