ホーム エクスプローラ ヘルプ
登録 サインイン
apache
/
hadoop
同期ミラー https://github.com/apache/hadoop.git
2
0
フォーク 1
ファイル 課題 0 Wiki
ソースを参照

HADOOP-9537. Merge change 1478228 from branch-1

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-1.2@1478229 13f79535-47bb-0310-9956-ffa450edef68
Suresh Srinivas 12 年 前
289c48cb2b
コミット
c728d2d973
2 ファイル変更65 行追加25 行削除
分割表示 差分情報を表示
  1. 3 0
      CHANGES.txt
  2. 62 25
      src/core/org/apache/hadoop/security/UserGroupInformation.java

+ 3 - 0
CHANGES.txt
ファイルの表示 

@@ -610,6 +610,9 @@ Release 1.2.0 - 2013.04.16
 
     MAPREDUCE-5154. Ensure job delegation token renewal is cancelled after job
 
     staging directory is deleted. (Sandy Ryza & Arun C. Murthy via acmurthy)
 
 
+    HADOOP-9537. Backport changes to add support running Hadoop client on AIX.
 
+    (Aaron T. Myers, backported by Arpit Agarwal via suresh)
 
+
 
 Release 1.1.2 - 2013.01.30
 
 
   INCOMPATIBLE CHANGES

+ 62 - 25
src/core/org/apache/hadoop/security/UserGroupInformation.java
ファイルの表示 

@@ -253,20 +253,30 @@ public class UserGroupInformation {
 
   
   private static String OS_LOGIN_MODULE_NAME;
 
   private static Class<? extends Principal> OS_PRINCIPAL_CLASS;
 
+
 
   private static final boolean windows =
 
       System.getProperty("os.name").startsWith("Windows");
 
   private static final boolean is64Bit =
 
       System.getProperty("os.arch").contains("64");
 
+
 
+  private static final boolean ibmJava = System.getProperty("java.vendor").contains("IBM");
 
+  private static final boolean aix = System.getProperty("os.name").equals("AIX");
 
+
 
   private static Thread renewerThread = null;
 
   private static volatile boolean shouldRunRenewerThread = true;
 
   
   /* Return the OS login module class name */
 
   private static String getOSLoginModuleName() {
 
-    if (System.getProperty("java.vendor").contains("IBM")) {
 
-      return windows ? (is64Bit
 
-          ? "com.ibm.security.auth.module.Win64LoginModule"
 
-          : "com.ibm.security.auth.module.NTLoginModule")
 
-        : "com.ibm.security.auth.module.LinuxLoginModule";
 
+    if (ibmJava) {
 
+      if (windows) {
 
+        return is64Bit ? "com.ibm.security.auth.module.Win64LoginModule"
 
+            : "com.ibm.security.auth.module.NTLoginModule";
 
+      } else if (aix) {
 
+        return is64Bit ? "com.ibm.security.auth.module.AIX64LoginModule"
 
+            : "com.ibm.security.auth.module.AIXLoginModule";
 
+      } else {
 
+        return "com.ibm.security.auth.module.LinuxLoginModule";
 
+      }
 
     } else {
 
       return windows ? "com.sun.security.auth.module.NTLoginModule"
 
         : "com.sun.security.auth.module.UnixLoginModule";
 
@@ -278,21 +288,24 @@ public class UserGroupInformation {
 
   private static Class<? extends Principal> getOsPrincipalClass() {
 
     ClassLoader cl = ClassLoader.getSystemClassLoader();
 
     try {
 
-      if (System.getProperty("java.vendor").contains("IBM")) {
 
-        if (windows) {
 
-          return (Class<? extends Principal>) (is64Bit
 
-            ? cl.loadClass("com.ibm.security.auth.UsernamePrincipal")
 
-            : cl.loadClass("com.ibm.security.auth.NTUserPrincipal"));
 
+      String principalClass = null;
 
+      if (ibmJava) {
 
+        if (is64Bit) {
 
+          principalClass = "com.ibm.security.auth.UsernamePrincipal";
 
         } else {
 
-          return (Class<? extends Principal>) (is64Bit
 
-            ? cl.loadClass("com.ibm.security.auth.UsernamePrincipal")
 
-            : cl.loadClass("com.ibm.security.auth.LinuxPrincipal"));
 
+          if (windows) {
 
+            principalClass = "com.ibm.security.auth.NTUserPrincipal";
 
+          } else if (aix) {
 
+            principalClass = "com.ibm.security.auth.AIXPrincipal";
 
+          } else {
 
+            principalClass = "com.ibm.security.auth.LinuxPrincipal";
 
+          }
 
         }
 
       } else {
 
-        return (Class<? extends Principal>) (windows
 
-           ? cl.loadClass("com.sun.security.auth.NTUserPrincipal")
 
-           : cl.loadClass("com.sun.security.auth.UnixPrincipal"));
 
