Repository: hadoop
Updated Branches:
refs/heads/branch-3.2 7b62c9684 -> 5399ff817
YARN-9002. Improve keytab loading for YARN Service.
Contributed by Gour Saha
(cherry picked from commit 2664248797365761089a86d5bd59aa9ac3ebcc28)
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/5399ff81
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/5399ff81
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/5399ff81
Branch: refs/heads/branch-3.2
Commit: 5399ff8177f87c0e92ade516523a9d5251a52e94
Parents: 7b62c96
Author: Eric Yang <[email protected]>
Authored: Sat Nov 10 01:52:19 2018 -0500
Committer: Eric Yang <[email protected]>
Committed: Sat Nov 10 01:54:59 2018 -0500
----------------------------------------------------------------------
.../yarn/service/client/ServiceClient.java | 38 ++++++++------------
.../exceptions/RestApiErrorMessages.java | 2 --
.../yarn/service/utils/ServiceApiUtil.java | 17 ---------
.../yarn/service/utils/TestServiceApiUtil.java | 25 +++----------
4 files changed, 19 insertions(+), 63 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/5399ff81/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/client/ServiceClient.java
----------------------------------------------------------------------
diff --git
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/client/ServiceClient.java
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/client/ServiceClient.java
index c71ed03..8724a87 100644
---
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/client/ServiceClient.java
+++
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/client/ServiceClient.java
@@ -1254,31 +1254,21 @@ public class ServiceClient extends AppAdminClient
implements SliderExitCodes,
throw new YarnException(e);
}
- if (keytabURI.getScheme() != null) {
- switch (keytabURI.getScheme()) {
- case "hdfs":
- Path keytabOnhdfs = new Path(keytabURI);
- if (!fileSystem.getFileSystem().exists(keytabOnhdfs)) {
- LOG.warn(service.getName() + "'s keytab (principalName = "
- + principalName + ") doesn't exist at: " + keytabOnhdfs);
- return;
- }
- LocalResource keytabRes = fileSystem.createAmResource(keytabOnhdfs,
- LocalResourceType.FILE);
- localResource.put(String.format(YarnServiceConstants.KEYTAB_LOCATION,
- service.getName()), keytabRes);
- LOG.info("Adding " + service.getName() + "'s keytab for "
- + "localization, uri = " + keytabOnhdfs);
- break;
- case "file":
- LOG.info("Using a keytab from localhost: " + keytabURI);
- break;
- default:
- LOG.warn("Unsupported keytab URI scheme " + keytabURI);
- break;
- }
+ if ("file".equals(keytabURI.getScheme())) {
+ LOG.info("Using a keytab from localhost: " + keytabURI);
} else {
- LOG.warn("Unsupported keytab URI scheme " + keytabURI);
+ Path keytabOnhdfs = new Path(keytabURI);
+ if (!fileSystem.getFileSystem().exists(keytabOnhdfs)) {
+ LOG.warn(service.getName() + "'s keytab (principalName = "
+ + principalName + ") doesn't exist at: " + keytabOnhdfs);
+ return;
+ }
+ LocalResource keytabRes = fileSystem.createAmResource(keytabOnhdfs,
+ LocalResourceType.FILE);
+ localResource.put(String.format(YarnServiceConstants.KEYTAB_LOCATION,
+ service.getName()), keytabRes);
+ LOG.info("Adding " + service.getName() + "'s keytab for "
+ + "localization, uri = " + keytabOnhdfs);
}
}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/5399ff81/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/exceptions/RestApiErrorMessages.java
----------------------------------------------------------------------
diff --git
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/exceptions/RestApiErrorMessages.java
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/exceptions/RestApiErrorMessages.java
index 8f831ee..57c6449 100644
---
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/exceptions/RestApiErrorMessages.java
+++
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/exceptions/RestApiErrorMessages.java
@@ -117,8 +117,6 @@ public interface RestApiErrorMessages {
+ "expression element name %s specified in placement policy of component
"
+ "%s. Expression element names should be a valid constraint name or an "
+ "expression name defined for this component only.";
- String ERROR_KEYTAB_URI_SCHEME_INVALID = "Unsupported keytab URI scheme: %s";
