|
@@ -21,6 +21,7 @@ package org.apache.hadoop.yarn.server.resourcemanager;
|
|
|
import java.io.IOException;
|
|
import java.io.IOException;
|
|
|
import java.io.InputStream;
|
|
import java.io.InputStream;
|
|
|
import java.net.InetSocketAddress;
|
|
import java.net.InetSocketAddress;
|
|
|
|
|
+import java.security.PrivilegedExceptionAction;
|
|
|
import java.util.List;
|
|
import java.util.List;
|
|
|
import java.util.concurrent.BlockingQueue;
|
|
import java.util.concurrent.BlockingQueue;
|
|
|
import java.util.concurrent.LinkedBlockingQueue;
|
|
import java.util.concurrent.LinkedBlockingQueue;
|
|
@@ -163,6 +164,8 @@ public class ResourceManager extends CompositeService implements Recoverable {
|
|
|
/** End of Active services */
|
|
/** End of Active services */
|
|
|
|
|
|
|
|
private Configuration conf;
|
|
private Configuration conf;
|
|
|
|
|
+
|
|
|
|
|
+ private UserGroupInformation rmLoginUGI;
|
|
|
|
|
|
|
|
public ResourceManager() {
|
|
public ResourceManager() {
|
|
|
super("ResourceManager");
|
|
super("ResourceManager");
|
|
@@ -233,6 +236,8 @@ public class ResourceManager extends CompositeService implements Recoverable {
|
|
|
|
|
|
|
|
webAppAddress = WebAppUtils.getRMWebAppURLWithoutScheme(this.conf);
|
|
webAppAddress = WebAppUtils.getRMWebAppURLWithoutScheme(this.conf);
|
|
|
|
|
|
|
|
|
|
+ this.rmLoginUGI = UserGroupInformation.getCurrentUser();
|
|
|
|
|
+
|
|
|
super.serviceInit(this.conf);
|
|
super.serviceInit(this.conf);
|
|
|
}
|
|
}
|
|
|
|
|
|
|
@@ -859,7 +864,18 @@ public class ResourceManager extends CompositeService implements Recoverable {
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
LOG.info("Transitioning to active state");
|
|
LOG.info("Transitioning to active state");
|
|
|
- startActiveServices();
|
|
|
|
|
|
|
+
|
|
|
|
|
+ // use rmLoginUGI to startActiveServices.
|
|
|
|
|
+ // in non-secure model, rmLoginUGI will be current UGI
|
|
|
|
|
+ // in secure model, rmLoginUGI will be LoginUser UGI
|
|
|
|
|
+ this.rmLoginUGI.doAs(new PrivilegedExceptionAction<Void>() {
|
|
|
|
|
+ @Override
|
|
|
|
|
+ public Void run() throws Exception {
|
|
|
|
|
+ startActiveServices();
|
|
|
|
|
+ return null;
|
|
|
|
|
+ }
|
|
|
|
|
+ });
|
|
|
|
|
+
|
|
|
rmContext.setHAServiceState(HAServiceProtocol.HAServiceState.ACTIVE);
|
|
rmContext.setHAServiceState(HAServiceProtocol.HAServiceState.ACTIVE);
|
|
|
LOG.info("Transitioned to active state");
|
|
LOG.info("Transitioned to active state");
|
|
|
}
|
|
}
|
|
@@ -911,6 +927,11 @@ public class ResourceManager extends CompositeService implements Recoverable {
|
|
|
InetSocketAddress socAddr = getBindAddress(conf);
|
|
InetSocketAddress socAddr = getBindAddress(conf);
|
|
|
SecurityUtil.login(this.conf, YarnConfiguration.RM_KEYTAB,
|
|
SecurityUtil.login(this.conf, YarnConfiguration.RM_KEYTAB,
|
|
|
YarnConfiguration.RM_PRINCIPAL, socAddr.getHostName());
|
|
YarnConfiguration.RM_PRINCIPAL, socAddr.getHostName());
|
|
|
|
|
+
|
|
|
|
|
+ // if security is enable, set rmLoginUGI as UGI of loginUser
|
|
|
|
|
+ if (UserGroupInformation.isSecurityEnabled()) {
|
|
|
|
|
+ this.rmLoginUGI = UserGroupInformation.getLoginUser();
|
|
|
|
|
+ }
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
@Override
|
|
@Override
|
Vinod Kumar Vavilapalli