org.apache.gobblin.yarn.YarnAppSecurityManager类的使用及代码示例

x33g5p2x  于2022-02-05 转载在 其他  
字(7.1k)|赞(0)|评价(0)|浏览(137)

本文整理了Java中org.apache.gobblin.yarn.YarnAppSecurityManager类的一些代码示例,展示了YarnAppSecurityManager类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。YarnAppSecurityManager类的具体详情如下:
包路径:org.apache.gobblin.yarn.YarnAppSecurityManager
类名称:YarnAppSecurityManager

YarnAppSecurityManager介绍

[英]A class for managing Kerberos login and token renewing on the client side that has access to the keytab file.

This class works with YarnContainerSecurityManager to manage renewing of delegation tokens across the application. This class is responsible for login through a Kerberos keytab, renewing the delegation token, and storing the token to a token file on HDFS. It sends a Helix message to the controller and all the participants upon writing the token to the token file, which rely on the YarnContainerSecurityManager to read the token in the file upon receiving the message.

This class uses a scheduled task to do Kerberos re-login to renew the Kerberos ticket on a configurable schedule if login is from a keytab file. It also uses a second scheduled task to renew the delegation token after each login. Both the re-login interval and the token renewing interval are configurable.
[中]一个类,用于在有权访问密钥表文件的客户端上管理Kerberos登录和令牌续订。
此类与YarnContainerSecurityManager协作,管理整个应用程序中委派令牌的续订。此类负责通过Kerberos密钥表登录、续订委派令牌,并将令牌存储到HDFS上的令牌文件中。在将令牌写入令牌文件时,它会向控制器和所有参与者发送一条螺旋消息,这些参与者在收到消息时依赖YarnContainerSecurityManager读取文件中的令牌。
如果登录来自密钥表文件,则此类使用计划任务执行Kerberos重新登录,以按照可配置的计划续订Kerberos票证。它还使用第二个计划任务在每次登录后续订委派令牌。重新登录间隔和令牌更新间隔都是可配置的。

代码示例

代码示例来源:origin: apache/incubator-gobblin

private YarnAppSecurityManager buildYarnAppSecurityManager() throws IOException {
 Path tokenFilePath = new Path(this.fs.getHomeDirectory(), this.applicationName + Path.SEPARATOR +
   GobblinYarnConfigurationKeys.TOKEN_FILE_NAME);
 return new YarnAppSecurityManager(this.config, this.helixManager, this.fs, tokenFilePath);
}

代码示例来源:origin: apache/incubator-gobblin

/**
 * Login the user from a given keytab file.
 */
private void loginFromKeytab() throws IOException {
 String keyTabFilePath = this.config.getString(GobblinYarnConfigurationKeys.KEYTAB_FILE_PATH);
 if (Strings.isNullOrEmpty(keyTabFilePath)) {
  throw new IOException("Keytab file path is not defined for Kerberos login");
 }
 if (!new File(keyTabFilePath).exists()) {
  throw new IOException("Keytab file not found at: " + keyTabFilePath);
 }
 String principal = this.config.getString(GobblinYarnConfigurationKeys.KEYTAB_PRINCIPAL_NAME);
 if (Strings.isNullOrEmpty(principal)) {
  principal = this.loginUser.getShortUserName() + "/localhost@LOCALHOST";
 }
 Configuration conf = new Configuration();
 conf.set("hadoop.security.authentication",
   UserGroupInformation.AuthenticationMethod.KERBEROS.toString().toLowerCase());
 UserGroupInformation.setConfiguration(conf);
 UserGroupInformation.loginUserFromKeytab(principal, keyTabFilePath);
 LOGGER.info(String.format("Logged in from keytab file %s using principal %s", keyTabFilePath, principal));
 this.loginUser = UserGroupInformation.getLoginUser();
 getNewDelegationTokenForLoginUser();
 writeDelegationTokenToFile();
 if (!this.firstLogin) {
  // Send a message to the controller and all the participants
  sendTokenFileUpdatedMessage(InstanceType.CONTROLLER);
  sendTokenFileUpdatedMessage(InstanceType.PARTICIPANT);
 }
}

代码示例来源:origin: apache/incubator-gobblin

/**
 * Renew the existing delegation token.
 */
private synchronized void renewDelegationToken() throws IOException, InterruptedException {
 this.token.renew(this.fs.getConf());
 writeDelegationTokenToFile();
 if (!this.firstLogin) {
  // Send a message to the controller and all the participants if this is not the first login
  sendTokenFileUpdatedMessage(InstanceType.CONTROLLER);
  sendTokenFileUpdatedMessage(InstanceType.PARTICIPANT);
 }
}

