<li><ahref="#Running_with_Privilege_.28Secure_Mode.29">Running with Privilege (Secure Mode)</a></li></ul></li></ul>
<p>Much of Apache Hadoop’s functionality is controlled via <ahref="CommandsManual.html">the shell</a>. There are several ways to modify the default behavior of how these commands execute.</p><section>
<p>Apache Hadoop has many environment variables that control various aspects of the software. (See <code>hadoop-env.sh</code> and related files.) Some of these environment variables are dedicated to helping end users manage their runtime.</p><section>
<p>This environment variable is used for all end-user, non-daemon operations. It can be used to set any Java options as well as any Apache Hadoop options via a system property definition. For example:</p>
<p>will increase the memory and send this command via a SOCKS proxy server.</p>
<p>NOTE: If ‘YARN_CLIENT_OPTS’ is defined, it will replace ‘HADOOP_CLIENT_OPTS’ when commands are run with ‘yarn’.</p></section><section>
<p>It is also possible to set options on a per subcommand basis. This allows for one to create special options for particular cases. The first part of the pattern is the command being used, but all uppercase. The second part of the command is the subcommand being used. Then finally followed by the string <code>_OPT</code>.</p>
<p>For example, to configure <code>mapred distcp</code> to use a 2GB heap, one would use:</p>
<divclass="source">
<divclass="source">
<pre>MAPRED_DISTCP_OPTS="-Xmx2g"
</pre></div></div>
<p>These options will appear <i>after</i><code>HADOOP_CLIENT_OPTS</code> during execution and will generally take precedence.</p></section><section>
<p>NOTE: Site-wide settings should be configured via a shellprofile entry and permanent user-wide settings should be configured via ${HOME}/.hadooprc using the <code>hadoop_add_classpath</code> function. See below for more information.</p>
<p>The Apache Hadoop scripts have the capability to inject more content into the classpath of the running command by setting this environment variable. It should be a colon delimited list of directories, files, or wildcard locations.</p>
<p>A user can provides hints to the location of the paths via the <code>HADOOP_USER_CLASSPATH_FIRST</code> variable. Setting this to any value will tell the system to try and push these paths near the front.</p></section><section>
<h3><aname="Auto-setting_of_Variables"></a>Auto-setting of Variables</h3>
<p>If a user has a common set of settings, they can be put into the <code>${HOME}/.hadoop-env</code> file. This file is always read to initialize and override any variables that the user may want to customize. It uses bash syntax, similar to the <code>.bashrc</code> file:</p>
<p>For example:</p>
<divclass="source">
<divclass="source">
<pre>#
# my custom Apache Hadoop settings!
#
HADOOP_CLIENT_OPTS="-Xmx1g"
MAPRED_DISTCP_OPTS="-Xmx2g"
HADOOP_DISTCP_OPTS="-Xmx2g"
</pre></div></div>
<p>The <code>.hadoop-env</code> file can also be used to extend functionality and teach Apache Hadoop new tricks. For example, to run hadoop commands accessing the server referenced in the environment variable <code>${HADOOP_SERVER}</code>, the following in the <code>.hadoop-env</code> will do just that:</p>
<divclass="source">
<divclass="source">
<pre>if [[ -n ${HADOOP_SERVER} ]]; then
HADOOP_CONF_DIR=/etc/hadoop.${HADOOP_SERVER}
fi
</pre></div></div>
<p>One word of warning: not all of Unix Shell API routines are available or work correctly in <code>.hadoop-env</code>. See below for more information on <code>.hadooprc</code>.</p></section></section><section>
<p>In addition to the various XML files, there are two key capabilities for administrators to configure Apache Hadoop when using the Unix Shell:</p>
<ul>
<li>
<p>Many environment variables that impact how the system operates. This guide will only highlight some key ones. There is generally more information in the various <code>*-env.sh</code> files.</p>
</li>
<li>
<p>Supplement or do some platform-specific changes to the existing scripts. Apache Hadoop provides the capabilities to do function overrides so that the existing code base may be changed in place without all of that work. Replacing functions is covered later under the Shell API documentation.</p>
<p>By far, the most important are the series of <code>_OPTS</code> variables that control how daemons work. These variables should contain all of the relevant settings for those daemons.</p>
<p>Similar to the user commands above, all daemons will honor the <code>(command)_(subcommand)_OPTS</code> pattern. It is generally recommended that these be set in <code>hadoop-env.sh</code> to guarantee that the system will know which settings it should use on restart. Unlike user-facing subcommands, daemons will <i>NOT</i> honor <code>HADOOP_CLIENT_OPTS</code>.</p>
<p>In addition, daemons that run in an extra security mode also support <code>(command)_(subcommand)_SECURE_EXTRA_OPTS</code>. These options are <i>supplemental</i> to the generic <code>*_OPTS</code> and will appear after, therefore generally taking precedence.</p></section><section>
