YARN-9254. Add support for storing application catalog data to HDFS. Contributed by Eric Yang

This commit is contained in:
Billie Rinaldi 2019-04-19 10:29:57 -07:00
parent aeadb9432f
commit 317fcbabe3
2 changed files with 91 additions and 13 deletions

View File

@ -1,4 +1,4 @@
#!/bin/bash #!/bin/bash -x
# Licensed to the Apache Software Foundation (ASF) under one or more # Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with # contributor license agreements. See the NOTICE file distributed with
@ -32,25 +32,49 @@ template_generator() {
export JAVA_HOME=/usr/lib/jvm/jre export JAVA_HOME=/usr/lib/jvm/jre
export HADOOP_CONF_DIR=/etc/hadoop/conf export HADOOP_CONF_DIR=/etc/hadoop/conf
/opt/apache/solr/bin/solr start -p 8983 -force
SOLR_OPTS=()
if [ "${SOLR_STORAGE_TYPE}" == "hdfs" ]; then
SOLR_OPTS+=("-Dsolr.directoryFactory=HdfsDirectoryFactory")
SOLR_OPTS+=("-Dsolr.lock.type=hdfs")
if [ -e "$HADOOP_CONF_DIR" ]; then
SOLR_OPTS+=("-Dsolr.hdfs.confdir=${HADOOP_CONF_DIR}")
fi
fi
if [ "${SOLR_DATA_DIR}" != "" ]; then
SOLR_OPTS+=("-Dsolr.data.dir=$SOLR_DATA_DIR")
fi
if [ -e "$KEYTAB" ]; then
SOLR_OPTS+=("-Dsolr.hdfs.security.kerberos.enabled=true")
SOLR_OPTS+=("-Dsolr.hdfs.security.kerberos.keytabfile=${KEYTAB}")
SOLR_OPTS+=("-Dsolr.hdfs.security.kerberos.principal=${PRINCIPAL}")
export JAVA_OPTS="$JAVA_OPTS -Djava.security.auth.login.config=/etc/tomcat/jaas.config -Djava.security.krb5.conf=/etc/krb5.conf -Djavax.security.auth.useSubjectCredsOnly=false"
template_generator /etc/tomcat/jaas.config.template /etc/tomcat/jaas.config
fi
export SOLR_OPTS
/opt/apache/solr/bin/solr start "${SOLR_OPTS[@]}" -p 8983 -force
/opt/apache/solr/bin/solr create_core -c appcatalog -force /opt/apache/solr/bin/solr create_core -c appcatalog -force
/opt/apache/solr/bin/post -c appcatalog /tmp/samples.xml /opt/apache/solr/bin/post -c appcatalog /tmp/samples.xml
if [ -d /etc/hadoop/conf ]; then if [ -d /etc/hadoop/conf ]; then
sed -i.bak 's/shared.loader=.*$/shared.loader=\/etc\/hadoop\/conf/g' /etc/tomcat/catalina.properties sed -i.bak 's/shared.loader=.*$/shared.loader=\/etc\/hadoop\/conf/g' /etc/tomcat/catalina.properties
fi fi
if [ -e "$KEYTAB" ]; then
export JAVA_OPTS="$JAVA_OPTS -Djava.security.auth.login.config=/etc/tomcat/jaas.config -Djava.security.krb5.conf=/etc/krb5.conf -Djavax.security.auth.useSubjectCredsOnly=false"
template_generator /etc/tomcat/jaas.config.template /etc/tomcat/jaas.config
fi
if [ -e "$SPNEGO_KEYTAB" ]; then if [ -e "$SPNEGO_KEYTAB" ]; then
sed -i.bak 's/authentication.type=.*$/authentication.type=kerberos/g' /etc/tomcat/catalina.properties sed -i.bak 's/authentication.type=.*$/authentication.type=kerberos/g' /etc/tomcat/catalina.properties
sed -i.bak 's/simple.anonymous.allowed=.*$/simple.anonymous.allowed=false/g' /etc/tomcat/catalina.properties sed -i.bak 's/simple.anonymous.allowed=.*$/simple.anonymous.allowed=false/g' /etc/tomcat/catalina.properties
{
if [ -z "$SPNEGO_PRINCIPAL" ]; then if [ -z "$SPNEGO_PRINCIPAL" ]; then
echo "kerberos.principal=HTTP/$HOSTNAME" >> /etc/tomcat/catalina.properties echo "kerberos.principal=HTTP/$HOSTNAME"
else else
echo "kerberos.principal=$SPNEGO_PRINCIPAL" >> /etc/tomcat/catalina.properties echo "kerberos.principal=$SPNEGO_PRINCIPAL"
fi fi
echo "kerberos.keytab=$SPNEGO_KEYTAB" >> /etc/tomcat/catalina.properties echo "kerberos.keytab=$SPNEGO_KEYTAB"
echo "hostname=$HOSTNAME" >> /etc/tomcat/catalina.properties echo "hostname=$HOSTNAME"
} >> /etc/tomcat/catalina.properties
fi fi
/usr/libexec/tomcat/server start /usr/libexec/tomcat/server start

