in thriftserver/server/src/main/scala/org/apache/livy/thriftserver/LivyCLIService.scala [46:76]
override def init(livyConf: LivyConf): Unit = {
sessionManager = new LivyThriftSessionManager(server, livyConf)
addService(sessionManager)
defaultFetchRows = livyConf.getInt(LivyConf.THRIFT_RESULTSET_DEFAULT_FETCH_SIZE)
maxTimeout = livyConf.getTimeAsMs(LivyConf.THRIFT_LONG_POLLING_TIMEOUT)
// If the hadoop cluster is secure, do a kerberos login for the service from the keytab
if (UserGroupInformation.isSecurityEnabled) {
try {
serviceUGI = UserGroupInformation.getCurrentUser
} catch {
case e: IOException =>
throw new ServiceException("Unable to login to kerberos with given principal/keytab", e)
case e: LoginException =>
throw new ServiceException("Unable to login to kerberos with given principal/keytab", e)
}
// Also try creating a UGI object for the SPNego principal
val principal = livyConf.get(LivyConf.AUTH_KERBEROS_PRINCIPAL)
val keyTabFile = livyConf.get(LivyConf.AUTH_KERBEROS_KEYTAB)
if (principal.isEmpty || keyTabFile.isEmpty) {
info(s"SPNego httpUGI not created, SPNegoPrincipal: $principal, ketabFile: $keyTabFile")
} else try {
httpUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI(
SecurityUtil.getServerPrincipal(principal, "0.0.0.0"), keyTabFile)
info("SPNego httpUGI successfully created.")
} catch {
case e: IOException =>
warn("SPNego httpUGI creation failed: ", e)
}
}
super.init(livyConf)
}