From 57ea80c0c355752304d0eb7dabc9452ceeebc6c3 Mon Sep 17 00:00:00 2001 From: Prabhjyot Singh Date: Tue, 27 Jun 2017 14:25:13 +0530 Subject: [PATCH 1/6] apply KerberosInterpreter to JDBCInterpreter --- .../apache/zeppelin/jdbc/JDBCInterpreter.java | 74 +++++++++---------- 1 file changed, 33 insertions(+), 41 deletions(-) diff --git a/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java b/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java index 72d7981764d..44b27a2b170 100644 --- a/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java +++ b/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java @@ -50,6 +50,7 @@ import org.apache.zeppelin.interpreter.InterpreterException; import org.apache.zeppelin.interpreter.InterpreterResult; import org.apache.zeppelin.interpreter.InterpreterResult.Code; +import org.apache.zeppelin.interpreter.KerberosInterpreter; import org.apache.zeppelin.interpreter.ResultMessages; import org.apache.zeppelin.interpreter.thrift.InterpreterCompletion; import org.apache.zeppelin.jdbc.security.JDBCSecurityImpl; @@ -89,7 +90,7 @@ * } *

*/ -public class JDBCInterpreter extends Interpreter { +public class JDBCInterpreter extends KerberosInterpreter { private Logger logger = LoggerFactory.getLogger(JDBCInterpreter.class); @@ -147,6 +148,24 @@ public JDBCInterpreter(Properties property) { maxLineResults = MAX_LINE_DEFAULT; } + @Override + protected boolean runKerberosLogin() { + try { + UserGroupInformation.AuthenticationMethod authType = JDBCSecurityImpl.getAuthtype(property); + if (authType.equals(KERBEROS)) { + if (UserGroupInformation.isLoginKeytabBased()) { + UserGroupInformation.getLoginUser().reloginFromKeytab(); + } else if (UserGroupInformation.isLoginTicketBased()) { + UserGroupInformation.getLoginUser().reloginFromTicketCache(); + } + } + } catch (Exception e) { + logger.error("Unable to run kinit for zeppelin", e); + return false; + } + return true; + } + public HashMap getPropertiesMap() { return basePropretiesMap; } @@ -188,6 +207,11 @@ public void open() { logger.debug("JDBC PropretiesMap: {}", basePropretiesMap); setMaxLineResults(); + + UserGroupInformation.AuthenticationMethod authType = JDBCSecurityImpl.getAuthtype(property); + if (authType.equals(KERBEROS)) { + startKerberosLoginThread(); + } } private void setMaxLineResults() { @@ -709,49 +733,17 @@ private InterpreterResult executeSql(String propertyKey, String sql, } getJDBCConfiguration(user).removeStatement(paragraphId); } catch (Throwable e) { - if (e.getCause() instanceof TTransportException && - Throwables.getStackTraceAsString(e).contains("GSS") && - getJDBCConfiguration(user).isConnectionInDBDriverPoolSuccessful(propertyKey)) { - return reLoginFromKeytab(propertyKey, sql, interpreterContext, interpreterResult); - } else { - logger.error("Cannot run " + sql, e); - String errorMsg = Throwables.getStackTraceAsString(e); - try { - closeDBPool(user, propertyKey); - } catch (SQLException e1) { - logger.error("Cannot close DBPool for user, propertyKey: " + user + propertyKey, e1); - } - interpreterResult.add(errorMsg); - return new InterpreterResult(Code.ERROR, interpreterResult.message()); - } - } - return interpreterResult; - } - - private InterpreterResult reLoginFromKeytab(String propertyKey, String sql, - InterpreterContext interpreterContext, InterpreterResult interpreterResult) { - String user = interpreterContext.getAuthenticationInfo().getUser(); - try { - closeDBPool(user, propertyKey); - } catch (SQLException e) { - logger.error("Error, could not close DB pool in reLoginFromKeytab ", e); - } - UserGroupInformation.AuthenticationMethod authType = - JDBCSecurityImpl.getAuthtype(property); - if (authType.equals(KERBEROS)) { + logger.error("Cannot run " + sql, e); + String errorMsg = Throwables.getStackTraceAsString(e); try { - if (UserGroupInformation.isLoginKeytabBased()) { - UserGroupInformation.getLoginUser().reloginFromKeytab(); - } else if (UserGroupInformation.isLoginTicketBased()) { - UserGroupInformation.getLoginUser().reloginFromTicketCache(); - } - } catch (IOException e) { - logger.error("Cannot reloginFromKeytab " + sql, e); - interpreterResult.add(e.getMessage()); - return new InterpreterResult(Code.ERROR, interpreterResult.message()); + closeDBPool(user, propertyKey); + } catch (SQLException e1) { + logger.error("Cannot close DBPool for user, propertyKey: " + user + propertyKey, e1); } + interpreterResult.add(errorMsg); + return new InterpreterResult(Code.ERROR, interpreterResult.message()); } - return executeSql(propertyKey, sql, interpreterContext); + return interpreterResult; } /** From 7f8b8672b691ae841d353fb20f4da5c37658de57 Mon Sep 17 00:00:00 2001 From: prabhjyotsingh Date: Fri, 30 Jun 2017 20:56:50 +0530 Subject: [PATCH 2/6] call `startKerberosLoginThread` and `shutdownExecutorService` in parent class --- .../apache/zeppelin/jdbc/JDBCInterpreter.java | 9 +++++- .../zeppelin/shell/ShellInterpreter.java | 16 ++++++---- .../interpreter/KerberosInterpreter.java | 29 ++++++++++++++----- 3 files changed, 41 insertions(+), 13 deletions(-) diff --git a/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java b/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java index 44b27a2b170..4f87ae27a64 100644 --- a/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java +++ b/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java @@ -172,6 +172,7 @@ public HashMap getPropertiesMap() { @Override public void open() { + super.open(); for (String propertyKey : property.stringPropertyNames()) { logger.debug("propertyKey: {}", propertyKey); String[] keyValue = propertyKey.split("\\.", 2); @@ -207,13 +208,18 @@ public void open() { logger.debug("JDBC PropretiesMap: {}", basePropretiesMap); setMaxLineResults(); + } + + protected boolean isKerboseEnabled() { UserGroupInformation.AuthenticationMethod authType = JDBCSecurityImpl.getAuthtype(property); if (authType.equals(KERBEROS)) { - startKerberosLoginThread(); + return true; } + return false; } + private void setMaxLineResults() { if (basePropretiesMap.containsKey(COMMON_KEY) && basePropretiesMap.get(COMMON_KEY).containsKey(MAX_LINE_KEY)) { @@ -283,6 +289,7 @@ private void initConnectionPoolMap() { @Override public void close() { + super.close(); try { initStatementMap(); initConnectionPoolMap(); diff --git a/shell/src/main/java/org/apache/zeppelin/shell/ShellInterpreter.java b/shell/src/main/java/org/apache/zeppelin/shell/ShellInterpreter.java index 79fc3a35bed..4b53037b283 100644 --- a/shell/src/main/java/org/apache/zeppelin/shell/ShellInterpreter.java +++ b/shell/src/main/java/org/apache/zeppelin/shell/ShellInterpreter.java @@ -57,17 +57,14 @@ public ShellInterpreter(Properties property) { @Override public void open() { + super.open(); LOGGER.info("Command timeout property: {}", getProperty(TIMEOUT_PROPERTY)); executors = new ConcurrentHashMap<>(); - if (!StringUtils.isAnyEmpty(getProperty("zeppelin.shell.auth.type"))) { - startKerberosLoginThread(); - } } @Override public void close() { - shutdownExecutorService(); - + super.close(); for (String executorKey : executors.keySet()) { DefaultExecutor executor = executors.remove(executorKey); if (executor != null) { @@ -171,4 +168,13 @@ protected boolean runKerberosLogin() { return true; } + @Override + protected boolean isKerboseEnabled() { + if (!StringUtils.isAnyEmpty(getProperty("zeppelin.shell.auth.type")) && getProperty( + "zeppelin.shell.auth.type").equalsIgnoreCase("kerberos")) { + return true; + } + return false; + } + } diff --git a/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/KerberosInterpreter.java b/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/KerberosInterpreter.java index 4673e480738..cecb2587192 100644 --- a/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/KerberosInterpreter.java +++ b/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/KerberosInterpreter.java @@ -38,8 +38,8 @@ public abstract class KerberosInterpreter extends Interpreter { private Integer kinitFailCount = 0; - protected