View File

@ -188,6 +188,60 @@ For secure cluster, Kerberos settings for application catalog can be configured
| KEYTAB | /etc/security/keytabs/yarn.service.ketab | Path to keytab file, used by YARN service application master. | | KEYTAB | /etc/security/keytabs/yarn.service.ketab | Path to keytab file, used by YARN service application master. |
| PRINCIPAL | yarn/_HOST@EXAMPLE.COM | Service principal used by YARN service application master. | | PRINCIPAL | yarn/_HOST@EXAMPLE.COM | Service principal used by YARN service application master. |
Application Catalog environment options:
| Environment variables | Description |
| KEYTAB | Service user keytab file for accessing HDFS. |
| PRINCIPAL | Service user Kerboers principal. |
| SOLR_DATA_DIR | Location to store Solr data. |
| SOLR_STORAGE_TYPE | Storage type for Solr data, supported type are: hdfs, local |
| SPNEGO_KEYTAB | Location of the keytab file used for authenticating HTTP endpoint. |
| SPNEGO_PRINCIPAL | The Kerberos principal to be used for HTTP endpoint. The principal MUST start with 'HTTP'/ as per Kerberos HTTP SPNEGO specification. |
Secure application catalog Yarnfile example:
```
{
"name": "catalog",
"kerberos_principal" : {
"principal_name" : "catalog/_HOST@EXAMPLE.COM",
"keytab" : "file:///etc/security/keytabs/catalog.service.keytab"
},
"version": "1",
"components" :
[
{
"name": "appcatalog",
"number_of_containers": 1,
"artifact": {
"id": "apache/hadoop-yarn-applications-catalog-docker:3.3.0-SNAPSHOT",
"type": "DOCKER"
},
"resource": {
"cpus": 1,
"memory": "256"
},
"configuration": {
"env": {
"YARN_CONTAINER_RUNTIME_DOCKER_RUN_OVERRIDE_DISABLE":"true",
"YARN_CONTAINER_RUNTIME_DOCKER_MOUNTS":"/etc/hadoop/conf:/etc/hadoop/conf:ro,/etc/krb5.conf:/etc/krb5.conf:ro,/etc/security/keytabs/catalog.service.keytab:/etc/security/keytabs/hbase.service.keytab:ro,/etc/security/keytabs/spnego.service.keytab:/etc/security/keytabs/spnego.service.keytab:ro",
"SPNEGO_KEYTAB":"/etc/security/keytabs/spnego.service.keytab",
"SPNEGO_PRINCIPAL":"HTTP/host-3.example.com@EXAMPLE.COM",
"KEYTAB":"/etc/security/keytabs/catalog.service.keytab",
"PRINCIPAL":"catalog/host3.example.com@EXAMPLE.COM",
"SOLR_DATA_DIR":"hdfs://host-1.example.com:9000/tmp/solr",
"SOLR_UPDATE_LOG":"hdfs://host-1.example.com:9000/tmp/solr",
"SOLR_STORAGE_TYPE":"hdfs"
},
"properties": {
"docker.network": "host"
}
}
}
]
}
```
## Docker image ENTRYPOINT support ## Docker image ENTRYPOINT support
Docker images may have built with ENTRYPOINT to enable start up of docker image without any parameters. Docker images may have built with ENTRYPOINT to enable start up of docker image without any parameters.