YARN-3462. Patches applied for YARN-2424 are inconsistent between trunk and branch-2. Contributed by Naganarasimha G R.

This commit is contained in:
Harsh J 2015-04-15 09:41:43 +05:30
parent 50c8d06314
commit d4a462c02e
3 changed files with 22 additions and 14 deletions

View File

@ -12,6 +12,9 @@ Release 2.7.1 - UNRELEASED
BUG FIXES
YARN-3462. Patches applied for YARN-2424 are inconsistent between
trunk and branch-2. (Naganarasimha G R via harsh)
Release 2.7.0 - UNRELEASED
INCOMPATIBLE CHANGES

View File

@ -1036,21 +1036,22 @@
</property>
<property>
<description>This determines which of the two modes that LCE should use on a non-secure
cluster. If this value is set to true, then all containers will be launched as the user
specified in yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user. If
this value is set to false, then containers will run as the user who submitted the
application.
</description>
<description>This determines which of the two modes that LCE should use on
a non-secure cluster. If this value is set to true, then all containers
will be launched as the user specified in
yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user. If
this value is set to false, then containers will run as the user who
submitted the application.</description>
<name>yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users</name>
<value>true</value>
</property>
<property>
<description>The UNIX user that containers will run as when Linux-container-executor
is used in nonsecure mode (a use case for this is using cgroups) if the
yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users is set
to true.</description>
<description>The UNIX user that containers will run as when
Linux-container-executor is used in nonsecure mode (a use case for this
is using cgroups) if the
yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users is
set to true.</description>
<name>yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user</name>
<value>nobody</value>
</property>

View File

@ -59,9 +59,8 @@ public class LinuxContainerExecutor extends ContainerExecutor {
private LCEResourcesHandler resourcesHandler;
private boolean containerSchedPriorityIsSet = false;
private int containerSchedPriorityAdjustment = 0;
private boolean containerLimitUsers = YarnConfiguration.DEFAULT_NM_NONSECURE_MODE_LIMIT_USERS;
private boolean containerLimitUsers;
@Override
public void setConf(Configuration conf) {
super.setConf(conf);
@ -71,6 +70,7 @@ public class LinuxContainerExecutor extends ContainerExecutor {
conf.getClass(YarnConfiguration.NM_LINUX_CONTAINER_RESOURCES_HANDLER,
DefaultLCEResourcesHandler.class, LCEResourcesHandler.class), conf);
resourcesHandler.setConf(conf);
if (conf.get(YarnConfiguration.NM_CONTAINER_EXECUTOR_SCHED_PRIORITY) != null) {
containerSchedPriorityIsSet = true;
containerSchedPriorityAdjustment = conf
@ -83,9 +83,13 @@ public class LinuxContainerExecutor extends ContainerExecutor {
nonsecureLocalUserPattern = Pattern.compile(
conf.get(YarnConfiguration.NM_NONSECURE_MODE_USER_PATTERN_KEY,
YarnConfiguration.DEFAULT_NM_NONSECURE_MODE_USER_PATTERN));
containerLimitUsers=conf.getBoolean(
containerLimitUsers = conf.getBoolean(
YarnConfiguration.NM_NONSECURE_MODE_LIMIT_USERS,
YarnConfiguration.DEFAULT_NM_NONSECURE_MODE_LIMIT_USERS);
if (!containerLimitUsers) {
LOG.warn(YarnConfiguration.NM_NONSECURE_MODE_LIMIT_USERS +
": impersonation without authentication enabled");
}
}
void verifyUsernamePattern(String user) {