ScheduledExecutorService scheduledExecutorService; - public static Logger logger = LoggerFactory.getLogger(KerberosInterpreter.class); + private ScheduledExecutorService scheduledExecutorService; + private static Logger logger = LoggerFactory.getLogger(KerberosInterpreter.class); public KerberosInterpreter(Properties property) { super(property); @@ -48,7 +48,22 @@ public KerberosInterpreter(Properties property) { @ZeppelinApi protected abstract boolean runKerberosLogin(); - public String getKerberosRefreshInterval() { + @ZeppelinApi + protected abstract boolean isKerboseEnabled(); + + public void open() { + if (isKerboseEnabled()) { + startKerberosLoginThread(); + } + } + + public void close() { + if (isKerboseEnabled()) { + shutdownExecutorService(); + } + } + + private String getKerberosRefreshInterval() { if (System.getenv("KERBEROS_REFRESH_INTERVAL") == null) { return "1d"; } else { @@ -56,7 +71,7 @@ public String getKerberosRefreshInterval() { } } - public Integer kinitFailThreshold() { + private Integer kinitFailThreshold() { if (System.getenv("KINIT_FAIL_THRESHOLD") == null) { return 5; } else { @@ -64,7 +79,7 @@ public Integer kinitFailThreshold() { } } - public Long getTimeAsMs(String time) { + private Long getTimeAsMs(String time) { if (time == null) { logger.error("Cannot convert to time value.", time); time = "1d"; @@ -86,7 +101,7 @@ public Long getTimeAsMs(String time) { suffix != null ? Constants.TIME_SUFFIXES.get(suffix) : TimeUnit.MILLISECONDS); } - protected ScheduledExecutorService startKerberosLoginThread() { + private ScheduledExecutorService startKerberosLoginThread() { scheduledExecutorService = Executors.newScheduledThreadPool(1); scheduledExecutorService.schedule(new Callable() { @@ -116,7 +131,7 @@ public Object call() throws Exception { return scheduledExecutorService; } - protected void shutdownExecutorService() { + private void shutdownExecutorService() { if (scheduledExecutorService != null) { scheduledExecutorService.shutdown(); } From 7fe883c3e93829661b0a21f5677624c3b516e003 Mon Sep 17 00:00:00 2001 From: Prabhjyot Singh Date: Wed, 5 Jul 2017 13:54:32 +0530 Subject: [PATCH 3/6] @zjffdu review comments --- .../apache/zeppelin/jdbc/JDBCInterpreter.java | 11 ++-- .../zeppelin/shell/ShellInterpreter.java | 21 ++++++- .../shell/security/ShellSecurityImpl.java | 59 ------------------- .../interpreter/KerberosInterpreter.java | 5 +- 4 files changed, 27 insertions(+), 69 deletions(-) delete mode 100644 shell/src/main/java/org/apache/zeppelin/shell/security/ShellSecurityImpl.java diff --git a/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java b/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java index 4f87ae27a64..c41428d8a67 100644 --- a/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java +++ b/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java @@ -151,13 +151,10 @@ public JDBCInterpreter(Properties property) { @Override protected boolean runKerberosLogin() { try { - UserGroupInformation.AuthenticationMethod authType = JDBCSecurityImpl.getAuthtype(property); - if (authType.equals(KERBEROS)) { - if (UserGroupInformation.isLoginKeytabBased()) { - UserGroupInformation.getLoginUser().reloginFromKeytab(); - } else if (UserGroupInformation.isLoginTicketBased()) { - UserGroupInformation.getLoginUser().reloginFromTicketCache(); - } + if (UserGroupInformation.isLoginKeytabBased()) { + UserGroupInformation.getLoginUser().reloginFromKeytab(); + } else if (UserGroupInformation.isLoginTicketBased()) { + UserGroupInformation.getLoginUser().reloginFromTicketCache(); } } catch (Exception e) { logger.error("Unable to run kinit for zeppelin", e); diff --git a/shell/src/main/java/org/apache/zeppelin/shell/ShellInterpreter.java b/shell/src/main/java/org/apache/zeppelin/shell/ShellInterpreter.java index 4b53037b283..3163e5e5f74 100644 --- a/shell/src/main/java/org/apache/zeppelin/shell/ShellInterpreter.java +++ b/shell/src/main/java/org/apache/zeppelin/shell/ShellInterpreter.java @@ -31,13 +31,13 @@ import