Home Explore Help
Register Sign In
apache
/
hadoop
mirror of https://github.com/apache/hadoop.git
2
0
Fork 1
Files Issues 0 Wiki
Browse Source

YARN-1640. Fixed manual failover of ResourceManagers to work correctly in secure clusters. Contributed by Xuan Gong.
svn merge --ignore-ancestry -c 1579510 ../../trunk/


git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2.4@1579512 13f79535-47bb-0310-9956-ffa450edef68

Vinod Kumar Vavilapalli 11 years ago
parent
d64a40dff2
commit
e56ebaeff5
2 changed files with 25 additions and 1 deletions
Split View Show Diff Stats
  1. 3 0
      hadoop-yarn-project/CHANGES.txt
  2. 22 1
      hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java

+ 3 - 0
hadoop-yarn-project/CHANGES.txt
View File 

@@ -467,6 +467,9 @@ Release 2.4.0 - UNRELEASED
 
     launched by AMs running on the same machine as the AM are correctly
 
     propagated. (Jian He via vinodkv)
 
 
+    YARN-1640. Fixed manual failover of ResourceManagers to work correctly in
 
+    secure clusters. (Xuan Gong via vinodkv)
 
+
 
 Release 2.3.1 - UNRELEASED
 
 
   INCOMPATIBLE CHANGES

+ 22 - 1
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java
View File 

@@ -21,6 +21,7 @@ package org.apache.hadoop.yarn.server.resourcemanager;
 
 import java.io.IOException;
 
 import java.io.InputStream;
 
 import java.net.InetSocketAddress;
 
+import java.security.PrivilegedExceptionAction;
 
 import java.util.List;
 
 import java.util.concurrent.BlockingQueue;
 
 import java.util.concurrent.LinkedBlockingQueue;
 
@@ -163,6 +164,8 @@ public class ResourceManager extends CompositeService implements Recoverable {
 
   /** End of Active services */
 
 
   private Configuration conf;
 
+
 
+  private UserGroupInformation rmLoginUGI;
 
   
   public ResourceManager() {
 
     super("ResourceManager");
 
@@ -233,6 +236,8 @@ public class ResourceManager extends CompositeService implements Recoverable {
 
 
     webAppAddress = WebAppUtils.getRMWebAppURLWithoutScheme(this.conf);
 
 
+    this.rmLoginUGI = UserGroupInformation.getCurrentUser();
 
+
 
     super.serviceInit(this.conf);
 
   }
 
   
@@ -859,7 +864,18 @@ public class ResourceManager extends CompositeService implements Recoverable {
 
     }
 
 
     LOG.info("Transitioning to active state");
 
-    startActiveServices();
 
+
 
+    // use rmLoginUGI to startActiveServices.
 
+    // in non-secure model, rmLoginUGI will be current UGI
 
+    // in secure model, rmLoginUGI will be LoginUser UGI
 
+    this.rmLoginUGI.doAs(new PrivilegedExceptionAction<Void>() {
 
+      @Override
 
+      public Void run() throws Exception {
 
+        startActiveServices();
 
+        return null;
 
+      }
 
+    });
 
+
 
     rmContext.setHAServiceState(HAServiceProtocol.HAServiceState.ACTIVE);
 
     LOG.info("Transitioned to active state");
 
   }
 
@@ -911,6 +927,11 @@ public class ResourceManager extends CompositeService implements Recoverable {
 
 	InetSocketAddress socAddr = getBindAddress(conf);
 
     SecurityUtil.login(this.conf, YarnConfiguration.RM_KEYTAB,
 
         YarnConfiguration.RM_PRINCIPAL, socAddr.getHostName());
 
+
 
+    // if security is enable, set rmLoginUGI as UGI of loginUser
 
+    if (UserGroupInformation.isSecurityEnabled()) {
 
+      this.rmLoginUGI = UserGroupInformation.getLoginUser();
 
+    }
 
   }
 
 
   @Override