HADOOP-7740. Fixed security audit logger configuration. (Arpit Gupta via Eric Yang)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1190452 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
a39992ea63
commit
da1db28e93
@ -516,6 +516,8 @@ Release 0.23.0 - Unreleased
|
|||||||
|
|
||||||
BUG FIXES
|
BUG FIXES
|
||||||
|
|
||||||
|
HADOOP-7740. Fixed security audit logger configuration. (Arpit Gupta via Eric Yang)
|
||||||
|
|
||||||
HADOOP-7630. hadoop-metrics2.properties should have a property *.period
|
HADOOP-7630. hadoop-metrics2.properties should have a property *.period
|
||||||
set to a default value for metrics. (Eric Yang via mattf)
|
set to a default value for metrics. (Eric Yang via mattf)
|
||||||
|
|
||||||
|
@ -103,6 +103,9 @@ case $COMMAND in
|
|||||||
fi
|
fi
|
||||||
shift
|
shift
|
||||||
|
|
||||||
|
#make sure security appender is turned off
|
||||||
|
HADOOP_OPTS="$HADOOP_OPTS -Dhadoop.security.logger=${HADOOP_SECURITY_LOGGER:-INFO,NullAppender}"
|
||||||
|
|
||||||
if $cygwin; then
|
if $cygwin; then
|
||||||
CLASSPATH=`cygpath -p -w "$CLASSPATH"`
|
CLASSPATH=`cygpath -p -w "$CLASSPATH"`
|
||||||
fi
|
fi
|
||||||
|
@ -217,7 +217,6 @@ HADOOP_OPTS="$HADOOP_OPTS -Dhadoop.log.file=$HADOOP_LOGFILE"
|
|||||||
HADOOP_OPTS="$HADOOP_OPTS -Dhadoop.home.dir=$HADOOP_PREFIX"
|
HADOOP_OPTS="$HADOOP_OPTS -Dhadoop.home.dir=$HADOOP_PREFIX"
|
||||||
HADOOP_OPTS="$HADOOP_OPTS -Dhadoop.id.str=$HADOOP_IDENT_STRING"
|
HADOOP_OPTS="$HADOOP_OPTS -Dhadoop.id.str=$HADOOP_IDENT_STRING"
|
||||||
HADOOP_OPTS="$HADOOP_OPTS -Dhadoop.root.logger=${HADOOP_ROOT_LOGGER:-INFO,console}"
|
HADOOP_OPTS="$HADOOP_OPTS -Dhadoop.root.logger=${HADOOP_ROOT_LOGGER:-INFO,console}"
|
||||||
HADOOP_OPTS="$HADOOP_OPTS -Dhadoop.security.logger=${HADOOP_SECURITY_LOGGER:-INFO,console}"
|
|
||||||
if [ "x$JAVA_LIBRARY_PATH" != "x" ]; then
|
if [ "x$JAVA_LIBRARY_PATH" != "x" ]; then
|
||||||
HADOOP_OPTS="$HADOOP_OPTS -Djava.library.path=$JAVA_LIBRARY_PATH"
|
HADOOP_OPTS="$HADOOP_OPTS -Djava.library.path=$JAVA_LIBRARY_PATH"
|
||||||
fi
|
fi
|
||||||
|
@ -44,12 +44,12 @@ done
|
|||||||
export HADOOP_OPTS="-Djava.net.preferIPv4Stack=true $HADOOP_CLIENT_OPTS"
|
export HADOOP_OPTS="-Djava.net.preferIPv4Stack=true $HADOOP_CLIENT_OPTS"
|
||||||
|
|
||||||
# Command specific options appended to HADOOP_OPTS when specified
|
# Command specific options appended to HADOOP_OPTS when specified
|
||||||
export HADOOP_NAMENODE_OPTS="-Dsecurity.audit.logger=INFO,DRFAS -Dhdfs.audit.logger=INFO,DRFAAUDIT $HADOOP_NAMENODE_OPTS"
|
export HADOOP_NAMENODE_OPTS="-Dhadoop.security.logger=INFO,DRFAS -Dhdfs.audit.logger=INFO,DRFAAUDIT $HADOOP_NAMENODE_OPTS"
|
||||||
HADOOP_JOBTRACKER_OPTS="-Dsecurity.audit.logger=INFO,DRFAS -Dmapred.audit.logger=INFO,MRAUDIT -Dmapred.jobsummary.logger=INFO,JSA $HADOOP_JOBTRACKER_OPTS"
|
HADOOP_JOBTRACKER_OPTS="-Dhadoop.security.logger=INFO,DRFAS -Dmapred.audit.logger=INFO,MRAUDIT -Dmapred.jobsummary.logger=INFO,JSA $HADOOP_JOBTRACKER_OPTS"
|
||||||
HADOOP_TASKTRACKER_OPTS="-Dsecurity.audit.logger=ERROR,console -Dmapred.audit.logger=ERROR,console $HADOOP_TASKTRACKER_OPTS"
|
HADOOP_TASKTRACKER_OPTS="-Dhadoop.security.logger=ERROR,console -Dmapred.audit.logger=ERROR,console $HADOOP_TASKTRACKER_OPTS"
|
||||||
HADOOP_DATANODE_OPTS="-Dsecurity.audit.logger=ERROR,DRFAS $HADOOP_DATANODE_OPTS"
|
HADOOP_DATANODE_OPTS="-Dhadoop.security.logger=ERROR,DRFAS $HADOOP_DATANODE_OPTS"