<p>Apache Hadoop provides a way to do a user check per-subcommand. While this method is easily circumvented and should not be considered a security-feature, it does provide a mechanism by which to prevent accidents. For example, setting <code>HDFS_NAMENODE_USER=hdfs</code> will make the <code>hdfs namenode</code> and <code>hdfs --daemon start namenode</code> commands verify that the user running the commands are the hdfs user by checking the <code>USER</code> environment variable. This also works for non-daemons. Setting <code>HADOOP_DISTCP_USER=jane</code> will verify that <code>USER</code> is set to <code>jane</code> before being allowed to execute the <code>hadoop distcp</code> command.</p>
<p>If a _USER environment variable exists and commands are run with a privilege (e.g., as root; see hadoop_privilege_check in the API documentation), execution will switch to the specified user first. For commands that support user account switching for security reasons and therefore have a SECURE_USER variable (see more below), the base _USER variable needs to be the user that is expected to be used to switch to the SECURE_USER account. For example:</p>
<divclass="source">
<divclass="source">
<pre>HDFS_DATANODE_USER=root
HDFS_DATANODE_SECURE_USER=hdfs
</pre></div></div>
<p>will force ‘hdfs –daemon start datanode’ to be root, but will eventually switch to the hdfs user after the privileged work has been completed.</p>
<p>Be aware that if the --workers flag is used, the user switch happens <i>after</i> ssh is invoked. The multi-daemon start and stop commands in sbin will, however, switch (if appropriate) prior and will therefore use the keys of the specified _USER.</p></section></section><section>
<h2><aname="Developer_and_Advanced_Administrator_Environment"></a>Developer and Advanced Administrator Environment</h2><section>
<p>Apache Hadoop allows for third parties to easily add new features through a variety of pluggable interfaces. This includes a shell code subsystem that makes it easy to inject the necessary content into the base installation.</p>
<p>Core to this functionality is the concept of a shell profile. Shell profiles are shell snippets that can do things such as add jars to the classpath, configure Java system properties and more.</p>
<p>Shell profiles may be installed in either <code>${HADOOP_CONF_DIR}/shellprofile.d</code> or <code>${HADOOP_HOME}/libexec/shellprofile.d</code>. Shell profiles in the <code>libexec</code> directory are part of the base installation and cannot be overridden by the user. Shell profiles in the configuration directory may be ignored if the end user changes the configuration directory at runtime.</p>
<p>An example of a shell profile is in the libexec directory.</p></section><section>
<h3><aname="Shell_API"></a>Shell API</h3>
<p>Apache Hadoop’s shell code has a <ahref="./UnixShellAPI.html">function library</a> that is open for administrators and developers to use to assist in their configuration and advanced feature management. These APIs follow the standard <ahref="./InterfaceClassification.html">Apache Hadoop Interface Classification</a>, with one addition: Replaceable.</p>
<p>The shell code allows for core functions to be overridden. However, not all functions can be or are safe to be replaced. If a function is not safe to replace, it will have an attribute of Replaceable: No. If a function is safe to replace, it will have the attribute of Replaceable: Yes.</p>
<p>In order to replace a function, create a file called <code>hadoop-user-functions.sh</code> in the <code>${HADOOP_CONF_DIR}</code> directory. Simply define the new, replacement function in this file and the system will pick it up automatically. There may be as many replacement functions as needed in this file. Examples of function replacement are in the <code>hadoop-user-functions.sh.example</code> file.</p>
<p>Functions that are marked Public and Stable are safe to use in shell profiles as-is. Other functions may change in a minor release.</p></section><section>
<h3><aname="User-level_API_Access"></a>User-level API Access</h3>
<p>In addition to <code>.hadoop-env</code>, which allows individual users to override <code>hadoop-env.sh</code>, user’s may also use <code>.hadooprc</code>. This is called after the Apache Hadoop shell environment has been configured and allows the full set of shell API function calls.</p>
<p>For example:</p>
<divclass="source">
<divclass="source">
<pre>hadoop_add_classpath /some/path/custom.jar
</pre></div></div>
<p>would go into <code>.hadooprc</code></p></section><section>
<p>Utilizing the Shell API, it is possible for third parties to add their own subcommands to the primary Hadoop shell scripts (hadoop, hdfs, mapred, yarn).</p>
<p>Prior to executing a subcommand, the primary scripts will check for the existence of a (scriptname)_subcommand_(subcommand) function. This function gets executed with the parameters set to all remaining command line arguments. For example, if the following function is defined:</p>
<divclass="source">
<divclass="source">
<pre>function yarn_subcommand_hello
{
echo "$@"
exit $?
