Browse Source

[Fix-7277][datasource] Support Kerberos auto renewal (#7277) (#7278)

3.0.0/version-upgrade
mask 3 years ago committed by GitHub
parent
commit
8d68cf48dd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 59
      dolphinscheduler-datasource-plugin/dolphinscheduler-datasource-hive/src/main/java/org/apache/dolphinscheduler/plugin/datasource/hive/HiveDataSourceClient.java

59
dolphinscheduler-datasource-plugin/dolphinscheduler-datasource-hive/src/main/java/org/apache/dolphinscheduler/plugin/datasource/hive/HiveDataSourceClient.java

@ -32,19 +32,27 @@ import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation;
import java.io.IOException; import java.io.IOException;
import java.lang.reflect.Field;
import java.sql.Connection; import java.sql.Connection;
import java.sql.SQLException; import java.sql.SQLException;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.jdbc.core.JdbcTemplate;
import com.zaxxer.hikari.HikariDataSource; import com.zaxxer.hikari.HikariDataSource;
import sun.security.krb5.Config;
public class HiveDataSourceClient extends CommonDataSourceClient { public class HiveDataSourceClient extends CommonDataSourceClient {
private static final Logger logger = LoggerFactory.getLogger(HiveDataSourceClient.class); private static final Logger logger = LoggerFactory.getLogger(HiveDataSourceClient.class);
private ScheduledExecutorService kerberosRenewalService;
private Configuration hadoopConf;
protected HikariDataSource oneSessionDataSource; protected HikariDataSource oneSessionDataSource;
private UserGroupInformation ugi; private UserGroupInformation ugi;
@ -52,8 +60,18 @@ public class HiveDataSourceClient extends CommonDataSourceClient {
super(baseConnectionParam); super(baseConnectionParam);
} }
@Override
protected void preInit() {
logger.info("PreInit in {}", getClass().getName());
this.kerberosRenewalService = Executors.newSingleThreadScheduledExecutor();
}
@Override @Override
protected void initClient(BaseConnectionParam baseConnectionParam) { protected void initClient(BaseConnectionParam baseConnectionParam) {
logger.info("Create Configuration for hive configuration.");
this.hadoopConf = createHadoopConf();
logger.info("Create Configuration success.");
logger.info("Create UserGroupInformation."); logger.info("Create UserGroupInformation.");
this.ugi = createUserGroupInformation(baseConnectionParam.getUser()); this.ugi = createUserGroupInformation(baseConnectionParam.getUser());
logger.info("Create ugi success."); logger.info("Create ugi success.");
@ -73,6 +91,15 @@ public class HiveDataSourceClient extends CommonDataSourceClient {
String krb5File = PropertyUtils.getString(JAVA_SECURITY_KRB5_CONF_PATH); String krb5File = PropertyUtils.getString(JAVA_SECURITY_KRB5_CONF_PATH);
if (StringUtils.isNotBlank(krb5File)) { if (StringUtils.isNotBlank(krb5File)) {
System.setProperty(JAVA_SECURITY_KRB5_CONF, krb5File); System.setProperty(JAVA_SECURITY_KRB5_CONF, krb5File);
try {
Config.refresh();
Class<?> kerberosName = Class.forName("org.apache.hadoop.security.authentication.util.KerberosName");
Field field = kerberosName.getDeclaredField("defaultRealm");
field.setAccessible(true);
field.set(null, Config.getInstance().getDefaultRealm());
} catch (Exception e) {
throw new RuntimeException("Update Kerberos environment failed.", e);
}
} }
} }
@ -80,15 +107,38 @@ public class HiveDataSourceClient extends CommonDataSourceClient {
String krb5File = PropertyUtils.getString(Constants.JAVA_SECURITY_KRB5_CONF_PATH); String krb5File = PropertyUtils.getString(Constants.JAVA_SECURITY_KRB5_CONF_PATH);
String keytab = PropertyUtils.getString(Constants.LOGIN_USER_KEY_TAB_PATH); String keytab = PropertyUtils.getString(Constants.LOGIN_USER_KEY_TAB_PATH);
String principal = PropertyUtils.getString(Constants.LOGIN_USER_KEY_TAB_USERNAME); String principal = PropertyUtils.getString(Constants.LOGIN_USER_KEY_TAB_USERNAME);
try { try {
return CommonUtil.createUGI(getHadoopConf(), principal, keytab, krb5File, username); UserGroupInformation ugi = CommonUtil.createUGI(getHadoopConf(), principal, keytab, krb5File, username);
try {
Field isKeytabField = ugi.getClass().getDeclaredField("isKeytab");
isKeytabField.setAccessible(true);
isKeytabField.set(ugi, true);
} catch (NoSuchFieldException | IllegalAccessException e) {
logger.warn(e.getMessage());
}
kerberosRenewalService.scheduleWithFixedDelay(() -> {
try {
ugi.checkTGTAndReloginFromKeytab();
} catch (IOException e) {
logger.error("Check TGT and Renewal from Keytab error", e);
}
}, 5, 5, TimeUnit.MINUTES);
return ugi;
} catch (IOException e) { } catch (IOException e) {
throw new RuntimeException("createUserGroupInformation fail. ", e); throw new RuntimeException("createUserGroupInformation fail. ", e);
} }
} }
protected Configuration createHadoopConf() {
Configuration hadoopConf = new Configuration();
hadoopConf.setBoolean("ipc.client.fallback-to-simple-auth-allowed", true);
return hadoopConf;
}
protected Configuration getHadoopConf() { protected Configuration getHadoopConf() {
return new Configuration(); return this.hadoopConf;
} }
@Override @Override
@ -104,7 +154,10 @@ public class HiveDataSourceClient extends CommonDataSourceClient {
@Override @Override
public void close() { public void close() {
super.close(); super.close();
logger.info("close HiveDataSourceClient."); logger.info("close HiveDataSourceClient.");
kerberosRenewalService.shutdown();
this.ugi = null;
this.oneSessionDataSource.close(); this.oneSessionDataSource.close();
this.oneSessionDataSource = null; this.oneSessionDataSource = null;

Loading…
Cancel
Save