org.apache.commons.exec.PumpStreamHandler; import org.apache.commons.lang3.StringUtils; import org.apache.zeppelin.interpreter.InterpreterContext; +import org.apache.zeppelin.interpreter.InterpreterException; import org.apache.zeppelin.interpreter.KerberosInterpreter; import org.apache.zeppelin.interpreter.InterpreterResult; import org.apache.zeppelin.interpreter.InterpreterResult.Code; import org.apache.zeppelin.interpreter.thrift.InterpreterCompletion; import org.apache.zeppelin.scheduler.Scheduler; import org.apache.zeppelin.scheduler.SchedulerFactory; -import org.apache.zeppelin.shell.security.ShellSecurityImpl; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -160,7 +160,7 @@ public List completion(String buf, int cursor, @Override protected boolean runKerberosLogin() { try { - ShellSecurityImpl.createSecureConfiguration(getProperty(), shell); + createSecureConfiguration(); } catch (Exception e) { LOGGER.error("Unable to run kinit for zeppelin", e); return false; @@ -168,6 +168,23 @@ protected boolean runKerberosLogin() { return true; } + public void createSecureConfiguration() { + Properties properties = getProperty(); + CommandLine cmdLine = CommandLine.parse(shell); + cmdLine.addArgument("-c", false); + String kinitCommand = String.format("kinit -k -t %s %s", + properties.getProperty("zeppelin.shell.keytab.location"), + properties.getProperty("zeppelin.shell.principal")); + cmdLine.addArgument(kinitCommand, false); + DefaultExecutor executor = new DefaultExecutor(); + try { + executor.execute(cmdLine); + } catch (Exception e) { + LOGGER.error("Unable to run kinit for zeppelin user " + kinitCommand, e); + throw new InterpreterException(e); + } + } + @Override protected boolean isKerboseEnabled() { if (!StringUtils.isAnyEmpty(getProperty("zeppelin.shell.auth.type")) && getProperty( diff --git a/shell/src/main/java/org/apache/zeppelin/shell/security/ShellSecurityImpl.java b/shell/src/main/java/org/apache/zeppelin/shell/security/ShellSecurityImpl.java deleted file mode 100644 index ecfdb0c28d8..00000000000 --- a/shell/src/main/java/org/apache/zeppelin/shell/security/ShellSecurityImpl.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.zeppelin.shell.security; - -import org.apache.commons.exec.CommandLine; -import org.apache.commons.exec.DefaultExecutor; -import org.apache.zeppelin.interpreter.InterpreterException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.util.Properties; - - -/*** - * Shell security helper - */ -public class ShellSecurityImpl { - - private static Logger LOGGER = LoggerFactory.getLogger(ShellSecurityImpl.class); - - public static void createSecureConfiguration(Properties properties, String shell) { - - String authType = properties.getProperty("zeppelin.shell.auth.type") - .trim().toUpperCase(); - - switch (authType) { - case "KERBEROS": - CommandLine cmdLine = CommandLine.parse(shell); - cmdLine.addArgument("-c", false); - String kinitCommand = String.format("kinit -k -t %s %s", - properties.getProperty("zeppelin.shell.keytab.location"), - properties.getProperty("zeppelin.shell.principal")); - cmdLine.addArgument(kinitCommand, false); - DefaultExecutor executor = new DefaultExecutor(); - - try { - int exitVal = executor.execute(cmdLine); - } catch (Exception e) { - LOGGER.error("Unable to run kinit for zeppelin user " + kinitCommand, e); - throw new InterpreterException(e); - } - } - } -} diff --git a/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/KerberosInterpreter.java b/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/KerberosInterpreter.java index cecb2587192..2f96e8f827e 100644 --- a/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/KerberosInterpreter.java +++ b/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/KerberosInterpreter.java @@ -31,7 +31,10 @@ /** * Interpreter wrapper for Kerberos initialization * - * runKerberosLogin() method you need to implement that determine Zeppelin's behavior. + * runKerberosLogin() method you need to implement that determine how should