- String ERROR_KEYTAB_URI_INVALID = "Invalid keytab URI: %s";
String ERROR_COMP_INSTANCE_DOES_NOT_NEED_UPGRADE = "The component instance "
+
"(%s) does not need an upgrade.";
http://git-wip-us.apache.org/repos/asf/hadoop/blob/5399ff81/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/utils/ServiceApiUtil.java
----------------------------------------------------------------------
diff --git
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/utils/ServiceApiUtil.java
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/utils/ServiceApiUtil.java
index f055981..969ff8f 100644
---
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/utils/ServiceApiUtil.java
+++
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/utils/ServiceApiUtil.java
@@ -55,8 +55,6 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.IOException;
-import java.net.URI;
-import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
@@ -252,21 +250,6 @@ public class ServiceApiUtil {
kerberosPrincipal.getPrincipalName()));
}
}
- if (!StringUtils.isEmpty(kerberosPrincipal.getKeytab())) {
- try {
- // validate URI format
- URI keytabURI = new URI(kerberosPrincipal.getKeytab());
- if (keytabURI.getScheme() == null) {
- throw new IllegalArgumentException(String.format(
- RestApiErrorMessages.ERROR_KEYTAB_URI_SCHEME_INVALID,
- kerberosPrincipal.getKeytab()));
- }
- } catch (URISyntaxException e) {
- throw new IllegalArgumentException(
- String.format(RestApiErrorMessages.ERROR_KEYTAB_URI_INVALID,
- e.getLocalizedMessage()));
- }
- }
}
private static void validateDockerClientConfiguration(Service service,
http://git-wip-us.apache.org/repos/asf/hadoop/blob/5399ff81/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/test/java/org/apache/hadoop/yarn/service/utils/TestServiceApiUtil.java
----------------------------------------------------------------------
diff --git
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/test/java/org/apache/hadoop/yarn/service/utils/TestServiceApiUtil.java
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/test/java/org/apache/hadoop/yarn/service/utils/TestServiceApiUtil.java
index 4940f8b..2bf59b8 100644
---
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/test/java/org/apache/hadoop/yarn/service/utils/TestServiceApiUtil.java
+++
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/test/java/org/apache/hadoop/yarn/service/utils/TestServiceApiUtil.java
@@ -49,7 +49,6 @@ import static
org.apache.hadoop.yarn.service.conf.RestApiConstants.DEFAULT_UNLIM
import static org.apache.hadoop.yarn.service.exceptions.RestApiErrorMessages.*;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
/**
* Test for ServiceApiUtil helper methods.
@@ -593,33 +592,19 @@ public class TestServiceApiUtil extends ServiceTestUtils {
SliderFileSystem sfs = ServiceTestUtils.initMockFs();
Service app = createValidApplication("comp-a");
KerberosPrincipal kp = new KerberosPrincipal();
- kp.setKeytab("/some/path");
+ kp.setKeytab("file:///tmp/a.keytab");
kp.setPrincipalName("user/[email protected]");
app.setKerberosPrincipal(kp);
+ // This should succeed
try {
ServiceApiUtil.validateKerberosPrincipal(app.getKerberosPrincipal());
- Assert.fail(EXCEPTION_PREFIX + "service with invalid keytab URI scheme");
- } catch (IllegalArgumentException e) {
- assertEquals(
- String.format(RestApiErrorMessages.ERROR_KEYTAB_URI_SCHEME_INVALID,
- kp.getKeytab()),
- e.getMessage());
- }
-
- kp.setKeytab("/ blank / in / paths");
- try {
- ServiceApiUtil.validateKerberosPrincipal(app.getKerberosPrincipal());
- Assert.fail(EXCEPTION_PREFIX + "service with invalid keytab");
} catch (IllegalArgumentException e) {
- // strip out the %s at the end of the RestApiErrorMessages string
constant
- assertTrue(e.getMessage().contains(
- RestApiErrorMessages.ERROR_KEYTAB_URI_INVALID.substring(0,
- RestApiErrorMessages.ERROR_KEYTAB_URI_INVALID.length() - 2)));
+ Assert.fail(NO_EXCEPTION_PREFIX + e.getMessage());
}
- kp.setKeytab("file:///tmp/a.keytab");
- // now it should succeed
+ // Keytab with no URI scheme should succeed too
+ kp.setKeytab("/some/path");
try {
ServiceApiUtil.validateKerberosPrincipal(app.getKerberosPrincipal());
} catch (IllegalArgumentException e) {
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]