Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

YARN-1640. Fixed manual failover of ResourceManagers to work correctly in secure clusters. Contributed by Xuan Gong. 

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1579510 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Vinod Kumar Vavilapalli 2014-03-20 02:40:21 +00:00
parent 44deaa8241
commit 764af69aa0
2 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hadoop-yarn-project/CHANGES.txt
View File

@ -520,6 +520,9 @@ Release 2.4.0 - UNRELEASED
launched by AMs running on the same machine as the AM are correctly launched by AMs running on the same machine as the AM are correctly
propagated. (Jian He via vinodkv) propagated. (Jian He via vinodkv)
YARN-1640. Fixed manual failover of ResourceManagers to work correctly in
secure clusters. (Xuan Gong via vinodkv)
Release 2.3.1 - UNRELEASED Release 2.3.1 - UNRELEASED
INCOMPATIBLE CHANGES INCOMPATIBLE CHANGES

23
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java
View File

@ -21,6 +21,7 @@
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.net.InetSocketAddress; import java.net.InetSocketAddress;
import java.security.PrivilegedExceptionAction;
import java.util.List; import java.util.List;
import java.util.concurrent.BlockingQueue; import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue; import java.util.concurrent.LinkedBlockingQueue;
@ -163,6 +164,8 @@ public class ResourceManager extends CompositeService implements Recoverable {
/** End of Active services */ /** End of Active services */
private Configuration conf; private Configuration conf;
private UserGroupInformation rmLoginUGI;
public ResourceManager() { public ResourceManager() {
super("ResourceManager"); super("ResourceManager");
@ -233,6 +236,8 @@ protected void serviceInit(Configuration conf) throws Exception {
webAppAddress = WebAppUtils.getRMWebAppURLWithoutScheme(this.conf); webAppAddress = WebAppUtils.getRMWebAppURLWithoutScheme(this.conf);
this.rmLoginUGI = UserGroupInformation.getCurrentUser();
super.serviceInit(this.conf); super.serviceInit(this.conf);
} }
@ -859,7 +864,18 @@ synchronized void transitionToActive() throws Exception {
} }
LOG.info("Transitioning to active state"); LOG.info("Transitioning to active state");
startActiveServices();
// use rmLoginUGI to startActiveServices.
// in non-secure model, rmLoginUGI will be current UGI
// in secure model, rmLoginUGI will be LoginUser UGI
this.rmLoginUGI.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
startActiveServices();
return null;
}
});
rmContext.setHAServiceState(HAServiceProtocol.HAServiceState.ACTIVE); rmContext.setHAServiceState(HAServiceProtocol.HAServiceState.ACTIVE);
LOG.info("Transitioned to active state"); LOG.info("Transitioned to active state");
} }
@ -911,6 +927,11 @@ protected void doSecureLogin() throws IOException {
InetSocketAddress socAddr = getBindAddress(conf); InetSocketAddress socAddr = getBindAddress(conf);
SecurityUtil.login(this.conf, YarnConfiguration.RM_KEYTAB, SecurityUtil.login(this.conf, YarnConfiguration.RM_KEYTAB,
YarnConfiguration.RM_PRINCIPAL, socAddr.getHostName()); YarnConfiguration.RM_PRINCIPAL, socAddr.getHostName());
// if security is enable, set rmLoginUGI as UGI of loginUser
if (UserGroupInformation.isSecurityEnabled()) {
this.rmLoginUGI = UserGroupInformation.getLoginUser();
}
} }
@Override @Override