|
||||||
|
|
||||||
export HADOOP_SECONDARYNAMENODE_OPTS="-Dsecurity.audit.logger=INFO,DRFAS -Dhdfs.audit.logger=INFO,DRFAAUDIT $HADOOP_SECONDARYNAMENODE_OPTS"
|
export HADOOP_SECONDARYNAMENODE_OPTS="-Dhadoop.security.logger=INFO,DRFAS -Dhdfs.audit.logger=INFO,DRFAAUDIT $HADOOP_SECONDARYNAMENODE_OPTS"
|
||||||
|
|
||||||
# The following applies to multiple commands (fs, dfs, fsck, distcp etc)
|
# The following applies to multiple commands (fs, dfs, fsck, distcp etc)
|
||||||
export HADOOP_CLIENT_OPTS="-Xmx128m $HADOOP_CLIENT_OPTS"
|
export HADOOP_CLIENT_OPTS="-Xmx128m $HADOOP_CLIENT_OPTS"
|
||||||
|
@ -81,7 +81,8 @@ log4j.appender.TLA.layout.ConversionPattern=%d{ISO8601} %p %c: %m%n
|
|||||||
#
|
#
|
||||||
#Security appender
|
#Security appender
|
||||||
#
|
#
|
||||||
security.audit.logger=INFO,console
|
hadoop.security.logger=INFO,console
|
||||||
|
log4j.category.SecurityLogger=${hadoop.security.logger}
|
||||||
hadoop.security.log.file=SecurityAuth.audit
|
hadoop.security.log.file=SecurityAuth.audit
|
||||||
log4j.appender.DRFAS=org.apache.log4j.DailyRollingFileAppender
|
log4j.appender.DRFAS=org.apache.log4j.DailyRollingFileAppender
|
||||||
log4j.appender.DRFAS.File=${hadoop.log.dir}/${hadoop.security.log.file}
|
log4j.appender.DRFAS.File=${hadoop.log.dir}/${hadoop.security.log.file}
|
||||||
@ -89,9 +90,6 @@ log4j.appender.DRFAS.layout=org.apache.log4j.PatternLayout
|
|||||||
log4j.appender.DRFAS.layout.ConversionPattern=%d{ISO8601} %p %c: %m%n
|
log4j.appender.DRFAS.layout.ConversionPattern=%d{ISO8601} %p %c: %m%n
|
||||||
log4j.appender.DRFAS.DatePattern=.yyyy-MM-dd
|
log4j.appender.DRFAS.DatePattern=.yyyy-MM-dd
|
||||||
|
|
||||||
#new logger
|
|
||||||
# Define some default values that can be overridden by system properties
|
|
||||||
hadoop.security.logger=INFO,console
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# hdfs audit logging
|
# hdfs audit logging
|
||||||
|
@ -110,6 +110,13 @@ if $cygwin; then
|
|||||||
fi
|
fi
|
||||||
export CLASSPATH=$CLASSPATH
|
export CLASSPATH=$CLASSPATH
|
||||||
|
|
||||||
|
#turn security logger on the namenode
|
||||||
|
if [ $COMMAND = "namenode" ]; then
|
||||||
|
HADOOP_OPTS="$HADOOP_OPTS -Dhadoop.security.logger=${HADOOP_SECURITY_LOGGER:-INFO,DRFAS}"
|
||||||
|
else
|
||||||
|
HADOOP_OPTS="$HADOOP_OPTS -Dhadoop.security.logger=${HADOOP_SECURITY_LOGGER:-INFO,NullAppender}"
|
||||||
|
fi
|
||||||
|
|
||||||
# Check to see if we should start a secure datanode
|
# Check to see if we should start a secure datanode
|
||||||
if [ "$starting_secure_dn" = "true" ]; then
|
if [ "$starting_secure_dn" = "true" ]; then
|
||||||
if [ "$HADOOP_PID_DIR" = "" ]; then
|
if [ "$HADOOP_PID_DIR" = "" ]; then
|
||||||
|
@ -115,5 +115,12 @@ if [ "$COMMAND" = "classpath" ] ; then
|
|||||||
exit
|
exit
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
#turn security logger on the jobtracker
|
||||||
|
if [ $COMMAND = "jobtracker" ]; then
|
||||||
|
HADOOP_OPTS="$HADOOP_OPTS -Dhadoop.security.logger=${HADOOP_SECURITY_LOGGER:-INFO,DRFAS}"
|
||||||
|
else
|
||||||
|
HADOOP_OPTS="$HADOOP_OPTS -Dhadoop.security.logger=${HADOOP_SECURITY_LOGGER:-INFO,NullAppender}"
|
||||||
|
fi
|
||||||
|
|
||||||
export CLASSPATH
|
export CLASSPATH
|
||||||
exec "$JAVA" $JAVA_HEAP_MAX $HADOOP_OPTS $CLASS "$@"
|
exec "$JAVA" $JAVA_HEAP_MAX $HADOOP_OPTS $CLASS "$@"
|
||||||
|
Loading…
Reference in New Issue
Block a user