HDFS-14051. Refactor NameNodeHttpServer#initWebHdfs to specify local keytab. Contributed by CR Hota.

This commit is contained in:
Inigo Goiri 2018-11-06 10:05:58 -08:00
parent 3d5cc1138a
commit f0ce072934
2 changed files with 9 additions and 8 deletions

View File

@ -89,8 +89,8 @@ protected void serviceStart() throws Exception {
this.httpServer = builder.build(); this.httpServer = builder.build();
NameNodeHttpServer.initWebHdfs(conf, httpAddress.getHostName(), httpServer, NameNodeHttpServer.initWebHdfs(conf, httpAddress.getHostName(), null,
RouterWebHdfsMethods.class.getPackage().getName()); httpServer, RouterWebHdfsMethods.class.getPackage().getName());
this.httpServer.setAttribute(NAMENODE_ATTRIBUTE_KEY, this.router); this.httpServer.setAttribute(NAMENODE_ATTRIBUTE_KEY, this.router);
this.httpServer.setAttribute(JspHelper.CURRENT_CONF, this.conf); this.httpServer.setAttribute(JspHelper.CURRENT_CONF, this.conf);

View File

@ -77,6 +77,7 @@ public class NameNodeHttpServer {
} }
public static void initWebHdfs(Configuration conf, String hostname, public static void initWebHdfs(Configuration conf, String hostname,
String httpKeytab,
HttpServer2 httpServer2, String jerseyResourcePackage) HttpServer2 httpServer2, String jerseyResourcePackage)
throws IOException { throws IOException {
// set user pattern based on configuration file // set user pattern based on configuration file
@ -94,7 +95,8 @@ public static void initWebHdfs(Configuration conf, String hostname,
final String name = className; final String name = className;
final String pathSpec = WebHdfsFileSystem.PATH_PREFIX + "/*"; final String pathSpec = WebHdfsFileSystem.PATH_PREFIX + "/*";
Map<String, String> params = getAuthFilterParams(conf, hostname); Map<String, String> params = getAuthFilterParams(conf, hostname,
httpKeytab);
HttpServer2.defineFilter(httpServer2.getWebAppContext(), name, className, HttpServer2.defineFilter(httpServer2.getWebAppContext(), name, className,
params, new String[] { pathSpec }); params, new String[] { pathSpec });
HttpServer2.LOG.info("Added filter '" + name + "' (class=" + className HttpServer2.LOG.info("Added filter '" + name + "' (class=" + className
@ -167,8 +169,9 @@ void start() throws IOException {
httpServer.setAttribute(DFSConfigKeys.DFS_DATANODE_HTTPS_PORT_KEY, httpServer.setAttribute(DFSConfigKeys.DFS_DATANODE_HTTPS_PORT_KEY,
datanodeSslPort.getPort()); datanodeSslPort.getPort());
} }
String httpKeytab = conf.get(DFSUtil.getSpnegoKeytabKey(conf,
initWebHdfs(conf, bindAddress.getHostName(), httpServer, DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY));
initWebHdfs(conf, bindAddress.getHostName(), httpKeytab, httpServer,
NamenodeWebHdfsMethods.class.getPackage().getName()); NamenodeWebHdfsMethods.class.getPackage().getName());
httpServer.setAttribute(NAMENODE_ATTRIBUTE_KEY, nn); httpServer.setAttribute(NAMENODE_ATTRIBUTE_KEY, nn);
@ -191,7 +194,7 @@ void start() throws IOException {
} }
private static Map<String, String> getAuthFilterParams(Configuration conf, private static Map<String, String> getAuthFilterParams(Configuration conf,
String hostname) throws IOException { String hostname, String httpKeytab) throws IOException {
Map<String, String> params = new HashMap<String, String>(); Map<String, String> params = new HashMap<String, String>();
// Select configs beginning with 'dfs.web.authentication.' // Select configs beginning with 'dfs.web.authentication.'
Iterator<Map.Entry<String, String>> iterator = conf.iterator(); Iterator<Map.Entry<String, String>> iterator = conf.iterator();
@ -214,8 +217,6 @@ private static Map<String, String> getAuthFilterParams(Configuration conf,
DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY + DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY +
"' is not set."); "' is not set.");
} }
String httpKeytab = conf.get(DFSUtil.getSpnegoKeytabKey(conf,
DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY));
if (httpKeytab != null && !httpKeytab.isEmpty()) { if (httpKeytab != null && !httpKeytab.isEmpty()) {
params.put( params.put(
DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY, DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY,