|
|
@ -32,19 +32,27 @@ import org.apache.hadoop.conf.Configuration; |
|
|
|
import org.apache.hadoop.security.UserGroupInformation; |
|
|
|
import org.apache.hadoop.security.UserGroupInformation; |
|
|
|
|
|
|
|
|
|
|
|
import java.io.IOException; |
|
|
|
import java.io.IOException; |
|
|
|
|
|
|
|
import java.lang.reflect.Field; |
|
|
|
import java.sql.Connection; |
|
|
|
import java.sql.Connection; |
|
|
|
import java.sql.SQLException; |
|
|
|
import java.sql.SQLException; |
|
|
|
|
|
|
|
import java.util.concurrent.Executors; |
|
|
|
|
|
|
|
import java.util.concurrent.ScheduledExecutorService; |
|
|
|
|
|
|
|
import java.util.concurrent.TimeUnit; |
|
|
|
|
|
|
|
|
|
|
|
import org.slf4j.Logger; |
|
|
|
import org.slf4j.Logger; |
|
|
|
import org.slf4j.LoggerFactory; |
|
|
|
import org.slf4j.LoggerFactory; |
|
|
|
import org.springframework.jdbc.core.JdbcTemplate; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
import com.zaxxer.hikari.HikariDataSource; |
|
|
|
import com.zaxxer.hikari.HikariDataSource; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
import sun.security.krb5.Config; |
|
|
|
|
|
|
|
|
|
|
|
public class HiveDataSourceClient extends CommonDataSourceClient { |
|
|
|
public class HiveDataSourceClient extends CommonDataSourceClient { |
|
|
|
|
|
|
|
|
|
|
|
private static final Logger logger = LoggerFactory.getLogger(HiveDataSourceClient.class); |
|
|
|
private static final Logger logger = LoggerFactory.getLogger(HiveDataSourceClient.class); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private ScheduledExecutorService kerberosRenewalService; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private Configuration hadoopConf; |
|
|
|
protected HikariDataSource oneSessionDataSource; |
|
|
|
protected HikariDataSource oneSessionDataSource; |
|
|
|
private UserGroupInformation ugi; |
|
|
|
private UserGroupInformation ugi; |
|
|
|
|
|
|
|
|
|
|
@ -52,8 +60,18 @@ public class HiveDataSourceClient extends CommonDataSourceClient { |
|
|
|
super(baseConnectionParam); |
|
|
|
super(baseConnectionParam); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@Override |
|
|
|
|
|
|
|
protected void preInit() { |
|
|
|
|
|
|
|
logger.info("PreInit in {}", getClass().getName()); |
|
|
|
|
|
|
|
this.kerberosRenewalService = Executors.newSingleThreadScheduledExecutor(); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
@Override |
|
|
|
@Override |
|
|
|
protected void initClient(BaseConnectionParam baseConnectionParam) { |
|
|
|
protected void initClient(BaseConnectionParam baseConnectionParam) { |
|
|
|
|
|
|
|
logger.info("Create Configuration for hive configuration."); |
|
|
|
|
|
|
|
this.hadoopConf = createHadoopConf(); |
|
|
|
|
|
|
|
logger.info("Create Configuration success."); |
|
|
|
|
|
|
|
|
|
|
|
logger.info("Create UserGroupInformation."); |
|
|
|
logger.info("Create UserGroupInformation."); |
|
|
|
this.ugi = createUserGroupInformation(baseConnectionParam.getUser()); |
|
|
|
this.ugi = createUserGroupInformation(baseConnectionParam.getUser()); |
|
|
|
logger.info("Create ugi success."); |
|
|
|
logger.info("Create ugi success."); |
|
|
@ -73,6 +91,15 @@ public class HiveDataSourceClient extends CommonDataSourceClient { |
|
|
|
String krb5File = PropertyUtils.getString(JAVA_SECURITY_KRB5_CONF_PATH); |
|
|
|
String krb5File = PropertyUtils.getString(JAVA_SECURITY_KRB5_CONF_PATH); |
|
|
|
if (StringUtils.isNotBlank(krb5File)) { |
|
|
|
if (StringUtils.isNotBlank(krb5File)) { |
|
|
|
System.setProperty(JAVA_SECURITY_KRB5_CONF, krb5File); |
|
|
|
System.setProperty(JAVA_SECURITY_KRB5_CONF, krb5File); |
