YARN-9002. Improve keytab loading for YARN Service. Contributed by Gour Saha
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/26642487 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/26642487 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/26642487 Branch: refs/heads/YARN-7402 Commit: 2664248797365761089a86d5bd59aa9ac3ebcc28 Parents: 298d250 Author: Eric Yang <ey...@apache.org> Authored: Sat Nov 10 01:52:19 2018 -0500 Committer: Eric Yang <ey...@apache.org> Committed: Sat Nov 10 01:52:19 2018 -0500 ---------------------------------------------------------------------- .../yarn/service/client/ServiceClient.java | 38 ++++++++------------ .../exceptions/RestApiErrorMessages.java | 2 -- .../yarn/service/utils/ServiceApiUtil.java | 17 --------- .../yarn/service/utils/TestServiceApiUtil.java | 25 +++---------- 4 files changed, 19 insertions(+), 63 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/26642487/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/client/ServiceClient.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/client/ServiceClient.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/client/ServiceClient.java index 91d6367..1158e44 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/client/ServiceClient.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/client/ServiceClient.java @@ -1392,31 +1392,21 @@ public class ServiceClient extends AppAdminClient implements SliderExitCodes, throw new YarnException(e); } - if (keytabURI.getScheme() != null) { - switch (keytabURI.getScheme()) { - case "hdfs": - Path keytabOnhdfs = new Path(keytabURI); - if (!fileSystem.getFileSystem().exists(keytabOnhdfs)) { - LOG.warn(service.getName() + "'s keytab (principalName = " - + principalName + ") doesn't exist at: " + keytabOnhdfs); - return; - } - LocalResource keytabRes = fileSystem.createAmResource(keytabOnhdfs, - LocalResourceType.FILE); - localResource.put(String.format(YarnServiceConstants.KEYTAB_LOCATION, - service.getName()), keytabRes); - LOG.info("Adding " + service.getName() + "'s keytab for " - + "localization, uri = " + keytabOnhdfs); - break; - case "file": - LOG.info("Using a keytab from localhost: " + keytabURI); - break; - default: - LOG.warn("Unsupported keytab URI scheme " + keytabURI); - break; - } + if ("file".equals(keytabURI.getScheme())) { + LOG.info("Using a keytab from localhost: " + keytabURI); } else { - LOG.warn("Unsupported keytab URI scheme " + keytabURI); + Path keytabOnhdfs = new Path(keytabURI); + if (!fileSystem.getFileSystem().exists(keytabOnhdfs)) { + LOG.warn(service.getName() + "'s keytab (principalName = " + + principalName + ") doesn't exist at: " + keytabOnhdfs); + return; + } + LocalResource keytabRes = fileSystem.createAmResource(keytabOnhdfs, + LocalResourceType.FILE); + localResource.put(String.format(YarnServiceConstants.KEYTAB_LOCATION, + service.getName()), keytabRes); + LOG.info("Adding " + service.getName() + "'s keytab for " + + "localization, uri = " + keytabOnhdfs); } } http://git-wip-us.apache.org/repos/asf/hadoop/blob/26642487/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/exceptions/RestApiErrorMessages.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/exceptions/RestApiErrorMessages.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/exceptions/RestApiErrorMessages.java index 8f831ee..57c6449 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/exceptions/RestApiErrorMessages.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/exceptions/RestApiErrorMessages.java @@ -117,8 +117,6 @@ public interface RestApiErrorMessages { + "expression element name %s specified in placement policy of component " + "%s. Expression element names should be a valid constraint name or an " + "expression name defined for this component only."; - String ERROR_KEYTAB_URI_SCHEME_INVALID = "Unsupported keytab URI scheme: %s"; - String ERROR_KEYTAB_URI_INVALID = "Invalid keytab URI: %s"; String ERROR_COMP_INSTANCE_DOES_NOT_NEED_UPGRADE = "The component instance " + "(%s) does not need an upgrade."; http://git-wip-us.apache.org/repos/asf/hadoop/blob/26642487/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/utils/ServiceApiUtil.