YARN-1640. Fixed manual failover of ResourceManagers to work correctly in secure clusters. Contributed by Xuan Gong.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1579510 13f79535-47bb-0310-9956-ffa450edef68
2014-03-20 02:40:21 +00:00 · 2014-03-20 02:40:21 +00:00 · 764af69aa0
parent 44deaa8241
commit 764af69aa0
2 changed files with 25 additions and 1 deletions
--- a/hadoop-yarn-project/CHANGES.txt
+++ b/hadoop-yarn-project/CHANGES.txt
@ -520,6 +520,9 @@ Release 2.4.0 - UNRELEASED
    launched by AMs running on the same machine as the AM are correctly
    propagated. (Jian He via vinodkv)

+    YARN-1640. Fixed manual failover of ResourceManagers to work correctly in
+    secure clusters. (Xuan Gong via vinodkv)
+
 Release 2.3.1 - UNRELEASED

  INCOMPATIBLE CHANGES
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java
@ -21,6 +21,7 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.InetSocketAddress;
+import java.security.PrivilegedExceptionAction;
 import java.util.List;
 import java.util.concurrent.BlockingQueue;
 import java.util.concurrent.LinkedBlockingQueue;
@ -163,6 +164,8 @@ public class ResourceManager extends CompositeService implements Recoverable {
  /** End of Active services */

  private Configuration conf;
+
+  private UserGroupInformation rmLoginUGI;
  
  public ResourceManager() {
    super("ResourceManager");
@ -233,6 +236,8 @@ protected void serviceInit(Configuration conf) throws Exception {

    webAppAddress = WebAppUtils.getRMWebAppURLWithoutScheme(this.conf);

+    this.rmLoginUGI = UserGroupInformation.getCurrentUser();
+
    super.serviceInit(this.conf);
  }
  
@ -859,7 +864,18 @@ synchronized void transitionToActive() throws Exception {
    }

    LOG.info("Transitioning to active state");
-    startActiveServices();
+
+    // use rmLoginUGI to startActiveServices.
+    // in non-secure model, rmLoginUGI will be current UGI
+    // in secure model, rmLoginUGI will be LoginUser UGI
+    this.rmLoginUGI.doAs(new PrivilegedExceptionAction<Void>() {
+      @Override
+      public Void run() throws Exception {
+        startActiveServices();
+        return null;
+      }
+    });
+
    rmContext.setHAServiceState(HAServiceProtocol.HAServiceState.ACTIVE);
    LOG.info("Transitioned to active state");
  }
@ -911,6 +927,11 @@ protected void doSecureLogin() throws IOException {
 	InetSocketAddress socAddr = getBindAddress(conf);
    SecurityUtil.login(this.conf, YarnConfiguration.RM_KEYTAB,
        YarnConfiguration.RM_PRINCIPAL, socAddr.getHostName());
+
+    // if security is enable, set rmLoginUGI as UGI of loginUser
+    if (UserGroupInformation.isSecurityEnabled()) {
+      this.rmLoginUGI = UserGroupInformation.getLoginUser();
+    }
  }

  @Override