}
</pre></div></div>
<p>then executing <code>yarn --debug hello world I see you</code> will activate script debugging and call the <code>yarn_subcommand_hello</code> function as:</p>
<divclass="source">
<divclass="source">
<pre>yarn_subcommand_hello world I see you
</pre></div></div>
<p>which will result in the output of:</p>
<divclass="source">
<divclass="source">
<pre>world I see you
</pre></div></div>
<p>It is also possible to add the new subcommands to the usage output. The <code>hadoop_add_subcommand</code> function adds text to the usage output. Utilizing the standard HADOOP_SHELL_EXECNAME variable, we can limit which command gets our new function.</p>
<divclass="source">
<divclass="source">
<pre>if [[ "${HADOOP_SHELL_EXECNAME}" = "yarn" ]]; then
hadoop_add_subcommand "hello" client "Print some text to the screen"
fi
</pre></div></div>
<p>We set the subcommand type to be “client” as there are no special restrictions, extra capabilities, etc. This functionality may also be use to override the built-ins. For example, defining:</p>
<divclass="source">
<divclass="source">
<pre>function hdfs_subcommand_fetchdt
{
...
}
</pre></div></div>
<p>… will replace the existing <code>hdfs fetchdt</code> subcommand with a custom one.</p>
<p>Some key environment variables for Dynamic Subcommands:</p>
<ul>
<li>HADOOP_CLASSNAME</li>
</ul>
<p>This is the name of the Java class to use when program execution continues.</p>
<ul>
<li>HADOOP_PRIV_CLASSNAME</li>
</ul>
<p>This is the name of the Java class to use when a daemon is expected to be run in a privileged mode. (See more below.)</p>
<ul>
<li>HADOOP_SHELL_EXECNAME</li>
</ul>
<p>This is the name of the script that is being executed. It will be one of hadoop, hdfs, mapred, or yarn.</p>
<ul>
<li>HADOOP_SUBCMD</li>
</ul>
<p>This is the subcommand that was passed on the command line.</p>
<ul>
<li>HADOOP_SUBCMD_ARGS</li>
</ul>
<p>This array contains the argument list after the Apache Hadoop common argument processing has taken place and is the same list that is passed to the subcommand function as arguments. For example, if <code>hadoop --debug subcmd 1 2 3</code> has been executed on the command line, then <code>${HADOOP_SUBCMD_ARGS[0]}</code> will be 1 and <code>hadoop_subcommand_subcmd</code> will also have $1 equal to 1. This array list MAY be modified by subcommand functions to add or delete values from the argument list for further processing.</p>
<ul>
<li>HADOOP_SECURE_CLASSNAME</li>
</ul>
<p>If this subcommand runs a service that supports the secure mode, this variable should be set to the classname of the secure version.</p>
<ul>
<li>HADOOP_SUBCMD_SECURESERVICE</li>
</ul>
<p>Setting this to true will force the subcommand to run in secure mode regardless of hadoop_detect_priv_subcmd. It is expected that HADOOP_SECURE_USER will be set to the user that will be executing the final process. See more about secure mode.</p>
<ul>
<li>HADOOP_SUBCMD_SUPPORTDAEMONIZATION</li>
</ul>
<p>If this command can be executed as a daemon, set this to true.</p>
<ul>
<li>HADOOP_USER_PARAMS</li>
</ul>
<p>This is the full content of the command line, prior to any parsing done. It will contain flags such as <code>--debug</code>. It MAY NOT be manipulated.</p>
<p>The Apache Hadoop runtime facilities require functions exit if no further processing is required. For example, in the hello example above, Java and other facilities were not required so a simple <code>exit $?</code> was sufficient. However, if the function were to utilize <code>HADOOP_CLASSNAME</code>, then program execution must continue so that Java with the Apache Hadoop-specific parameters will be launched against the given Java class. Another example would be in the case of an unrecoverable error. It is the function’s responsibility to print an appropriate message (preferably using the hadoop_error API call) and exit appropriately.</p></section><section>
<h3><aname="Running_with_Privilege_.28Secure_Mode.29"></a>Running with Privilege (Secure Mode)</h3>
<p>Some daemons, such as the DataNode and the NFS gateway, may be run in a privileged mode. This means that they are expected to be launched as root and (by default) switched to another userid via jsvc. This allows for these daemons to grab a low, privileged port and then drop superuser privileges during normal execution. Running with privilege is also possible for 3rd parties utilizing Dynamic Subcommands. If the following are true:</p>
<ul>
<li>(command)_(subcommand)_SECURE_USER environment variable is defined and points to a valid username</li>
<li>HADOOP_SECURE_CLASSNAME is defined and points to a valid Java class</li>
</ul>
<p>then the shell scripts will attempt to run the class as a command with privilege as it would the built-ins. In general, users are expected to define the _SECURE_USER variable and developers define the _CLASSNAME in their shell script bootstrap.</p></section></section>