+        principalClass = windows ? "com.sun.security.auth.NTUserPrincipal"
 
+            : "com.sun.security.auth.UnixPrincipal";
 
       }
 
+      return (Class<? extends Principal>) cl.loadClass(principalClass);  
     } catch (ClassNotFoundException e) {
 
       LOG.error("Unable to find JAAS classes:" + e.getMessage());
 
     }
 
@@ -363,12 +376,21 @@ public class UserGroupInformation {
 
     private static final Map<String,String> USER_KERBEROS_OPTIONS = 
       new HashMap<String,String>();
 
     static {
 
-      USER_KERBEROS_OPTIONS.put("doNotPrompt", "true");
 
-      USER_KERBEROS_OPTIONS.put("useTicketCache", "true");
 
-      USER_KERBEROS_OPTIONS.put("renewTGT", "true");
 
+      if (ibmJava) {
 
+        USER_KERBEROS_OPTIONS.put("useDefaultCcache", "true");
 
+      } else {
 
+        USER_KERBEROS_OPTIONS.put("doNotPrompt", "true");
 
+        USER_KERBEROS_OPTIONS.put("useTicketCache", "true");
 
+        USER_KERBEROS_OPTIONS.put("renewTGT", "true");
 
+      }
 
       String ticketCache = System.getenv("KRB5CCNAME");
 
       if (ticketCache != null) {
 
-        USER_KERBEROS_OPTIONS.put("ticketCache", ticketCache);
 
+        if (ibmJava) {
 
+          // The first value searched when "useDefaultCcache" is used.
 
+          System.setProperty("KRB5CCNAME", ticketCache);
 
+        } else {
 
+          USER_KERBEROS_OPTIONS.put("ticketCache", ticketCache);
 
+        }
 
       }
 
     }
 
     private static final AppConfigurationEntry USER_KERBEROS_LOGIN =
 
@@ -378,10 +400,14 @@ public class UserGroupInformation {
 
     private static final Map<String,String> KEYTAB_KERBEROS_OPTIONS = 
       new HashMap<String,String>();
 
     static {
 
-      KEYTAB_KERBEROS_OPTIONS.put("doNotPrompt", "true");
 
-      KEYTAB_KERBEROS_OPTIONS.put("useKeyTab", "true");
 
-      KEYTAB_KERBEROS_OPTIONS.put("storeKey", "true");
 
-      KEYTAB_KERBEROS_OPTIONS.put("refreshKrb5Config", "true");
 
+      if (ibmJava) {
 
+        KEYTAB_KERBEROS_OPTIONS.put("credsType", "both");
 
+      } else {
 
+        KEYTAB_KERBEROS_OPTIONS.put("doNotPrompt", "true");
 
+        KEYTAB_KERBEROS_OPTIONS.put("useKeyTab", "true");
 
+        KEYTAB_KERBEROS_OPTIONS.put("storeKey", "true");
 
+        KEYTAB_KERBEROS_OPTIONS.put("refreshKrb5Config", "true");
 
+      }
 
     }
 
     private static final AppConfigurationEntry KEYTAB_KERBEROS_LOGIN =
 
       new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(),
 
@@ -405,7 +431,12 @@ public class UserGroupInformation {
 
       } else if (USER_KERBEROS_CONFIG_NAME.equals(appName)) {
 
         return USER_KERBEROS_CONF;
 
       } else if (KEYTAB_KERBEROS_CONFIG_NAME.equals(appName)) {
 
-        KEYTAB_KERBEROS_OPTIONS.put("keyTab", keytabFile);
 
+        if (ibmJava) {
 
+          KEYTAB_KERBEROS_OPTIONS.put("useKeytab",
 
+              prependFileAuthority(keytabFile));
 
+        } else {
 
+          KEYTAB_KERBEROS_OPTIONS.put("keyTab", keytabFile);
 
+        }
 
         KEYTAB_KERBEROS_OPTIONS.put("principal", keytabPrincipal);
 
         return KEYTAB_KERBEROS_CONF;
 
       }
 
@@ -436,6 +467,11 @@ public class UserGroupInformation {
 
     user.setLogin(login);
 
   }
 
 
+  private static String prependFileAuthority(String keytabPath) {
 
+    return keytabPath.startsWith("file://") ? keytabPath
 
+        : "file://" + keytabPath;
 
+  }
 
+
 
   /**
 
    * Create a UserGroupInformation for the given subject.
 
    * This does not change the subject or acquire new credentials.
 
@@ -515,6 +551,7 @@ public class UserGroupInformation {
 
         }
 
         loginUser.spawnAutoRenewalThreadForUserCreds();
 
       } catch (LoginException le) {
 
+        LOG.debug("failure to login", le);
 
         throw new IOException("failure to login", le);
 
       }
 
       if (LOG.isDebugEnabled()) {