YARN-1640. Fixed manual failover of ResourceManagers to work correctly in secure clusters. Contributed by Xuan Gong.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1579510 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Vinod Kumar Vavilapalli 2014-03-20 02:40:21 +00:00
parent 44deaa8241
commit 764af69aa0
2 changed files with 25 additions and 1 deletions

View File

@ -520,6 +520,9 @@ Release 2.4.0 - UNRELEASED
launched by AMs running on the same machine as the AM are correctly launched by AMs running on the same machine as the AM are correctly
propagated. (Jian He via vinodkv) propagated. (Jian He via vinodkv)
YARN-1640. Fixed manual failover of ResourceManagers to work correctly in
secure clusters. (Xuan Gong via vinodkv)
Release 2.3.1 - UNRELEASED Release 2.3.1 - UNRELEASED
INCOMPATIBLE CHANGES INCOMPATIBLE CHANGES

View File

@ -21,6 +21,7 @@ package org.apache.hadoop.yarn.server.resourcemanager;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.net.InetSocketAddress; import java.net.InetSocketAddress;
import java.security.PrivilegedExceptionAction;
import java.util.List; import java.util.List;
import java.util.concurrent.BlockingQueue; import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue; import java.util.concurrent.LinkedBlockingQueue;
@ -163,6 +164,8 @@ public class ResourceManager extends CompositeService implements Recoverable {
/** End of Active services */ /** End of Active services */
private Configuration conf; private Configuration conf;
private UserGroupInformation rmLoginUGI;
public ResourceManager() { public ResourceManager() {
super("ResourceManager"); super("ResourceManager");
@ -233,6 +236,8 @@ public class ResourceManager extends CompositeService implements Recoverable {
webAppAddress = WebAppUtils.getRMWebAppURLWithoutScheme(this.conf); webAppAddress = WebAppUtils.getRMWebAppURLWithoutScheme(this.conf);
this.rmLoginUGI = UserGroupInformation.getCurrentUser();
super.serviceInit(this.conf); super.serviceInit(this.conf);
} }
@ -859,7 +864,18 @@ public class ResourceManager extends CompositeService implements Recoverable {
} }
LOG.info("Transitioning to active state"); LOG.info("Transitioning to active state");
startActiveServices();
// use rmLoginUGI to startActiveServices.
// in non-secure model, rmLoginUGI will be current UGI
// in secure model, rmLoginUGI will be LoginUser UGI
this.rmLoginUGI.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
startActiveServices();
return null;
}
});
rmContext.setHAServiceState(HAServiceProtocol.HAServiceState.ACTIVE); rmContext.setHAServiceState(HAServiceProtocol.HAServiceState.ACTIVE);
LOG.info("Transitioned to active state"); LOG.info("Transitioned to active state");
} }
@ -911,6 +927,11 @@ public class ResourceManager extends CompositeService implements Recoverable {
InetSocketAddress socAddr = getBindAddress(conf); InetSocketAddress socAddr = getBindAddress(conf);
SecurityUtil.login(this.conf, YarnConfiguration.RM_KEYTAB, SecurityUtil.login(this.conf, YarnConfiguration.RM_KEYTAB,
YarnConfiguration.RM_PRINCIPAL, socAddr.getHostName()); YarnConfiguration.RM_PRINCIPAL, socAddr.getHostName());
// if security is enable, set rmLoginUGI as UGI of loginUser
if (UserGroupInformation.isSecurityEnabled()) {
this.rmLoginUGI = UserGroupInformation.getLoginUser();
}
} }
@Override @Override