代码示例来源:origin: apache/incubator-gobblin

@Test
public void testGetNewDelegationTokenForLoginUser() throws IOException {
 this.yarnAppSecurityManager.getNewDelegationTokenForLoginUser();
}

代码示例来源:origin: apache/incubator-gobblin

@Test(dependsOnMethods = "testGetNewDelegationTokenForLoginUser")
public void testWriteDelegationTokenToFile() throws IOException {
 this.yarnAppSecurityManager.writeDelegationTokenToFile();
 Assert.assertTrue(this.localFs.exists(this.tokenFilePath));
 assertToken(YarnHelixUtils.readTokensFromFile(this.tokenFilePath, this.configuration));
}

代码示例来源:origin: apache/incubator-gobblin

@Test
public void testSendTokenFileUpdatedMessage() throws Exception {
 Logger log = LoggerFactory.getLogger("testSendTokenFileUpdatedMessage");
 this.yarnAppSecurityManager.sendTokenFileUpdatedMessage(InstanceType.CONTROLLER);
 Assert.assertEquals(this.curatorFramework.checkExists().forPath(
   String.format("/%s/CONTROLLER/MESSAGES", YarnSecurityManagerTest.class.getSimpleName())).getVersion(), 0);
 AssertWithBackoff.create().logger(log).timeoutMs(20000)
  .assertEquals(new GetControllerMessageNumFunc(YarnSecurityManagerTest.class.getSimpleName(),
    this.curatorFramework), 1, "1 controller message queued");
}

代码示例来源:origin: org.apache.gobblin/gobblin-yarn

/**
 * Renew the existing delegation token.
 */
private synchronized void renewDelegationToken() throws IOException, InterruptedException {
 this.token.renew(this.fs.getConf());
 writeDelegationTokenToFile();
 if (!this.firstLogin) {
  // Send a message to the controller and all the participants if this is not the first login
  sendTokenFileUpdatedMessage(InstanceType.CONTROLLER);
  sendTokenFileUpdatedMessage(InstanceType.PARTICIPANT);
 }
}

代码示例来源:origin: org.apache.gobblin/gobblin-yarn

/**
 * Login the user from a given keytab file.
 */
private void loginFromKeytab() throws IOException {
 String keyTabFilePath = this.config.getString(GobblinYarnConfigurationKeys.KEYTAB_FILE_PATH);
 if (Strings.isNullOrEmpty(keyTabFilePath)) {
  throw new IOException("Keytab file path is not defined for Kerberos login");
 }
 if (!new File(keyTabFilePath).exists()) {
  throw new IOException("Keytab file not found at: " + keyTabFilePath);
 }
 String principal = this.config.getString(GobblinYarnConfigurationKeys.KEYTAB_PRINCIPAL_NAME);
 if (Strings.isNullOrEmpty(principal)) {
  principal = this.loginUser.getShortUserName() + "/localhost@LOCALHOST";
 }
 Configuration conf = new Configuration();
 conf.set("hadoop.security.authentication",
   UserGroupInformation.AuthenticationMethod.KERBEROS.toString().toLowerCase());
 UserGroupInformation.setConfiguration(conf);
 UserGroupInformation.loginUserFromKeytab(principal, keyTabFilePath);
 LOGGER.info(String.format("Logged in from keytab file %s using principal %s", keyTabFilePath, principal));
 this.loginUser = UserGroupInformation.getLoginUser();
 getNewDelegationTokenForLoginUser();
 writeDelegationTokenToFile();
 if (!this.firstLogin) {
  // Send a message to the controller and all the participants
  sendTokenFileUpdatedMessage(InstanceType.CONTROLLER);
  sendTokenFileUpdatedMessage(InstanceType.PARTICIPANT);
 }
}

代码示例来源:origin: apache/incubator-gobblin

this.tokenFilePath = new Path(this.baseDir, GobblinYarnConfigurationKeys.TOKEN_FILE_NAME);
this.yarnAppSecurityManager =
  new YarnAppSecurityManager(config, this.helixManager, this.localFs, this.tokenFilePath);
this.yarnContainerSecurityManager = new YarnContainerSecurityManager(config, this.localFs, new EventBus());

代码示例来源:origin: org.apache.gobblin/gobblin-yarn

private YarnAppSecurityManager buildYarnAppSecurityManager() throws IOException {
 Path tokenFilePath = new Path(this.fs.getHomeDirectory(), this.applicationName + Path.SEPARATOR +
   GobblinYarnConfigurationKeys.TOKEN_FILE_NAME);
 return new YarnAppSecurityManager(this.config, this.helixManager, this.fs, tokenFilePath);
}

相关文章