YARN-3462. Patches applied for YARN-2424 are inconsistent between trunk and branch-2. Contributed by Naganarasimha G R.
This commit is contained in:
parent
50c8d06314
commit
d4a462c02e
|
@ -12,6 +12,9 @@ Release 2.7.1 - UNRELEASED
|
||||||
|
|
||||||
BUG FIXES
|
BUG FIXES
|
||||||
|
|
||||||
|
YARN-3462. Patches applied for YARN-2424 are inconsistent between
|
||||||
|
trunk and branch-2. (Naganarasimha G R via harsh)
|
||||||
|
|
||||||
Release 2.7.0 - UNRELEASED
|
Release 2.7.0 - UNRELEASED
|
||||||
|
|
||||||
INCOMPATIBLE CHANGES
|
INCOMPATIBLE CHANGES
|
||||||
|
|
|
@ -1036,21 +1036,22 @@
|
||||||
</property>
|
</property>
|
||||||
|
|
||||||
<property>
|
<property>
|
||||||
<description>This determines which of the two modes that LCE should use on a non-secure
|
<description>This determines which of the two modes that LCE should use on
|
||||||
cluster. If this value is set to true, then all containers will be launched as the user
|
a non-secure cluster. If this value is set to true, then all containers
|
||||||
specified in yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user. If
|
will be launched as the user specified in
|
||||||
this value is set to false, then containers will run as the user who submitted the
|
yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user. If
|
||||||
application.
|
this value is set to false, then containers will run as the user who
|
||||||
</description>
|
submitted the application.</description>
|
||||||
<name>yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users</name>
|
<name>yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users</name>
|
||||||
<value>true</value>
|
<value>true</value>
|
||||||
</property>
|
</property>
|
||||||
|
|
||||||
<property>
|
<property>
|
||||||
<description>The UNIX user that containers will run as when Linux-container-executor
|
<description>The UNIX user that containers will run as when
|
||||||
is used in nonsecure mode (a use case for this is using cgroups) if the
|
Linux-container-executor is used in nonsecure mode (a use case for this
|
||||||
yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users is set
|
is using cgroups) if the
|
||||||
to true.</description>
|
yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users is
|
||||||
|
set to true.</description>
|
||||||
<name>yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user</name>
|
<name>yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user</name>
|
||||||
<value>nobody</value>
|
<value>nobody</value>
|
||||||
</property>
|
</property>
|
||||||
|
|
|
@ -59,8 +59,7 @@ public class LinuxContainerExecutor extends ContainerExecutor {
|
||||||
private LCEResourcesHandler resourcesHandler;
|
private LCEResourcesHandler resourcesHandler;
|
||||||
private boolean containerSchedPriorityIsSet = false;
|
private boolean containerSchedPriorityIsSet = false;
|
||||||
private int containerSchedPriorityAdjustment = 0;
|
private int containerSchedPriorityAdjustment = 0;
|
||||||
private boolean containerLimitUsers = YarnConfiguration.DEFAULT_NM_NONSECURE_MODE_LIMIT_USERS;
|
private boolean containerLimitUsers;
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void setConf(Configuration conf) {
|
public void setConf(Configuration conf) {
|
||||||
|
@ -71,6 +70,7 @@ public class LinuxContainerExecutor extends ContainerExecutor {
|
||||||
conf.getClass(YarnConfiguration.NM_LINUX_CONTAINER_RESOURCES_HANDLER,
|
conf.getClass(YarnConfiguration.NM_LINUX_CONTAINER_RESOURCES_HANDLER,
|
||||||
DefaultLCEResourcesHandler.class, LCEResourcesHandler.class), conf);
|
DefaultLCEResourcesHandler.class, LCEResourcesHandler.class), conf);
|
||||||
resourcesHandler.setConf(conf);
|
resourcesHandler.setConf(conf);
|
||||||
|
|
||||||
if (conf.get(YarnConfiguration.NM_CONTAINER_EXECUTOR_SCHED_PRIORITY) != null) {
|
if (conf.get(YarnConfiguration.NM_CONTAINER_EXECUTOR_SCHED_PRIORITY) != null) {
|
||||||
containerSchedPriorityIsSet = true;
|
containerSchedPriorityIsSet = true;
|
||||||
containerSchedPriorityAdjustment = conf
|
containerSchedPriorityAdjustment = conf
|
||||||
|
@ -83,9 +83,13 @@ public class LinuxContainerExecutor extends ContainerExecutor {
|
||||||
nonsecureLocalUserPattern = Pattern.compile(
|
nonsecureLocalUserPattern = Pattern.compile(
|
||||||
conf.get(YarnConfiguration.NM_NONSECURE_MODE_USER_PATTERN_KEY,
|
conf.get(YarnConfiguration.NM_NONSECURE_MODE_USER_PATTERN_KEY,
|
||||||
YarnConfiguration.DEFAULT_NM_NONSECURE_MODE_USER_PATTERN));
|
YarnConfiguration.DEFAULT_NM_NONSECURE_MODE_USER_PATTERN));
|
||||||
containerLimitUsers=conf.getBoolean(
|
containerLimitUsers = conf.getBoolean(
|
||||||
YarnConfiguration.NM_NONSECURE_MODE_LIMIT_USERS,
|
YarnConfiguration.NM_NONSECURE_MODE_LIMIT_USERS,
|
||||||
YarnConfiguration.DEFAULT_NM_NONSECURE_MODE_LIMIT_USERS);
|
YarnConfiguration.DEFAULT_NM_NONSECURE_MODE_LIMIT_USERS);
|
||||||
|
if (!containerLimitUsers) {
|
||||||
|
LOG.warn(YarnConfiguration.NM_NONSECURE_MODE_LIMIT_USERS +
|
||||||
|
": impersonation without authentication enabled");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void verifyUsernamePattern(String user) {
|
void verifyUsernamePattern(String user) {
|
||||||
|
|
Loading…
Reference in New Issue