Is you app code running within the container also being run within a UGI.doAs()
?
You can use the following in your code to create a UGI for the “actual” user
and run all the logic within that:
<code>
actualUserUGI = UserGroupInformation.createRemoteUser(System
.getenv(ApplicationConstants.Environment.USER.toString()));
</code>
Your other option is to try and get the LinuxContainerExecutor working on a
non-secure cluster ( not sure if that is trivial to do ).
— Hitesh
On Dec 11, 2014, at 12:04 PM, Tim Williams <[email protected]> wrote:
> I'm able to use the UGI.doAs(..) to launch a yarn app and, through the
> ResourceManager, both the ApplicationMaster and Containers are
> associated with the correct user. But the process on the node itself
> really runs as the yarn user. The problem is that the yarn app writes
> data to DFS and its being written as yarn, since that's what the real
> process is. This is an non-secure cluster. I've yet to stumble upon
> a solution that doesn't feel icky. What's the right way to achieve
> this?
>
> Thanks,
> --tim
