001/** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018 019package org.apache.oozie.action.hadoop; 020 021import java.io.IOException; 022import java.security.PrivilegedExceptionAction; 023import java.util.Map; 024 025import org.apache.hadoop.conf.Configuration; 026import org.apache.hadoop.hbase.HBaseConfiguration; 027import org.apache.hadoop.hbase.security.User; 028import org.apache.hadoop.hbase.security.token.AuthenticationTokenIdentifier; 029import org.apache.hadoop.hbase.security.token.TokenUtil; 030import org.apache.hadoop.mapred.JobConf; 031import org.apache.oozie.action.ActionExecutor.Context; 032import org.apache.oozie.action.hadoop.Credentials; 033import org.apache.oozie.action.hadoop.CredentialsProperties; 034import org.apache.oozie.util.XLog; 035import org.apache.hadoop.security.UserGroupInformation; 036import org.apache.hadoop.security.token.Token; 037import org.apache.hadoop.security.token.TokenIdentifier; 038 039 040/** 041 * Hbase Credentials implementation to store in jobConf 042 * The jobConf is used further to pass credentials to the tasks while running 043 * Oozie server should be configured to use this Credentials class by including it via property 'oozie.credentials.credentialclasses' 044 * 045 */ 046public class HbaseCredentials extends Credentials { 047 static final String OOZIE_HBASE_CLIENT_SITE_XML = "oozie-hbase-client-site.xml"; 048 static final String HBASE_USE_DYNAMIC_JARS = "hbase.dynamic.jars.dir"; 049 050 static { 051 Configuration.addDefaultResource(OOZIE_HBASE_CLIENT_SITE_XML); 052 } 053 054 /* (non-Javadoc) 055 * @see org.apache.oozie.action.hadoop.Credentials#addtoJobConf(org.apache.hadoop.mapred.JobConf, org.apache.oozie.action.hadoop.CredentialsProperties, org.apache.oozie.action.ActionExecutor.Context) 056 */ 057 @Override 058 public void addtoJobConf(JobConf jobConf, CredentialsProperties props, Context context) throws Exception { 059 try { 060 copyHbaseConfToJobConf(jobConf, props); 061 obtainToken(jobConf, context); 062 } 063 catch (Exception e) { 064 XLog.getLog(getClass()).warn("Exception in receiving hbase credentials", e); 065 throw e; 066 } 067 } 068 069 void copyHbaseConfToJobConf(JobConf jobConf, CredentialsProperties props) { 070 // Create configuration using hbase-site.xml/hbase-default.xml 071 Configuration hbaseConf = new Configuration(false); 072 HBaseConfiguration.addHbaseResources(hbaseConf); 073 // copy cred props to hbaseconf and override if values already exists 074 addPropsConf(props, hbaseConf); 075 // copy cred props to jobconf and override if values already exist 076 addPropsConf(props, jobConf); 077 // copy conf from hbaseConf to jobConf without overriding the 078 // already existing values of jobConf 079 injectConf(hbaseConf, jobConf); 080 } 081 082 private void obtainToken(final JobConf jobConf, Context context) throws IOException, InterruptedException { 083 String user = context.getWorkflow().getUser(); 084 UserGroupInformation ugi = UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser()); 085 User u = User.create(ugi); 086 // A direct doAs is required here vs. User#obtainAuthTokenForJob(...) 087 // See OOZIE-2419 for more 088 Token<AuthenticationTokenIdentifier> token = u.runAs( 089 new PrivilegedExceptionAction<Token<AuthenticationTokenIdentifier>>() { 090 public Token<AuthenticationTokenIdentifier> run() throws Exception { 091 return TokenUtil.obtainToken(jobConf); 092 } 093 } 094 ); 095 jobConf.getCredentials().addToken(token.getService(), token); 096 } 097 098 private void addPropsConf(CredentialsProperties props, Configuration destConf) { 099 for (Map.Entry<String, String> entry : props.getProperties().entrySet()) { 100 destConf.set(entry.getKey(), entry.getValue()); 101 } 102 } 103 104 private void injectConf(Configuration srcConf, Configuration destConf) { 105 for (Map.Entry<String, String> entry : srcConf) { 106 String name = entry.getKey(); 107 if (destConf.get(name) == null) { 108 String value = entry.getValue(); 109 destConf.set(name, value); 110 } 111 } 112 } 113}