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/utils/ServiceApiUtil.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/utils/ServiceApiUtil.java index b57e632..27e8caf 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/utils/ServiceApiUtil.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/utils/ServiceApiUtil.java @@ -56,8 +56,6 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.IOException; -import java.net.URI; -import java.net.URISyntaxException; import java.util.ArrayList; import java.util.Collection; import java.util.HashSet; @@ -256,21 +254,6 @@ public class ServiceApiUtil { kerberosPrincipal.getPrincipalName())); } } - if (!StringUtils.isEmpty(kerberosPrincipal.getKeytab())) { - try { - // validate URI format - URI keytabURI = new URI(kerberosPrincipal.getKeytab()); - if (keytabURI.getScheme() == null) { - throw new IllegalArgumentException(String.format( - RestApiErrorMessages.ERROR_KEYTAB_URI_SCHEME_INVALID, - kerberosPrincipal.getKeytab())); - } - } catch (URISyntaxException e) { - throw new IllegalArgumentException( - String.format(RestApiErrorMessages.ERROR_KEYTAB_URI_INVALID, - e.getLocalizedMessage())); - } - } } private static void validateDockerClientConfiguration(Service service, http://git-wip-us.apache.org/repos/asf/hadoop/blob/26642487/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/test/java/org/apache/hadoop/yarn/service/utils/TestServiceApiUtil.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/test/java/org/apache/hadoop/yarn/service/utils/TestServiceApiUtil.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/test/java/org/apache/hadoop/yarn/service/utils/TestServiceApiUtil.java index 4940f8b..2bf59b8 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/test/java/org/apache/hadoop/yarn/service/utils/TestServiceApiUtil.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/test/java/org/apache/hadoop/yarn/service/utils/TestServiceApiUtil.java @@ -49,7 +49,6 @@ import static org.apache.hadoop.yarn.service.conf.RestApiConstants.DEFAULT_UNLIM import static org.apache.hadoop.yarn.service.exceptions.RestApiErrorMessages.*; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertTrue; /** * Test for ServiceApiUtil helper methods. @@ -593,33 +592,19 @@ public class TestServiceApiUtil extends ServiceTestUtils { SliderFileSystem sfs = ServiceTestUtils.initMockFs(); Service app = createValidApplication("comp-a"); KerberosPrincipal kp = new KerberosPrincipal(); - kp.setKeytab("/some/path"); + kp.setKeytab("file:///tmp/a.keytab"); kp.setPrincipalName("user/_h...@domain.com"); app.setKerberosPrincipal(kp); + // This should succeed try { ServiceApiUtil.validateKerberosPrincipal(app.getKerberosPrincipal()); - Assert.fail(EXCEPTION_PREFIX + "service with invalid keytab URI scheme"); - } catch (IllegalArgumentException e) { - assertEquals( - String.format(RestApiErrorMessages.ERROR_KEYTAB_URI_SCHEME_INVALID, - kp.getKeytab()), - e.getMessage()); - } - - kp.setKeytab("/ blank / in / paths"); - try { - ServiceApiUtil.validateKerberosPrincipal(app.getKerberosPrincipal()); - Assert.fail(EXCEPTION_PREFIX + "service with invalid keytab"); } catch (IllegalArgumentException e) { - // strip out the %s at the end of the RestApiErrorMessages string constant - assertTrue(e.getMessage().contains( - RestApiErrorMessages.ERROR_KEYTAB_URI_INVALID.substring(0, - RestApiErrorMessages.ERROR_KEYTAB_URI_INVALID.length() - 2))); + Assert.fail(NO_EXCEPTION_PREFIX + e.getMessage()); } - kp.setKeytab("file:///tmp/a.keytab"); - // now it should succeed + // Keytab with no URI scheme should succeed too + kp.setKeytab("/some/path"); try { ServiceApiUtil.validateKerberosPrincipal(app.getKerberosPrincipal()); } catch (IllegalArgumentException e) { --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org