this interpeter do a + * kinit for this interpreter. + * isKerboseEnabled() method needs to implement which determines if the kerberos is enabled for that + * interpreter. * startKerberosLoginThread() needs to be called inside the open() and * shutdownExecutorService() inside close(). */ From 582372744af6aeba3aba85830e000e3bd2727194 Mon Sep 17 00:00:00 2001 From: Prabhjyot Singh Date: Wed, 5 Jul 2017 20:41:41 +0530 Subject: [PATCH 4/6] change schedule to submit so it runs without wait for the first time. LAUNCH_KERBEROS_REFRESH_INTERVAL to KERBEROS_REFRESH_INTERVAL --- conf/zeppelin-env.sh.template | 2 +- .../org/apache/zeppelin/interpreter/KerberosInterpreter.java | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/conf/zeppelin-env.sh.template b/conf/zeppelin-env.sh.template index a9eccf6062a..c1a9f06aca8 100644 --- a/conf/zeppelin-env.sh.template +++ b/conf/zeppelin-env.sh.template @@ -56,7 +56,7 @@ ## Kerberos ticket refresh setting ## #export KINIT_FAIL_THRESHOLD # (optional) How many times should kinit retry. The default value is 5. -#export LAUNCH_KERBEROS_REFRESH_INTERVAL # (optional) The refresh interval for Kerberos ticket. The default value is 1d. +#export KERBEROS_REFRESH_INTERVAL # (optional) The refresh interval for Kerberos ticket. The default value is 1d. ## Use provided spark installation ## ## defining SPARK_HOME makes Zeppelin run spark interpreter process using spark-submit diff --git a/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/KerberosInterpreter.java b/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/KerberosInterpreter.java index 2f96e8f827e..81c9c81f4c7 100644 --- a/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/KerberosInterpreter.java +++ b/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/KerberosInterpreter.java @@ -107,7 +107,7 @@ private Long getTimeAsMs(String time) { private ScheduledExecutorService startKerberosLoginThread() { scheduledExecutorService = Executors.newScheduledThreadPool(1); - scheduledExecutorService.schedule(new Callable() { + scheduledExecutorService.submit(new Callable() { public Object call() throws Exception { if (runKerberosLogin()) { @@ -129,7 +129,7 @@ public Object call() throws Exception { } return null; } - }, getTimeAsMs(getKerberosRefreshInterval()), TimeUnit.MILLISECONDS); + }); return scheduledExecutorService; } From a5a54d4667625df82954c26baac6b4f2a7da8a29 Mon Sep 17 00:00:00 2001 From: Prabhjyot Singh Date: Wed, 5 Jul 2017 20:57:52 +0530 Subject: [PATCH 5/6] runKerberosLogin block should return false --- .../main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java | 5 +++-- .../java/org/apache/zeppelin/shell/ShellInterpreter.java | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java b/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java index c41428d8a67..948914ff190 100644 --- a/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java +++ b/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java @@ -153,14 +153,15 @@ protected boolean runKerberosLogin() { try { if (UserGroupInformation.isLoginKeytabBased()) { UserGroupInformation.getLoginUser().reloginFromKeytab(); + return true; } else if (UserGroupInformation.isLoginTicketBased()) { UserGroupInformation.getLoginUser().reloginFromTicketCache(); + return true; } } catch (Exception e) { logger.error("Unable to run kinit for zeppelin", e); - return false; } - return true; + return false; } public HashMap getPropertiesMap() { diff --git a/shell/src/main/java/org/apache/zeppelin/shell/ShellInterpreter.java b/shell/src/main/java/org/apache/zeppelin/shell/ShellInterpreter.java index 3163e5e5f74..07eed5f9ef1 100644 --- a/shell/src/main/java/org/apache/zeppelin/shell/ShellInterpreter.java +++ b/shell/src/main/java/org/apache/zeppelin/shell/ShellInterpreter.java @@ -161,11 +161,11 @@ public List completion(String buf, int cursor, protected boolean runKerberosLogin() { try { createSecureConfiguration(); + return true; } catch (Exception e) { LOGGER.error("Unable to run kinit for