YARN-3462. Patches applied for YARN-2424 are inconsistent between trunk and branch-2. Contributed by Naganarasimha G R.

This commit is contained in:
Harsh J 2015-04-15 09:41:43 +05:30
parent 50c8d06314
commit d4a462c02e
3 changed files with 22 additions and 14 deletions

View File

@ -12,6 +12,9 @@ Release 2.7.1 - UNRELEASED
BUG FIXES BUG FIXES
YARN-3462. Patches applied for YARN-2424 are inconsistent between
trunk and branch-2. (Naganarasimha G R via harsh)
Release 2.7.0 - UNRELEASED Release 2.7.0 - UNRELEASED
INCOMPATIBLE CHANGES INCOMPATIBLE CHANGES

View File

@ -1036,21 +1036,22 @@
</property> </property>
<property> <property>
<description>This determines which of the two modes that LCE should use on a non-secure <description>This determines which of the two modes that LCE should use on
cluster. If this value is set to true, then all containers will be launched as the user a non-secure cluster. If this value is set to true, then all containers
specified in yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user. If will be launched as the user specified in
this value is set to false, then containers will run as the user who submitted the yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user. If
application. this value is set to false, then containers will run as the user who
</description> submitted the application.</description>
<name>yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users</name> <name>yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users</name>
<value>true</value> <value>true</value>
</property> </property>
<property> <property>
<description>The UNIX user that containers will run as when Linux-container-executor <description>The UNIX user that containers will run as when
is used in nonsecure mode (a use case for this is using cgroups) if the Linux-container-executor is used in nonsecure mode (a use case for this
yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users is set is using cgroups) if the
to true.</description> yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users is
set to true.</description>
<name>yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user</name> <name>yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user</name>
<value>nobody</value> <value>nobody</value>
</property> </property>

View File

@ -59,9 +59,8 @@ public class LinuxContainerExecutor extends ContainerExecutor {
private LCEResourcesHandler resourcesHandler; private LCEResourcesHandler resourcesHandler;
private boolean containerSchedPriorityIsSet = false; private boolean containerSchedPriorityIsSet = false;
private int containerSchedPriorityAdjustment = 0; private int containerSchedPriorityAdjustment = 0;
private boolean containerLimitUsers = YarnConfiguration.DEFAULT_NM_NONSECURE_MODE_LIMIT_USERS; private boolean containerLimitUsers;
@Override @Override
public void setConf(Configuration conf) { public void setConf(Configuration conf) {
super.setConf(conf); super.setConf(conf);
@ -71,6 +70,7 @@ public class LinuxContainerExecutor extends ContainerExecutor {
conf.getClass(YarnConfiguration.NM_LINUX_CONTAINER_RESOURCES_HANDLER, conf.getClass(YarnConfiguration.NM_LINUX_CONTAINER_RESOURCES_HANDLER,
DefaultLCEResourcesHandler.class, LCEResourcesHandler.class), conf); DefaultLCEResourcesHandler.class, LCEResourcesHandler.class), conf);
resourcesHandler.setConf(conf); resourcesHandler.setConf(conf);
if (conf.get(YarnConfiguration.NM_CONTAINER_EXECUTOR_SCHED_PRIORITY) != null) { if (conf.get(YarnConfiguration.NM_CONTAINER_EXECUTOR_SCHED_PRIORITY) != null) {
containerSchedPriorityIsSet = true; containerSchedPriorityIsSet = true;
containerSchedPriorityAdjustment = conf containerSchedPriorityAdjustment = conf
@ -83,9 +83,13 @@ public class LinuxContainerExecutor extends ContainerExecutor {
nonsecureLocalUserPattern = Pattern.compile( nonsecureLocalUserPattern = Pattern.compile(
conf.get(YarnConfiguration.NM_NONSECURE_MODE_USER_PATTERN_KEY, conf.get(YarnConfiguration.NM_NONSECURE_MODE_USER_PATTERN_KEY,
YarnConfiguration.DEFAULT_NM_NONSECURE_MODE_USER_PATTERN)); YarnConfiguration.DEFAULT_NM_NONSECURE_MODE_USER_PATTERN));
containerLimitUsers=conf.getBoolean( containerLimitUsers = conf.getBoolean(
YarnConfiguration.NM_NONSECURE_MODE_LIMIT_USERS, YarnConfiguration.NM_NONSECURE_MODE_LIMIT_USERS,
YarnConfiguration.DEFAULT_NM_NONSECURE_MODE_LIMIT_USERS); YarnConfiguration.DEFAULT_NM_NONSECURE_MODE_LIMIT_USERS);
if (!containerLimitUsers) {
LOG.warn(YarnConfiguration.NM_NONSECURE_MODE_LIMIT_USERS +
": impersonation without authentication enabled");
}
} }
void verifyUsernamePattern(String user) { void verifyUsernamePattern(String user) {