Author: vinodkv
Date: Thu Mar 20 02:40:54 2014
New Revision: 1579511
URL: http://svn.apache.org/r1579511
Log:
YARN-1640. Fixed manual failover of ResourceManagers to work correctly in
secure clusters. Contributed by Xuan Gong.
svn merge --ignore-ancestry -c 1579510 ../../trunk/
Modified:
hadoop/common/branches/branch-2/hadoop-yarn-project/CHANGES.txt
hadoop/common/branches/branch-2/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java
Modified: hadoop/common/branches/branch-2/hadoop-yarn-project/CHANGES.txt
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-yarn-project/CHANGES.txt?rev=1579511&r1=1579510&r2=1579511&view=diff
==============================================================================
--- hadoop/common/branches/branch-2/hadoop-yarn-project/CHANGES.txt (original)
+++ hadoop/common/branches/branch-2/hadoop-yarn-project/CHANGES.txt Thu Mar 20
02:40:54 2014
@@ -505,6 +505,9 @@ Release 2.4.0 - UNRELEASED
launched by AMs running on the same machine as the AM are correctly
propagated. (Jian He via vinodkv)
+ YARN-1640. Fixed manual failover of ResourceManagers to work correctly in
+ secure clusters. (Xuan Gong via vinodkv)
+
Release 2.3.1 - UNRELEASED
INCOMPATIBLE CHANGES
Modified:
hadoop/common/branches/branch-2/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java?rev=1579511&r1=1579510&r2=1579511&view=diff
==============================================================================
---
hadoop/common/branches/branch-2/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java
(original)
+++
hadoop/common/branches/branch-2/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java
Thu Mar 20 02:40:54 2014
@@ -21,6 +21,7 @@ package org.apache.hadoop.yarn.server.re
import java.io.IOException;
import java.io.InputStream;
import java.net.InetSocketAddress;
+import java.security.PrivilegedExceptionAction;
import java.util.List;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue;
@@ -163,6 +164,8 @@ public class ResourceManager extends Com
/** End of Active services */
private Configuration conf;
+
+ private UserGroupInformation rmLoginUGI;
public ResourceManager() {
super("ResourceManager");
@@ -233,6 +236,8 @@ public class ResourceManager extends Com
webAppAddress = WebAppUtils.getRMWebAppURLWithoutScheme(this.conf);
+ this.rmLoginUGI = UserGroupInformation.getCurrentUser();
+
super.serviceInit(this.conf);
}
@@ -859,7 +864,18 @@ public class ResourceManager extends Com
}
LOG.info("Transitioning to active state");
- startActiveServices();
+
+ // use rmLoginUGI to startActiveServices.
+ // in non-secure model, rmLoginUGI will be current UGI
+ // in secure model, rmLoginUGI will be LoginUser UGI
+ this.rmLoginUGI.doAs(new PrivilegedExceptionAction<Void>() {
+ @Override
+ public Void run() throws Exception {
+ startActiveServices();
+ return null;
+ }
+ });
+
rmContext.setHAServiceState(HAServiceProtocol.HAServiceState.ACTIVE);
LOG.info("Transitioned to active state");
}
@@ -911,6 +927,11 @@ public class ResourceManager extends Com
InetSocketAddress socAddr = getBindAddress(conf);
SecurityUtil.login(this.conf, YarnConfiguration.RM_KEYTAB,
YarnConfiguration.RM_PRINCIPAL, socAddr.getHostName());
+
+ // if security is enable, set rmLoginUGI as UGI of loginUser
+ if (UserGroupInformation.isSecurityEnabled()) {
+ this.rmLoginUGI = UserGroupInformation.getLoginUser();
+ }
}
@Override
