SLIDER-995 Add option to declare that a keytab *must* exist when launching an app
Project: http://git-wip-us.apache.org/repos/asf/incubator-slider/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-slider/commit/ee6e5f69 Tree: http://git-wip-us.apache.org/repos/asf/incubator-slider/tree/ee6e5f69 Diff: http://git-wip-us.apache.org/repos/asf/incubator-slider/diff/ee6e5f69 Branch: refs/heads/develop Commit: ee6e5f69536a2cb38ae2b8b4f1e365dac7ef7a68 Parents: 10abc40 Author: Steve Loughran <[email protected]> Authored: Thu Nov 19 18:40:38 2015 +0000 Committer: Steve Loughran <[email protected]> Committed: Thu Nov 19 18:40:38 2015 +0000 ---------------------------------------------------------------------- slider-assembly/src/conf/slider-client.xml | 45 ++++++++++++++------ .../apache/slider/common/SliderXmlConfKeys.java | 2 + .../providers/AbstractProviderService.java | 12 +----- .../slideram/SliderAMClientProvider.java | 17 +++++--- .../slideram/SliderAMProviderService.java | 3 +- 5 files changed, 49 insertions(+), 30 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/ee6e5f69/slider-assembly/src/conf/slider-client.xml ---------------------------------------------------------------------- diff --git a/slider-assembly/src/conf/slider-client.xml b/slider-assembly/src/conf/slider-client.xml index 3a42bee..9c2e76d 100644 --- a/slider-assembly/src/conf/slider-client.xml +++ b/slider-assembly/src/conf/slider-client.xml @@ -22,14 +22,6 @@ --> <configuration> - <!-- - The recommended approach is to configure slider-env.sh and set HADOOP_CONF_DIR. - Otherwise, appropriate configurations from hdfs-site, yarn-site, can be dropped in this file - for Slider client to work. The following list is not an exhaustive list but the minimal config - needed to interact with a non-secure cluster. - --> - - <!-- <property> <name>slider.client.resource.origin</name> <value>conf/slider-client.xml</value> @@ -37,14 +29,41 @@ </property> <property> - <name>yarn.log-aggregation-enable</name> - <value>true</value> + <name>slider.security.protocol.acl</name> + <value>*</value> + <description>When security is enabled, set appropriate acl. Default value means allow everyone.</description> </property> <property> - <name>slider.security.protocol.acl</name> - <value>*</value> - <description>When security is enabled, set appropriate acl. Default value means allow everyone.</description> + <name>slider.yarn.queue</name> + <value/> + <description>the name of the YARN queue to use.</description> + </property> + + <property> + <name>slider.yarn.queue.priority</name> + <value>1</value> + <description>the priority of the application.</description> + </property> + + <property> + <name>slider.am.login.keytab.required</name> + <value>false</value> + <description>Declare that a keytab must be provided.</description> + </property> + + <!-- + The recommended approach is to configure slider-env.sh and set HADOOP_CONF_DIR. + Otherwise, appropriate configurations from hdfs-site, yarn-site, can be dropped in this file + for Slider client to work. The following list is not an exhaustive list but the minimal config + needed to interact with a non-secure cluster. + --> + + <!-- + + <property> + <name>yarn.log-aggregation-enable</name> + <value>true</value> </property> <property> http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/ee6e5f69/slider-core/src/main/java/org/apache/slider/common/SliderXmlConfKeys.java ---------------------------------------------------------------------- diff --git a/slider-core/src/main/java/org/apache/slider/common/SliderXmlConfKeys.java b/slider-core/src/main/java/org/apache/slider/common/SliderXmlConfKeys.java index 07214b2..26109a7 100644 --- a/slider-core/src/main/java/org/apache/slider/common/SliderXmlConfKeys.java +++ b/slider-core/src/main/java/org/apache/slider/common/SliderXmlConfKeys.java @@ -125,6 +125,8 @@ public interface SliderXmlConfKeys { "hadoop.http.filter.initializers"; String KEY_KEYSTORE_LOCATION = "ssl.server.keystore.location"; String KEY_AM_LOGIN_KEYTAB_NAME = "slider.am.login.keytab.name"; + /** Declare that a keytab must be provided */ + String KEY_AM_LOGIN_KEYTAB_REQUIRED = "slider.am.login.keytab.required"; String KEY_HDFS_KEYTAB_DIR = "slider.hdfs.keytab.dir"; String KEY_AM_KEYTAB_LOCAL_PATH = "slider.am.keytab.local.path"; String KEY_KEYTAB_PRINCIPAL = "slider.keytab.principal.name"; http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/ee6e5f69/slider-core/src/main/java/org/apache/slider/providers/AbstractProviderService.java ---------------------------------------------------------------------- diff --git a/slider-core/src/main/java/org/apache/slider/providers/AbstractProviderService.java b/slider-core/src/main/java/org/apache/slider/providers/AbstractProviderService.java index 7cba840..c701a55 100644 --- a/slider-core/src/main/java/org/apache/slider/providers/AbstractProviderService.java +++ b/slider-core/src/main/java/org/apache/slider/providers/AbstractProviderService.java @@ -81,7 +81,7 @@ public abstract class AbstractProviderService protected YarnRegistryViewForProviders yarnRegistry; protected QueueAccess queueAccess; - public AbstractProviderService(String name) { + protected AbstractProviderService(String name) { super(name); setStopIfNoChildServicesAtStartup(false); } @@ -343,12 +343,6 @@ public abstract class AbstractProviderService return details; } - - protected String getInfoAvoidingNull(ClusterDescription clusterDesc, String key) { - String value = clusterDesc.getInfo(key); - - return null == value ? "N/A" : value; - } @Override public void buildEndpointDetails(Map<String, String> details) { @@ -363,10 +357,8 @@ public abstract class AbstractProviderService if (!urls.isEmpty()) { details.put(endpoint.api, urls.get(0).toString()); } - } catch (InvalidRecordException ignored) { + } catch (InvalidRecordException | MalformedURLException ignored) { // Ignored - } catch (MalformedURLException ignored) { - // ignored } } http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/ee6e5f69/slider-core/src/main/java/org/apache/slider/providers/slideram/SliderAMClientProvider.java ---------------------------------------------------------------------- diff --git a/slider-core/src/main/java/org/apache/slider/providers/slideram/SliderAMClientProvider.java b/slider-core/src/main/java/org/apache/slider/providers/slideram/SliderAMClientProvider.java index 3be0f48..e5430f2 100644 --- a/slider-core/src/main/java/org/apache/slider/providers/slideram/SliderAMClientProvider.java +++ b/slider-core/src/main/java/org/apache/slider/providers/slideram/SliderAMClientProvider.java @@ -218,11 +218,12 @@ public class SliderAMClientProvider extends AbstractClientProvider * @param instanceDescription * @param providerResources * @throws IOException + * @throws BadConfigException if there's no keytab and it is explicitly required. */ protected void addKeytabResourceIfNecessary(SliderFileSystem fileSystem, AggregateConf instanceDescription, Map<String, LocalResource> providerResources) - throws IOException { + throws IOException, BadConfigException { if (UserGroupInformation.isSecurityEnabled()) { String keytabPathOnHost = instanceDescription.getAppConfOperations() .getComponent(SliderKeys.COMPONENT_AM).get( @@ -243,10 +244,16 @@ public class SliderAMClientProvider extends AbstractClientProvider providerResources.put(SliderKeys.KEYTAB_DIR + "/" + amKeytabName, keytabRes); } else { - log.warn("No keytab file was found at {}. The AM will be " - + "started without a kerberos authenticated identity. " - + "The application is therefore not guaranteed to remain " - + "operational beyond 24 hours.", keytabPath); + log.warn("No keytab file was found at {}.", keytabPath); + if (getConf().getBoolean(KEY_AM_LOGIN_KEYTAB_REQUIRED, false)) { + throw new BadConfigException("No keytab file was found at %s.", keytabPath); + + } else { + log.warn("The AM will be " + + "started without a kerberos authenticated identity. " + + "The application is therefore not guaranteed to remain " + + "operational beyond 24 hours."); + } } } } http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/ee6e5f69/slider-core/src/main/java/org/apache/slider/providers/slideram/SliderAMProviderService.java ---------------------------------------------------------------------- diff --git a/slider-core/src/main/java/org/apache/slider/providers/slideram/SliderAMProviderService.java b/slider-core/src/main/java/org/apache/slider/providers/slideram/SliderAMProviderService.java index cee7a97..e382058 100644 --- a/slider-core/src/main/java/org/apache/slider/providers/slideram/SliderAMProviderService.java +++ b/slider-core/src/main/java/org/apache/slider/providers/slideram/SliderAMProviderService.java @@ -88,12 +88,11 @@ public class SliderAMProviderService extends AbstractProviderService implements MapOperations resourceComponent, MapOperations appComponent, Path containerTmpDirPath) throws IOException, SliderException { - } @Override public List<ProviderRole> getRoles() { - return new ArrayList<ProviderRole>(0); + return new ArrayList<>(0); } @Override