zeppelin", e); - return false; } - return true; + return false; } public void createSecureConfiguration() { From 835b4bd03d6a74a84cedf53117e83658dfdc0d08 Mon Sep 17 00:00:00 2001 From: Prabhjyot Singh Date: Wed, 5 Jul 2017 21:14:53 +0530 Subject: [PATCH 6/6] check for invalid user input; in case of error fall back to default values --- conf/zeppelin-env.sh.template | 2 +- .../interpreter/KerberosInterpreter.java | 42 ++++++++++++++----- 2 files changed, 33 insertions(+), 11 deletions(-) diff --git a/conf/zeppelin-env.sh.template b/conf/zeppelin-env.sh.template index c1a9f06aca8..7bc38d633e1 100644 --- a/conf/zeppelin-env.sh.template +++ b/conf/zeppelin-env.sh.template @@ -56,7 +56,7 @@ ## Kerberos ticket refresh setting ## #export KINIT_FAIL_THRESHOLD # (optional) How many times should kinit retry. The default value is 5. -#export KERBEROS_REFRESH_INTERVAL # (optional) The refresh interval for Kerberos ticket. The default value is 1d. +#export KERBEROS_REFRESH_INTERVAL # (optional) The refresh interval for Kerberos ticket. The default value is 1d. ## Use provided spark installation ## ## defining SPARK_HOME makes Zeppelin run spark interpreter process using spark-submit diff --git a/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/KerberosInterpreter.java b/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/KerberosInterpreter.java index 81c9c81f4c7..4da5ef575c7 100644 --- a/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/KerberosInterpreter.java +++ b/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/KerberosInterpreter.java @@ -37,6 +37,12 @@ * interpreter. * startKerberosLoginThread() needs to be called inside the open() and * shutdownExecutorService() inside close(). + * + * + * Environment variables defined in zeppelin-env.sh + * KERBEROS_REFRESH_INTERVAL controls the refresh interval for Kerberos ticket. The default value + * is 1d. + * KINIT_FAIL_THRESHOLD controls how many times should kinit retry. The default value is 5. */ public abstract class KerberosInterpreter extends Interpreter { @@ -66,20 +72,36 @@ public void close() { } } - private String getKerberosRefreshInterval() { - if (System.getenv("KERBEROS_REFRESH_INTERVAL") == null) { - return "1d"; - } else { - return System.getenv("KERBEROS_REFRESH_INTERVAL"); + private Long getKerberosRefreshInterval() { + Long refreshInterval; + String refreshIntervalString = "1d"; + //defined in zeppelin-env.sh, if not initialized then the default value is one day. + if (System.getenv("KERBEROS_REFRESH_INTERVAL") != null) { + refreshIntervalString = System.getenv("KERBEROS_REFRESH_INTERVAL"); + } + try { + refreshInterval = getTimeAsMs(refreshIntervalString); + } catch (IllegalArgumentException e) { + logger.error("Cannot get time in MS for the given string, " + refreshIntervalString + + " defaulting to 1d ", e); + refreshInterval = getTimeAsMs("1d"); } + + return refreshInterval; } private Integer kinitFailThreshold() { - if (System.getenv("KINIT_FAIL_THRESHOLD") == null) { - return 5; - } else { - return new Integer(System.getenv("KINIT_FAIL_THRESHOLD")); + Integer kinitFailThreshold = 5; + //defined in zeppelin-env.sh, if not initialized then the default value is 5. + if (System.getenv("KINIT_FAIL_THRESHOLD") != null) { + try { + kinitFailThreshold = new Integer(System.getenv("KINIT_FAIL_THRESHOLD")); + } catch (Exception e) { + logger.error("Cannot get integer value from the given string, " + System + .getenv("KINIT_FAIL_THRESHOLD") + " defaulting to " + kinitFailThreshold, e); + } } + return kinitFailThreshold; } private Long getTimeAsMs(String time) { @@ -115,7 +137,7 @@ public Object call() throws Exception { kinitFailCount = 0; // schedule another kinit run with a fixed delay. scheduledExecutorService - .schedule(this, getTimeAsMs(getKerberosRefreshInterval()), TimeUnit.MILLISECONDS); + .schedule(this, getKerberosRefreshInterval(), TimeUnit.MILLISECONDS); } else { kinitFailCount++; logger.info("runKerberosLogin failed for " + kinitFailCount + " time(s).");