Skip to content

Commit

Permalink
LIVY-310. Kinit should be called before doing recovery check. (apache…
Browse files Browse the repository at this point in the history
  • Loading branch information
jerryshao authored and alex-the-man committed Feb 13, 2017
1 parent 9575d8f commit 807036a
Showing 1 changed file with 29 additions and 26 deletions.
55 changes: 29 additions & 26 deletions server/src/main/scala/com/cloudera/livy/server/LivyServer.scala
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ import javax.servlet._
import scala.concurrent.ExecutionContext.Implicits.global
import scala.concurrent.Future

import org.apache.hadoop.security.SecurityUtil
import org.apache.hadoop.security.{SecurityUtil, UserGroupInformation}
import org.apache.hadoop.security.authentication.server._
import org.eclipse.jetty.servlet.FilterHolder
import org.scalatra.metrics.MetricsBootstrap
Expand Down Expand Up @@ -86,6 +86,33 @@ class LivyServer extends Logging {
livyConf.set(LIVY_SPARK_SCALA_VERSION.key,
sparkScalaVersion(formattedSparkVersion, scalaVersionFromSparkSubmit, livyConf))

if (UserGroupInformation.isSecurityEnabled) {
// If Hadoop security is enabled, run kinit periodically. runKinit() should be called
// before any Hadoop operation, otherwise Kerberos exception will be thrown.
executor = Executors.newScheduledThreadPool(1,
new ThreadFactory() {
override def newThread(r: Runnable): Thread = {
val thread = new Thread(r)
thread.setName("kinit-thread")
thread.setDaemon(true)
thread
}
}
)
val launch_keytab = livyConf.get(LAUNCH_KERBEROS_KEYTAB)
val launch_principal = SecurityUtil.getServerPrincipal(
livyConf.get(LAUNCH_KERBEROS_PRINCIPAL), server.host)
require(launch_keytab != null,
s"Kerberos requires ${LAUNCH_KERBEROS_KEYTAB.key} to be provided.")
require(launch_principal != null,
s"Kerberos requires ${LAUNCH_KERBEROS_PRINCIPAL.key} to be provided.")
if (!runKinit(launch_keytab, launch_principal)) {
error("Failed to run kinit, stopping the server.")
sys.exit(1)
}
startKinitThread(launch_keytab, launch_principal)
}

testRecovery(livyConf)

// Initialize YarnClient ASAP to save time.
Expand Down Expand Up @@ -171,31 +198,7 @@ class LivyServer extends Logging {
server.context.addFilter(holder, "/*", EnumSet.allOf(classOf[DispatcherType]))
info(s"SPNEGO auth enabled (principal = $principal)")

// run kinit periodically
executor = Executors.newScheduledThreadPool(1,
new ThreadFactory() {
override def newThread(r: Runnable): Thread = {
val thread = new Thread(r)
thread.setName("kinit-thread")
thread.setDaemon(true)
thread
}
}
)
val launch_keytab = livyConf.get(LAUNCH_KERBEROS_KEYTAB)
val launch_principal = SecurityUtil.getServerPrincipal(
livyConf.get(LAUNCH_KERBEROS_PRINCIPAL), server.host)
require(launch_keytab != null,
s"Kerberos requires ${LAUNCH_KERBEROS_KEYTAB.key} to be provided.")
require(launch_principal != null,
s"Kerberos requires ${LAUNCH_KERBEROS_PRINCIPAL.key} to be provided.")
if (!runKinit(launch_keytab, launch_principal)) {
error("Failed to run kinit, stopping the server.")
sys.exit(1)
}
startKinitThread(launch_keytab, launch_principal)

case null =>
case null =>
// Nothing to do.

case other =>
Expand Down

0 comments on commit 807036a

Please sign in to comment.