Repository: hive Updated Branches: refs/heads/master 3330403a7 -> a18e77281
HIVE-16777. LLAP: Use separate tokens and UGI instances when an external client is used. (Siddharth Seth, reviewed by Sergey Shelukhin) Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/a18e7728 Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/a18e7728 Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/a18e7728 Branch: refs/heads/master Commit: a18e7728144d525d14bb8e1d407d251c98cad956 Parents: 3330403 Author: Siddharth Seth <ss...@apache.org> Authored: Sat May 27 10:26:30 2017 -0700 Committer: Siddharth Seth <ss...@apache.org> Committed: Sat May 27 10:26:30 2017 -0700 ---------------------------------------------------------------------- .../hadoop/hive/llap/daemon/impl/QueryInfo.java | 2 ++ .../hive/llap/daemon/impl/TaskRunnerCallable.java | 14 +++++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/a18e7728/llap-server/src/java/org/apache/hadoop/hive/llap/daemon/impl/QueryInfo.java ---------------------------------------------------------------------- diff --git a/llap-server/src/java/org/apache/hadoop/hive/llap/daemon/impl/QueryInfo.java b/llap-server/src/java/org/apache/hadoop/hive/llap/daemon/impl/QueryInfo.java index a6d9d54..6c891c9 100644 --- a/llap-server/src/java/org/apache/hadoop/hive/llap/daemon/impl/QueryInfo.java +++ b/llap-server/src/java/org/apache/hadoop/hive/llap/daemon/impl/QueryInfo.java @@ -99,6 +99,8 @@ public class QueryInfo { final InetSocketAddress address = NetUtils.createSocketAddrForHost(amNodeId.getHostname(), amNodeId.getPort()); SecurityUtil.setTokenService(appToken, address); + // TODO Caching this and re-using across submissions breaks AM recovery, since the + // new AM may run on a different host/port. } public QueryIdentifier getQueryIdentifier() { http://git-wip-us.apache.org/repos/asf/hive/blob/a18e7728/llap-server/src/java/org/apache/hadoop/hive/llap/daemon/impl/TaskRunnerCallable.java ---------------------------------------------------------------------- diff --git a/llap-server/src/java/org/apache/hadoop/hive/llap/daemon/impl/TaskRunnerCallable.java b/llap-server/src/java/org/apache/hadoop/hive/llap/daemon/impl/TaskRunnerCallable.java index 7d7fd23..ceca1ad 100644 --- a/llap-server/src/java/org/apache/hadoop/hive/llap/daemon/impl/TaskRunnerCallable.java +++ b/llap-server/src/java/org/apache/hadoop/hive/llap/daemon/impl/TaskRunnerCallable.java @@ -41,6 +41,7 @@ import org.apache.hadoop.hive.ql.io.IOContextMap; import org.apache.hadoop.ipc.RPC; import org.apache.hadoop.net.NetUtils; import org.apache.hadoop.security.Credentials; +import org.apache.hadoop.security.SecurityUtil; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.token.Token; import org.apache.hadoop.yarn.api.records.ApplicationId; @@ -219,7 +220,18 @@ public class TaskRunnerCallable extends CallableWithNdc<TaskRunner2Result> { TezCommonUtils.convertJobTokenToBytes(jobToken)); Multimap<String, String> startedInputsMap = createStartedInputMap(vertex); - final UserGroupInformation taskOwner = fragmentInfo.getQueryInfo().getUmbilicalUgi(); + final UserGroupInformation taskOwner; + if (!vertex.getIsExternalSubmission()) { + taskOwner = fragmentInfo.getQueryInfo().getUmbilicalUgi(); + } else { + // Temporary, till the external interface makes use of a single connection per + // instance. + taskOwner = UserGroupInformation.createRemoteUser(vertex.getTokenIdentifier()); + taskOwner.addToken(jobToken); + final InetSocketAddress address = + NetUtils.createSocketAddrForHost(request.getAmHost(), request.getAmPort()); + SecurityUtil.setTokenService(jobToken, address); + } if (LOG.isDebugEnabled()) { LOG.debug("taskOwner hashCode:" + taskOwner.hashCode()); }