|
|
|
|
|
|
|
try { |
|
|
|
|
|
|
|
Config.refresh(); |
|
|
|
|
|
|
|
Class<?> kerberosName = Class.forName("org.apache.hadoop.security.authentication.util.KerberosName"); |
|
|
|
|
|
|
|
Field field = kerberosName.getDeclaredField("defaultRealm"); |
|
|
|
|
|
|
|
field.setAccessible(true); |
|
|
|
|
|
|
|
field.set(null, Config.getInstance().getDefaultRealm()); |
|
|
|
|
|
|
|
} catch (Exception e) { |
|
|
|
|
|
|
|
throw new RuntimeException("Update Kerberos environment failed.", e); |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
@ -80,15 +107,38 @@ public class HiveDataSourceClient extends CommonDataSourceClient { |
|
|
|
String krb5File = PropertyUtils.getString(Constants.JAVA_SECURITY_KRB5_CONF_PATH); |
|
|
|
String krb5File = PropertyUtils.getString(Constants.JAVA_SECURITY_KRB5_CONF_PATH); |
|
|
|
String keytab = PropertyUtils.getString(Constants.LOGIN_USER_KEY_TAB_PATH); |
|
|
|
String keytab = PropertyUtils.getString(Constants.LOGIN_USER_KEY_TAB_PATH); |
|
|
|
String principal = PropertyUtils.getString(Constants.LOGIN_USER_KEY_TAB_USERNAME); |
|
|
|
String principal = PropertyUtils.getString(Constants.LOGIN_USER_KEY_TAB_USERNAME); |
|
|
|
|
|
|
|
|
|
|
|
try { |
|
|
|
try { |
|
|
|
return CommonUtil.createUGI(getHadoopConf(), principal, keytab, krb5File, username); |
|
|
|
UserGroupInformation ugi = CommonUtil.createUGI(getHadoopConf(), principal, keytab, krb5File, username); |
|
|
|
|
|
|
|
try { |
|
|
|
|
|
|
|
Field isKeytabField = ugi.getClass().getDeclaredField("isKeytab"); |
|
|
|
|
|
|
|
isKeytabField.setAccessible(true); |
|
|
|
|
|
|
|
isKeytabField.set(ugi, true); |
|
|
|
|
|
|
|
} catch (NoSuchFieldException | IllegalAccessException e) { |
|
|
|
|
|
|
|
logger.warn(e.getMessage()); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
kerberosRenewalService.scheduleWithFixedDelay(() -> { |
|
|
|
|
|
|
|
try { |
|
|
|
|
|
|
|
ugi.checkTGTAndReloginFromKeytab(); |
|
|
|
|
|
|
|
} catch (IOException e) { |
|
|
|
|
|
|
|
logger.error("Check TGT and Renewal from Keytab error", e); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
}, 5, 5, TimeUnit.MINUTES); |
|
|
|
|
|
|
|
return ugi; |
|
|
|
} catch (IOException e) { |
|
|
|
} catch (IOException e) { |
|
|
|
throw new RuntimeException("createUserGroupInformation fail. ", e); |
|
|
|
throw new RuntimeException("createUserGroupInformation fail. ", e); |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
protected Configuration createHadoopConf() { |
|
|
|
|
|
|
|
Configuration hadoopConf = new Configuration(); |
|
|
|
|
|
|
|
hadoopConf.setBoolean("ipc.client.fallback-to-simple-auth-allowed", true); |
|
|
|
|
|
|
|
return hadoopConf; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
protected Configuration getHadoopConf() { |
|
|
|
protected Configuration getHadoopConf() { |
|
|
|
return new Configuration(); |
|
|
|
return this.hadoopConf; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
@Override |
|
|
|
@Override |
|
|
@ -104,7 +154,10 @@ public class HiveDataSourceClient extends CommonDataSourceClient { |
|
|
|
@Override |
|
|
|
@Override |
|
|
|
public void close() { |
|
|
|
public void close() { |
|
|
|
super.close(); |
|
|
|
super.close(); |
|
|
|
|
|
|
|
|
|
|
|
logger.info("close HiveDataSourceClient."); |
|
|
|
logger.info("close HiveDataSourceClient."); |
|
|
|
|
|
|
|
kerberosRenewalService.shutdown(); |
|
|
|
|
|
|
|
this.ugi = null; |
|
|
|
|
|
|
|
|
|
|
|
this.oneSessionDataSource.close(); |
|
|
|
this.oneSessionDataSource.close(); |
|
|
|
this.oneSessionDataSource = null; |
|
|
|
this.oneSessionDataSource = null; |
|
|
|