[
https://issues.apache.org/jira/browse/OOZIE-2909?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16153688#comment-16153688
]
Peter Cseh commented on OOZIE-2909:
-----------------------------------
Biggest changes:
# # We're getting tokens for JHS and RM
# We're only creating a remote user in LauncherAM
# We're removing the AM_RM_TOKEN before executing customer code (this prevents
the user from requesting new containers for example)
> LauncherAM: rewrite UGI calls
> -----------------------------
>
> Key: OOZIE-2909
> URL: https://issues.apache.org/jira/browse/OOZIE-2909
> Project: Oozie
> Issue Type: Sub-task
> Reporter: Peter Bacsko
> Assignee: Peter Cseh
> Priority: Blocker
> Attachments: OOZIE-2909-001.patch, OOZIE-2909-002.patch
>
>
> There are two problems in LauncherAM:
> 1) In a kerberized cluster, we have to use {{UGI.getLoginUser()}} even though
> a call to {{createRemoteUser()}} should be enough, just like in
> {{MRAppMaster.java}}. Reference code:
> https://github.com/apache/hadoop/blob/3ed3062fe3979ff55a411b730a8eee2b2c96d6b3/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/MRAppMaster.java#L1718-L1726
> 2) It's enough if we wrap the whole LauncherAM logic in a single {{doAs()}}
> call. No need for multiple {{doAs()}}, just makes the whole thing more
> complicated.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
