基於kerberos的hdfs和hbase登入
阿新 • • 發佈:2019-01-25
import java.io.IOException; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.Path; import org.apache.hadoop.hbase.HBaseConfiguration; import org.apache.hadoop.hbase.client.Admin; import org.apache.hadoop.hbase.client.Connection; import org.apache.hadoop.hbase.client.ConnectionFactory; import org.apache.hadoop.security.UserGroupInformation; import org.apache.log4j.Logger; import com.xxx.hdfs.utils.CfgUtils; import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION; public class HadoopLogin { private static Logger log = Logger.getLogger(HadoopLogin.class); private static final String JAVA_SECURITY_KRB5_CONF_KEY = "java.security.krb5.conf"; private static String HADOOP_CORE_SITE_XML = "hadoop.core.site.xml"; private static String HADOOP_HDFS_SITE_XML = "hadoop.hdfs.site.xml"; public static final String REALM_NAME = "kerberos.principal.realm"; public static final String KERBEROS_CONF_PATH = "kerberos.conf.path"; public static final String HADOOP_SECURITY_KERBEROS = "kerberos"; public static final String USERNAME_CLIENT_KEYTAB_FILE = "username.client.keytab.file"; public static final String USERNAME_CLIENT_KEYTAB_PRINCIPAL = "username.client.kerberos.principal"; public static final String KEYTAB_FILE_KEY = "hdfs.keytab.file"; public static final String USER_NAME_KEY = "hdfs.kerberos.principal"; private static String hadoopCoreXml; private static String hadoopHdfsXml; private static String kerberosconfpath; private static String PRINCIPAL_REALM; private static String HBASE_SITE_XML = "hbase.site.xml"; private static final String HADOOP_SECURITY_AUTHENTICATION = "hadoop.security.authentication"; private static String hbaseXml; public static Admin admin; public static Connection connection; static { CfgUtils cfg = new CfgUtils(); hadoopCoreXml = cfg.getProperty(HADOOP_CORE_SITE_XML); hadoopHdfsXml = cfg.getProperty(HADOOP_HDFS_SITE_XML); kerberosconfpath = cfg.getProperty(KERBEROS_CONF_PATH); PRINCIPAL_REALM = cfg.getProperty(REALM_NAME); hbaseXml = cfg.getProperty(HBASE_SITE_XML); System.setProperty("java.security.krb5.conf","C:/Program Files (x86)/Java/newhadoop_oozieweb_conf/krb5.conf"); } public HadoopLogin() { } public Configuration loginHdfs(String oozieUser, String keyfile) { log.info("loginHadoop start............oozieUser:" + oozieUser); System.setProperty(JAVA_SECURITY_KRB5_CONF_KEY, kerberosconfpath); Configuration conf = new Configuration(); conf.addResource(new Path(hadoopCoreXml)); conf.addResource(new Path(hadoopHdfsXml)); conf.setBoolean("fs.hdfs.impl.disable.cache", true); if (HADOOP_SECURITY_KERBEROS.equalsIgnoreCase(conf .get(HADOOP_SECURITY_AUTHENTICATION))) { String oozieUser_princ = oozieUser + PRINCIPAL_REALM; conf.set(HADOOP_SECURITY_AUTHENTICATION, "kerberos"); conf.set(HADOOP_SECURITY_AUTHORIZATION, "true"); conf.set(USERNAME_CLIENT_KEYTAB_FILE, keyfile); conf.set(USERNAME_CLIENT_KEYTAB_PRINCIPAL, oozieUser_princ); // UserGroupInformation.setLoginUser(null); // 使用設定的使用者登陸 UserGroupInformation.setConfiguration(conf); try { log.info("before loginUserFromKeytab............oozieUser:"+ oozieUser); UserGroupInformation.loginUserFromKeytab(oozieUser_princ,keyfile); log.info("after loginUserFromKeytab............oozieUser:" + oozieUser); } catch (IOException e) { e.printStackTrace(); } } else { System.setProperty("HADOOP_USER_NAME", oozieUser); conf.set("hadoop.user.name", oozieUser); } return conf; } public static Configuration loginHbase(String oozieUser, String keyfile) { Configuration hbaseConfig = HBaseConfiguration.create(); hbaseConfig.addResource(new Path(hbaseXml)); hbaseConfig.set("hadoop.security.authentication", "kerberos"); hbaseConfig.set("keytab.file", keyfile); hbaseConfig.set("kerberos.principal" , oozieUser+"@ADSERV.COM" ); UserGroupInformation.setConfiguration(hbaseConfig); try { log.info("before loginUserFromKeytab............oozieUser:"+ UserGroupInformation.getCurrentUser()); UserGroupInformation.loginUserFromKeytab(oozieUser + "@ADSERV.COM",keyfile); log.info("after loginUserFromKeytab............oozieUser:" + UserGroupInformation.getLoginUser()); connection = ConnectionFactory.createConnection(hbaseConfig); admin = connection.getAdmin(); } catch (IOException e) { e.printStackTrace(); } return hbaseConfig; } }