From e3fae2578555cd508210fa7d42f07f92344b968e Mon Sep 17 00:00:00 2001 From: Vinod Kumar Vavilapalli Date: Wed, 21 May 2014 23:20:40 +0000 Subject: [PATCH] YARN-1938. Added kerberos login for the Timeline Server. Contributed by Zhijie Shen. svn merge --ignore-ancestry -c 1596710 ../../trunk/ git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1596711 13f79535-47bb-0310-9956-ffa450edef68 --- hadoop-yarn-project/CHANGES.txt | 3 ++ .../hadoop/yarn/conf/YarnConfiguration.java | 8 +++++ .../src/main/resources/yarn-default.xml | 12 +++++++ .../ApplicationHistoryServer.java | 34 +++++++++++++++++-- 4 files changed, 54 insertions(+), 3 deletions(-) diff --git a/hadoop-yarn-project/CHANGES.txt b/hadoop-yarn-project/CHANGES.txt index e80ee7e2e19..1d3582d95b0 100644 --- a/hadoop-yarn-project/CHANGES.txt +++ b/hadoop-yarn-project/CHANGES.txt @@ -70,6 +70,9 @@ Release 2.5.0 - UNRELEASED YARN-1981. Nodemanager version is not updated when a node reconnects (Jason Lowe via jeagles) + YARN-1938. Added kerberos login for the Timeline Server. (Zhijie Shen via + vinodkv) + OPTIMIZATIONS BUG FIXES diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java index fe3c1e11517..e25a941f970 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java @@ -1196,6 +1196,14 @@ public class YarnConfiguration extends Configuration { public static final long DEFAULT_TIMELINE_SERVICE_LEVELDB_TTL_INTERVAL_MS = 1000 * 60 * 5; + /** The Kerberos principal for the timeline server.*/ + public static final String TIMELINE_SERVICE_PRINCIPAL = + TIMELINE_SERVICE_PREFIX + "principal"; + + /** The Kerberos keytab for the timeline server.*/ + public static final String TIMELINE_SERVICE_KEYTAB = + TIMELINE_SERVICE_PREFIX + "keytab"; + //////////////////////////////// // Other Configs //////////////////////////////// diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml index 9aaeea09d98..a528095cfbc 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml @@ -1194,6 +1194,18 @@ 10 + + The Kerberos principal for the timeline server. + yarn.timeline-service.principal + + + + + The Kerberos keytab for the timeline server. + yarn.timeline-service.keytab + /etc/krb5.keytab + + Indicate to ResourceManager as well as clients whether history-service is enabled or not. If enabled, ResourceManager starts diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/applicationhistoryservice/ApplicationHistoryServer.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/applicationhistoryservice/ApplicationHistoryServer.java index 731ae14319d..9f98834f7ce 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/applicationhistoryservice/ApplicationHistoryServer.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/applicationhistoryservice/ApplicationHistoryServer.java @@ -18,12 +18,16 @@ package org.apache.hadoop.yarn.server.applicationhistoryservice; +import java.io.IOException; +import java.net.InetSocketAddress; + import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.classification.InterfaceAudience.Private; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.metrics2.lib.DefaultMetricsSystem; import org.apache.hadoop.metrics2.source.JvmMetrics; +import org.apache.hadoop.security.SecurityUtil; import org.apache.hadoop.service.CompositeService; import org.apache.hadoop.service.Service; import org.apache.hadoop.util.ExitUtil; @@ -33,8 +37,8 @@ import org.apache.hadoop.util.StringUtils; import org.apache.hadoop.yarn.YarnUncaughtExceptionHandler; import org.apache.hadoop.yarn.conf.YarnConfiguration; import org.apache.hadoop.yarn.exceptions.YarnRuntimeException; -import org.apache.hadoop.yarn.server.applicationhistoryservice.timeline.TimelineStore; import org.apache.hadoop.yarn.server.applicationhistoryservice.timeline.LeveldbTimelineStore; +import org.apache.hadoop.yarn.server.applicationhistoryservice.timeline.TimelineStore; import org.apache.hadoop.yarn.server.applicationhistoryservice.webapp.AHSWebApp; import org.apache.hadoop.yarn.webapp.WebApp; import org.apache.hadoop.yarn.webapp.WebApps; @@ -69,13 +73,19 @@ public class ApplicationHistoryServer extends CompositeService { addService((Service) historyManager); timelineStore = createTimelineStore(conf); addIfService(timelineStore); + + DefaultMetricsSystem.initialize("ApplicationHistoryServer"); + JvmMetrics.initSingleton("ApplicationHistoryServer", null); super.serviceInit(conf); } @Override protected void serviceStart() throws Exception { - DefaultMetricsSystem.initialize("ApplicationHistoryServer"); - JvmMetrics.initSingleton("ApplicationHistoryServer", null); + try { + doSecureLogin(getConfig()); + } catch(IOException ie) { + throw new YarnRuntimeException("Failed to login", ie); + } startWebApp(); super.serviceStart(); @@ -177,4 +187,22 @@ public class ApplicationHistoryServer extends CompositeService { public TimelineStore getTimelineStore() { return timelineStore; } + + private void doSecureLogin(Configuration conf) throws IOException { + InetSocketAddress socAddr = getBindAddress(conf); + SecurityUtil.login(conf, YarnConfiguration.TIMELINE_SERVICE_KEYTAB, + YarnConfiguration.TIMELINE_SERVICE_PRINCIPAL, socAddr.getHostName()); + } + + /** + * Retrieve the timeline server bind address from configuration + * + * @param conf + * @return InetSocketAddress + */ + private static InetSocketAddress getBindAddress(Configuration conf) { + return conf.getSocketAddr(YarnConfiguration.TIMELINE_SERVICE_ADDRESS, + YarnConfiguration.DEFAULT_TIMELINE_SERVICE_ADDRESS, + YarnConfiguration.DEFAULT_TIMELINE_SERVICE_PORT); + } }