diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/client/AsyncConnectionImpl.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/client/AsyncConnectionImpl.java index 26533618652f..2ed73992d7f1 100644 --- a/hbase-client/src/main/java/org/apache/hadoop/hbase/client/AsyncConnectionImpl.java +++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/client/AsyncConnectionImpl.java @@ -171,7 +171,7 @@ public void newDead(ServerName sn) { private void spawnRenewalChore(final UserGroupInformation user) { ChoreService service = getChoreService(); - service.scheduleChore(AuthUtil.getAuthRenewalChore(user)); + service.scheduleChore(AuthUtil.getAuthRenewalChore(user, conf)); } /** diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/client/ConnectionImplementation.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/client/ConnectionImplementation.java index 936f7f583279..33f92ed9bc71 100644 --- a/hbase-client/src/main/java/org/apache/hadoop/hbase/client/ConnectionImplementation.java +++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/client/ConnectionImplementation.java @@ -374,7 +374,7 @@ replicaSelectorClass, META_TABLE_NAME, getChoreService(), () -> { private void spawnRenewalChore(final UserGroupInformation user) { ChoreService service = getChoreService(); - service.scheduleChore(AuthUtil.getAuthRenewalChore(user)); + service.scheduleChore(AuthUtil.getAuthRenewalChore(user, conf)); } /** diff --git a/hbase-common/src/main/java/org/apache/hadoop/hbase/AuthUtil.java b/hbase-common/src/main/java/org/apache/hadoop/hbase/AuthUtil.java index d8d4f788ab10..95dfdd206ec8 100644 --- a/hbase-common/src/main/java/org/apache/hadoop/hbase/AuthUtil.java +++ b/hbase-common/src/main/java/org/apache/hadoop/hbase/AuthUtil.java @@ -90,6 +90,10 @@ public final class AuthUtil { /** Client principal */ public static final String HBASE_CLIENT_KERBEROS_PRINCIPAL = "hbase.client.keytab.principal"; + /** Configuration to automatically try to renew keytab-based logins */ + public static final String HBASE_CLIENT_AUTOMATIC_KEYTAB_RENEWAL_KEY = "hbase.client.keytab.automatic.renewal"; + public static final boolean HBASE_CLIENT_AUTOMATIC_KEYTAB_RENEWAL_DEFAULT = true; + private AuthUtil() { super(); } @@ -189,8 +193,8 @@ private static User loginClientAsService(Configuration conf) throws IOException * @return a ScheduledChore for renewals. */ @InterfaceAudience.Private - public static ScheduledChore getAuthRenewalChore(final UserGroupInformation user) { - if (!user.hasKerberosCredentials()) { + public static ScheduledChore getAuthRenewalChore(final UserGroupInformation user, Configuration conf) { + if (!user.hasKerberosCredentials() || !isAuthRenewalChoreEnabled(conf)) { return null; } @@ -221,8 +225,11 @@ protected void chore() { */ @Deprecated public static ScheduledChore getAuthChore(Configuration conf) throws IOException { + if (!isAuthRenewalChoreEnabled(conf)) { + return null; + } User user = loginClientAsService(conf); - return getAuthRenewalChore(user.getUGI()); + return getAuthRenewalChore(user.getUGI(), conf); } private static Stoppable createDummyStoppable() { @@ -271,4 +278,13 @@ public static String getGroupName(String aclKey) { public static String toGroupEntry(String name) { return GROUP_PREFIX + name; } + + /** + * Returns true if the chore to automatically renew Kerberos tickets (from + * keytabs) should be started. The default is true. + */ + static boolean isAuthRenewalChoreEnabled(Configuration conf) { + return conf.getBoolean(HBASE_CLIENT_AUTOMATIC_KEYTAB_RENEWAL_KEY, + HBASE_CLIENT_AUTOMATIC_KEYTAB_RENEWAL_DEFAULT); + } }