Startseite Erkunden Hilfe
Anmelden
apache
/
hadoop
Mirror von https://github.com/apache/hadoop.git
2
0
Fork 1
Dateien Issues 0 Wiki
Quellcode durchsuchen

HDFS-1023. Allow http server to start as regular principal if https principal not defined.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/hdfs/trunk@962908 13f79535-47bb-0310-9956-ffa450edef68
Jakob Homan vor 15 Jahren
Ursprung
5fc8854335
Commit
e106bcd56d
2 geänderte Dateien mit 26 neuen und 6 gelöschten Zeilen
Geteilte Ansicht Diff-Statistik anzeigen
  1. 3 0
      CHANGES.txt
  2. 23 6
      src/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java

+ 3 - 0
CHANGES.txt
Datei anzeigen 

@@ -21,6 +21,9 @@ Trunk (unreleased changes)
 
     HDFS-1033. In secure clusters, NN and SNN should verify that the remote 
     principal during image and edits transfer. (jghoman)
 
 
+    HDFS-1023. Allow http server to start as regular principal if https 
+    principal not defined. (jghoman)
 
+
 
   IMPROVEMENTS
 
 
     HDFS-1096. fix for prev. commit. (boryas)

+ 23 - 6
src/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java
Datei anzeigen 

@@ -414,9 +414,20 @@ public class NameNode implements NamenodeProtocols, FSConstants {
 
   }
 
 
   private void startHttpServer(final Configuration conf) throws IOException {
 
-    // Kerberized SSL servers must be run from the host principal...
 
-    DFSUtil.login(conf, DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY,
 
-        DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY);
 
+    if(UserGroupInformation.isSecurityEnabled()) {
 
+        String httpsUser = conf.get(DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY);
 
+        if(httpsUser == null) {
 
+          LOG.warn(DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY + 
+              " not defined in config. Starting http server as " 
+              + conf.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY)
 
+             + ": Kerberized SSL may be not function correctly.");
 
+        } else {
 
+          // Kerberized SSL servers must be run from the host principal...
 
+          LOG.info("Logging in as " + httpsUser + " to start http server.");
 
+          DFSUtil.login(conf, DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY, 
+                              DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY);
 
+        }
 
+    }
 
     UserGroupInformation ugi = UserGroupInformation.getLoginUser();
 
     try {
 
       this.httpServer = ugi.doAs(new PrivilegedExceptionAction<HttpServer>() {
 
@@ -483,9 +494,15 @@ public class NameNode implements NamenodeProtocols, FSConstants {
 
     } catch (InterruptedException e) {
 
       throw new IOException(e);
 
     } finally {
 
-      // Go back to being the correct Namenode principal
 
-      DFSUtil.login(conf, DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY,
 
-          DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY);
 
+      if(UserGroupInformation.isSecurityEnabled() && 
+          conf.get(DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY) != null) {
 
+        // Go back to being the correct Namenode principal
 
+        LOG.info("Logging back in as " 
+            + conf.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY) 
+            + " following http server start.");
 
+        DFSUtil.login(conf, DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY,
 
+            DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY);
 
+      }
 
     }
 
   }