YARN-4833. For Queue AccessControlException client retries multiple times on both RM. Contributed by Bibin A Chundatt
This commit is contained in:
Naganarasimha
parent
db719ef125
commit
874577a67d
|
|
@ -285,7 +285,7 @@ public class RMAppManager implements EventHandler<RMAppManagerEvent>,
|
|||
@SuppressWarnings("unchecked")
|
||||
protected void submitApplication(
|
||||
ApplicationSubmissionContext submissionContext, long submitTime,
|
||||
String user) throws YarnException, AccessControlException {
|
||||
String user) throws YarnException {
|
||||
ApplicationId applicationId = submissionContext.getApplicationId();
|
||||
|
||||
// Passing start time as -1. It will be eventually set in RMAppImpl
|
||||
|
|
@ -336,8 +336,7 @@ public class RMAppManager implements EventHandler<RMAppManagerEvent>,
|
|||
|
||||
private RMAppImpl createAndPopulateNewRMApp(
|
||||
ApplicationSubmissionContext submissionContext, long submitTime,
|
||||
String user, boolean isRecovery, long startTime)
|
||||
throws YarnException, AccessControlException {
|
||||
String user, boolean isRecovery, long startTime) throws YarnException {
|
||||
// Do queue mapping
|
||||
if (!isRecovery) {
|
||||
if (rmContext.getQueuePlacementManager() != null) {
|
||||
|
|
@ -380,9 +379,9 @@ public class RMAppManager implements EventHandler<RMAppManagerEvent>,
|
|||
SchedulerUtils.toAccessType(QueueACL.ADMINISTER_QUEUE),
|
||||
applicationId.toString(), appName, Server.getRemoteAddress(),
|
||||
null))) {
|
||||
throw new AccessControlException(
|
||||
throw RPCUtil.getRemoteException(new AccessControlException(
|
||||
"User " + user + " does not have permission to submit "
|
||||
+ applicationId + " to queue " + submissionContext.getQueue());
|
||||
+ applicationId + " to queue " + submissionContext.getQueue()));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -39,14 +39,18 @@ import org.apache.commons.logging.Log;
|
|||
import org.apache.commons.logging.LogFactory;
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.io.DataOutputBuffer;
|
||||
import org.apache.hadoop.security.AccessControlException;
|
||||
import org.apache.hadoop.security.Credentials;
|
||||
import org.apache.hadoop.service.Service;
|
||||
import org.apache.hadoop.yarn.MockApps;
|
||||
import org.apache.hadoop.yarn.api.protocolrecords.SubmitApplicationRequest;
|
||||
import org.apache.hadoop.yarn.api.records.ApplicationAccessType;
|
||||
import org.apache.hadoop.yarn.api.records.ApplicationId;
|
||||
import org.apache.hadoop.yarn.api.records.ApplicationSubmissionContext;
|
||||
import org.apache.hadoop.yarn.api.records.ContainerLaunchContext;
|
||||
import org.apache.hadoop.yarn.api.records.Priority;
|
||||
import org.apache.hadoop.yarn.api.records.Resource;
|
||||
import org.apache.hadoop.yarn.api.records.ResourceRequest;
|
||||
import org.apache.hadoop.yarn.conf.YarnConfiguration;
|
||||
import org.apache.hadoop.yarn.event.AsyncDispatcher;
|
||||
import org.apache.hadoop.yarn.event.Dispatcher;
|
||||
|
|
@ -69,9 +73,11 @@ import org.apache.hadoop.yarn.server.resourcemanager.rmapp.attempt.AMLivelinessM
|
|||
import org.apache.hadoop.yarn.server.resourcemanager.rmcontainer.ContainerAllocationExpirer;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceScheduler;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.YarnScheduler;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.capacity.CapacityScheduler;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.ClientToAMTokenSecretManagerInRM;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.timelineservice.RMTimelineCollectorManager;
|
||||
import org.apache.hadoop.yarn.server.security.ApplicationACLsManager;
|
||||
import org.apache.hadoop.yarn.util.Records;
|
||||
import org.apache.hadoop.yarn.util.resource.ResourceCalculator;
|
||||
import org.apache.hadoop.yarn.util.resource.Resources;
|
||||
import org.junit.After;
|
||||
|
|
@ -280,6 +286,43 @@ public class TestAppManager{
|
|||
isA(RMApp.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testQueueSubmitWithNoPermission() throws IOException {
|
||||
YarnConfiguration conf = new YarnConfiguration();
|
||||
conf.set(YarnConfiguration.RM_SCHEDULER,
|
||||
CapacityScheduler.class.getCanonicalName());
|
||||
conf.set("yarn.scheduler.capacity.root.acl_submit_applications", " ");
|
||||
conf.set("yarn.scheduler.capacity.root.acl_administer_queue", " ");
|
||||
|
||||
conf.set("yarn.scheduler.capacity.root.default.acl_submit_applications",
|
||||
" ");
|
||||
conf.set("yarn.scheduler.capacity.root.default.acl_administer_queue", " ");
|
||||
conf.set(YarnConfiguration.YARN_ACL_ENABLE, "true");
|
||||
MockRM mockRM = new MockRM(conf);
|
||||
ClientRMService rmService = mockRM.getClientRMService();
|
||||
SubmitApplicationRequest req =
|
||||
Records.newRecord(SubmitApplicationRequest.class);
|
||||
ApplicationSubmissionContext sub =
|
||||
Records.newRecord(ApplicationSubmissionContext.class);
|
||||
sub.setApplicationId(appId);
|
||||
ResourceRequest resReg =
|
||||
ResourceRequest.newInstance(Priority.newInstance(0),
|
||||
ResourceRequest.ANY, Resource.newInstance(1024, 1), 1);
|
||||
sub.setAMContainerResourceRequest(resReg);
|
||||
req.setApplicationSubmissionContext(sub);
|
||||
try {
|
||||
rmService.submitApplication(req);
|
||||
} catch (Exception e) {
|
||||
if (e instanceof YarnException) {
|
||||
Assert.assertTrue(e.getCause() instanceof AccessControlException);
|
||||
} else {
|
||||
Assert.fail("Yarn exception is expected");
|
||||
}
|
||||
} finally {
|
||||
mockRM.close();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testRMAppRetireSome() throws Exception {
|
||||
long now = System.currentTimeMillis();
|
||||
|
|
|
|||
Loading…
Reference in New Issue